Profiles search
Shawn Burden
IT Cybersecurity Specialist Centers for Disease Control and Prevention (CDC)
Atlanta, GA, United States
Details
Experience:
2022 : Present
Centers for Disease Control and Prevention
IT Cybersecurity Specialist
• Provide subject matter expertise, guidance, and assessment services to identify and manage risks associated with third-party service providers
• Ensures that these third-party service providers have controls that are adequately designed, implemented or remediated to meet Aaron’s control requirements and SOX, HIPAA, PCI, and internal policy compliance expectations
• Perform duties covering the full-span of vendor life-cycle include but not limited to : data gathering to establish a centralized Vendor Inventory across Aaron’s enterprise, determine and categorize vendor service types, conduct vendor service risk profile for risk rating, assess vendor’s control environment for compliance with privacy and security requirements, report assessment results and ensure risk remediation/acceptance, and on-going monitoring of vendors providing high-risk services to manage potential exposure of Aaron’s data and security breaches
• Provides consultancy services to business and project teams evaluating new vendor services and/or introducing new technologies to Aaron’s environments.
• Collaborates with team members to continuously improve VRM tools and processes to meet department objectives, applying creative solutions to address issues with people, processes, and technologies.
• Supports development, implementation, and maintenance of vendor risk and compliance documentation and procedures.
• Plans and manages assigned program work streams to their conclusion, providing regular status updates, communicating with key stakeholders and partners, identifying issues and manage to resolution, and ensuring quality deliverables
• Collects, analyzes, and reports performance metrics using company software and reporting tools
• Develop executive reports and deliver presentation to executives and leaders
• Demonstrates knowledge and experience with auditing techniques and remediation strategies, with ability to clearly document assessment results, and conclusions drawn
2017 : 2018
Zyston LLC -(Consultant - Aaron's Inc.)
Senior Information Technology Security Engineer
• Performed IT Security Risk Assessment/Audits for The Home Depot 3rd Party vendors, internal applications/software, products, and services to identify and prioritize risk to assist the business in achieving compliance
• Conducted interviews with appropriate personnel such as architects, application managers and developers to understand the product purpose, functionality and data elements being processed, transmitted, and stored in the information systems
• Completed and reviewed IT Security Risk Assessment questionnaires to understand the overall IT Security posture of applications and operations in security areas such as Governance, Application, Platform, Network, Identity Access Management, Data, and Threat Detection and Response
• Collected, reviewed and validated necessary documentation in support of security assessments/audits such as IT Security Systems Plans/Standards, Disaster Recovery Plans, Network and Security Architectural Diagrams and Incident Response Plans
• Engineered operational and security solutions to mitigate risk and provide strategies to improve the security posture of internal processes and environments
• Ensured all risk/audit findings were documented in eGRC Archer tool and closed in a timely manner; communicated findings to senior leadership team for action and closure
• Monitored risk and compliance with information security policies and procedures, referring problems to the appropriate department managers
• Worked with Project Managers and appropriate business teams in the process of identifying, qualifying and prospecting leads for 3rd Party vendor selection; works closely with project management to ensure project prioritization and delivery
• Identify opportunities for business process enhancement and tools to enforce data protection. Partner with IT to evaluate, select and deploy a strategic solution to proactively monitor & prevent data loss
2016 : 2017
Syntel
Senior Information Security Engineer (Consultant -The Home Depot)
• Security Assessment and Authorization formerly Certification and Accreditation (C&A) Subject Matter Expert delivering SA&A support activities for Centers for Disease Control and Prevention (CDC)
• Deliverables include System Security Plans, Risk Assessments, Contingency/Disaster Recovery Plans, training plans and audits, various policies and procedures, and project timelines
• Developed SA&A deliverables schedule and work with customer to coordinate documentation review, updates, and final delivery
• Routinely documented procedures, processes, and current security state as part of the organization’s ongoing continuous improvement activities
• Heavily involved in security accreditation testing, POAM remediation oversight and weekly status reporting
• Interviewed subject matter experts to become familiar with existing procedures and solicit from them information required to develop robust documentation and reports
• Drafted complex technical documentation based off of interviews with numerous project stakeholders
• Performed risk assessments, incident response planning, and analytical support for the drafting of multiple security policies, plans, and other relevant documents to ensure accreditation packets are complete
• Assessed security controls in accordance with federal requirements and perform continuous monitoring-related activities for current, related and future plans
2016 : 2016
Laulima Government Solutions (Consultant - CDC)
Senior Information Technology Security Analyst
• Identified and assess the security practice of 95+ countries operations
• Understand market and cultural pressures affecting security in each country
• Maintained a catalog of security capabilities for each country's operation
• Developed plans for executing a security strategy in each market
• Progressively mature countries security operations to meet security control standards
• Provided consultancy on security related issues
2013 : 2016
BCD Travel
Sr. Information Security Analyst
Centers for Disease Control and Prevention
IT Cybersecurity Specialist
• Provide subject matter expertise, guidance, and assessment services to identify and manage risks associated with third-party service providers
• Ensures that these third-party service providers have controls that are adequately designed, implemented or remediated to meet Aaron’s control requirements and SOX, HIPAA, PCI, and internal policy compliance expectations
• Perform duties covering the full-span of vendor life-cycle include but not limited to : data gathering to establish a centralized Vendor Inventory across Aaron’s enterprise, determine and categorize vendor service types, conduct vendor service risk profile for risk rating, assess vendor’s control environment for compliance with privacy and security requirements, report assessment results and ensure risk remediation/acceptance, and on-going monitoring of vendors providing high-risk services to manage potential exposure of Aaron’s data and security breaches
• Provides consultancy services to business and project teams evaluating new vendor services and/or introducing new technologies to Aaron’s environments.
• Collaborates with team members to continuously improve VRM tools and processes to meet department objectives, applying creative solutions to address issues with people, processes, and technologies.
• Supports development, implementation, and maintenance of vendor risk and compliance documentation and procedures.
• Plans and manages assigned program work streams to their conclusion, providing regular status updates, communicating with key stakeholders and partners, identifying issues and manage to resolution, and ensuring quality deliverables
• Collects, analyzes, and reports performance metrics using company software and reporting tools
• Develop executive reports and deliver presentation to executives and leaders
• Demonstrates knowledge and experience with auditing techniques and remediation strategies, with ability to clearly document assessment results, and conclusions drawn
2017 : 2018
Zyston LLC -(Consultant - Aaron's Inc.)
Senior Information Technology Security Engineer
• Performed IT Security Risk Assessment/Audits for The Home Depot 3rd Party vendors, internal applications/software, products, and services to identify and prioritize risk to assist the business in achieving compliance
• Conducted interviews with appropriate personnel such as architects, application managers and developers to understand the product purpose, functionality and data elements being processed, transmitted, and stored in the information systems
• Completed and reviewed IT Security Risk Assessment questionnaires to understand the overall IT Security posture of applications and operations in security areas such as Governance, Application, Platform, Network, Identity Access Management, Data, and Threat Detection and Response
• Collected, reviewed and validated necessary documentation in support of security assessments/audits such as IT Security Systems Plans/Standards, Disaster Recovery Plans, Network and Security Architectural Diagrams and Incident Response Plans
• Engineered operational and security solutions to mitigate risk and provide strategies to improve the security posture of internal processes and environments
• Ensured all risk/audit findings were documented in eGRC Archer tool and closed in a timely manner; communicated findings to senior leadership team for action and closure
• Monitored risk and compliance with information security policies and procedures, referring problems to the appropriate department managers
• Worked with Project Managers and appropriate business teams in the process of identifying, qualifying and prospecting leads for 3rd Party vendor selection; works closely with project management to ensure project prioritization and delivery
• Identify opportunities for business process enhancement and tools to enforce data protection. Partner with IT to evaluate, select and deploy a strategic solution to proactively monitor & prevent data loss
2016 : 2017
Syntel
Senior Information Security Engineer (Consultant -The Home Depot)
• Security Assessment and Authorization formerly Certification and Accreditation (C&A) Subject Matter Expert delivering SA&A support activities for Centers for Disease Control and Prevention (CDC)
• Deliverables include System Security Plans, Risk Assessments, Contingency/Disaster Recovery Plans, training plans and audits, various policies and procedures, and project timelines
• Developed SA&A deliverables schedule and work with customer to coordinate documentation review, updates, and final delivery
• Routinely documented procedures, processes, and current security state as part of the organization’s ongoing continuous improvement activities
• Heavily involved in security accreditation testing, POAM remediation oversight and weekly status reporting
• Interviewed subject matter experts to become familiar with existing procedures and solicit from them information required to develop robust documentation and reports
• Drafted complex technical documentation based off of interviews with numerous project stakeholders
• Performed risk assessments, incident response planning, and analytical support for the drafting of multiple security policies, plans, and other relevant documents to ensure accreditation packets are complete
• Assessed security controls in accordance with federal requirements and perform continuous monitoring-related activities for current, related and future plans
2016 : 2016
Laulima Government Solutions (Consultant - CDC)
Senior Information Technology Security Analyst
• Identified and assess the security practice of 95+ countries operations
• Understand market and cultural pressures affecting security in each country
• Maintained a catalog of security capabilities for each country's operation
• Developed plans for executing a security strategy in each market
• Progressively mature countries security operations to meet security control standards
• Provided consultancy on security related issues
2013 : 2016
BCD Travel
Sr. Information Security Analyst
Company:
Centers for Disease Control and Prevention
About
Experienced Senior Information Security Engineer with a demonstrated history of working in the financial, travel & tourism, retail and federal government industries. Skilled in Information technology Strategic Security, Compliance, Governance and Risk Management. Strong information technology professional with a Bachelors focused in Computer Science & Computer Engineering from Savannah State University.
Profile Photo
