Profiles search
Syed Ahmed
GRC Analyst | CISA | Security+
Franklin Square, NY, United States
Details
Education:
Baruch College
2006 : 2011
2006 : 2011
Experience:
•Work with a variety of Information Security teams to develop routine to moderately complex reports/metrics
•Communicate information to targeted audiences with high degree of accuracy in a timely manner.
•Develop and communicate responses for routine to moderately complex requests to provide evidence that appropriate controls and mitigations exist supporting the enterprise information security program.
•Educate all areas of the company, including field, subsidiary and global offices on security issues/concerns to ensure proper information security is adhered to
•Set and communicate expectations around meeting company information security policies and standards
• Performed cybersecurity risk advisory services working with a variety of regulatory requirements such as ISO 27001, PCI-DSS, SOX IT General Controls, SOC 1, SOC 2, GLBA, HIPAA, NIST CSF and NIST 800-53
• Evaluate the design and operating effectiveness of controls, as they apply to the regulatory, legal and
contractual requirements impacting financial institutions including GLBA, SOX, FFIEC, NYDFS and PCI
•Act as a resource for all business areas for questions regarding policy and standard questions
2020 : Present
Principal Financial Group
Information Security Analyst II
• Performed Internal security control assessments based on the internal control frameworks.
• Review all A&A documentation, including SSP, RA, CP. SAR and IRP etc.
• Drafted and updated templates used for SSP’s, SAR’s, E- Authentication, Risk Assessments, BIA’s and CP’s in support of process maturation.
• Wrote a comprehensive report detailing audit findings and remediation recommendations in Plan of Action and Milestone (POA&M)
• Performed risk and control assessments for all (Critical-Low) risk third-party service providers to evaluate effectiveness of control systems using SIG lite questionnaire.
• Reviewed key reporting to validate accuracy and identify discrepancies and gaps.
• Reported risk assessment results, including VRM metrics to internal senior management and the service prover and recommended remediation actions.
• Track and Monitor remediation activities with vendor and internal teams.
• Maintain compliance documentation to support ISO 27001, SOC, HIPPA, PCI and similar compliance requirements are met.
• Manage relationships with the IT, Information Security, and other stake holders. Manage the relationship between the internal stakeholders and external auditors.
• Reviewed key reporting to validate accuracy and identify discrepancies and gaps
• Sustain and improve the enterprise information security risk management framework, policy, processes, and tools.
• Work proactively with the IT compliance function regarding key information security risk considerations.
2018 : 2021
NEA Solutuions
GRC Analyst
• Monitor and analyze logs and alerts from a variety of different technologies across multiple platforms to identify and migrate security incidents affecting clients.
• Document and Created Incident task Via Ticketing Systems for ongoing services while updating task upon resolution.
• Assess the security impact of security alerts and traffic anomalies to be able to gather a broad view of the overall risk profile of the enterprise.
• Analyze potential cyber threats from a variety of intakes taking appropriate response actions to include threat containment and/or escalation.
• Utilize a variety of security tools and technologies to analyze potential threats to determine impact, scope, and recovery.
• Create artifacts highlighting findings from user activities and provide notification to initial point of contact so that end user privacy is protected.
• Analyze incoming traffic from external IP addresses to evaluate whether the source of the threat is malicious.
• Create a sandbox to mimic user activity and determine the level of impact on the enterprise.
2017 : 2021
NEA Solutions
Security Operations Center Analyst
2018 : 2020
Con Edison
System Analyst
• Installation, maintenance, end-user support, and customer service for Networks, desktops,
• laptops using Windows 7 and Windows 10, and the typical range of ancillary IT systems and
• utilities.
• assist in the support, diagnosis and configuring of computer equipment.
• Using HP Service Management Ticketing system for all communication records for over 600
• users with in the Central Engineering Department
• Image, install, and support Engineering and workstations, laptops, tablets
• support and administer Central Engineering document and drawing management systems
• Maintain up-to-date inventory of all workstations, laptops, tablets, printers, plotters, and
• peripheral equipment throughout Central Engineering using Computer Cost Central (CCC), and
• Active Directory.
• evaluate current systems and applications to provide input in upgrades and enhancements based
• on new industry standards.
• Application Support on AutoCad, Adept, and various engineering drawing tools
• Migrated all users in Department to windows 10 from windows 7
• Ensured all users were up to date with all security compliance across Central Engineering
• Ensured users were up to date on all application and security patches per Corporate IT standards
• Hosted monthly IT forums along with Security Compliance Presentations within Central
• Engineering
• Utilized Bomgar and Remote Desktop Connection to remote into users machine
2017 : 2018
Con Edison
System Analyst
•Communicate information to targeted audiences with high degree of accuracy in a timely manner.
•Develop and communicate responses for routine to moderately complex requests to provide evidence that appropriate controls and mitigations exist supporting the enterprise information security program.
•Educate all areas of the company, including field, subsidiary and global offices on security issues/concerns to ensure proper information security is adhered to
•Set and communicate expectations around meeting company information security policies and standards
• Performed cybersecurity risk advisory services working with a variety of regulatory requirements such as ISO 27001, PCI-DSS, SOX IT General Controls, SOC 1, SOC 2, GLBA, HIPAA, NIST CSF and NIST 800-53
• Evaluate the design and operating effectiveness of controls, as they apply to the regulatory, legal and
contractual requirements impacting financial institutions including GLBA, SOX, FFIEC, NYDFS and PCI
•Act as a resource for all business areas for questions regarding policy and standard questions
2020 : Present
Principal Financial Group
Information Security Analyst II
• Performed Internal security control assessments based on the internal control frameworks.
• Review all A&A documentation, including SSP, RA, CP. SAR and IRP etc.
• Drafted and updated templates used for SSP’s, SAR’s, E- Authentication, Risk Assessments, BIA’s and CP’s in support of process maturation.
• Wrote a comprehensive report detailing audit findings and remediation recommendations in Plan of Action and Milestone (POA&M)
• Performed risk and control assessments for all (Critical-Low) risk third-party service providers to evaluate effectiveness of control systems using SIG lite questionnaire.
• Reviewed key reporting to validate accuracy and identify discrepancies and gaps.
• Reported risk assessment results, including VRM metrics to internal senior management and the service prover and recommended remediation actions.
• Track and Monitor remediation activities with vendor and internal teams.
• Maintain compliance documentation to support ISO 27001, SOC, HIPPA, PCI and similar compliance requirements are met.
• Manage relationships with the IT, Information Security, and other stake holders. Manage the relationship between the internal stakeholders and external auditors.
• Reviewed key reporting to validate accuracy and identify discrepancies and gaps
• Sustain and improve the enterprise information security risk management framework, policy, processes, and tools.
• Work proactively with the IT compliance function regarding key information security risk considerations.
2018 : 2021
NEA Solutuions
GRC Analyst
• Monitor and analyze logs and alerts from a variety of different technologies across multiple platforms to identify and migrate security incidents affecting clients.
• Document and Created Incident task Via Ticketing Systems for ongoing services while updating task upon resolution.
• Assess the security impact of security alerts and traffic anomalies to be able to gather a broad view of the overall risk profile of the enterprise.
• Analyze potential cyber threats from a variety of intakes taking appropriate response actions to include threat containment and/or escalation.
• Utilize a variety of security tools and technologies to analyze potential threats to determine impact, scope, and recovery.
• Create artifacts highlighting findings from user activities and provide notification to initial point of contact so that end user privacy is protected.
• Analyze incoming traffic from external IP addresses to evaluate whether the source of the threat is malicious.
• Create a sandbox to mimic user activity and determine the level of impact on the enterprise.
2017 : 2021
NEA Solutions
Security Operations Center Analyst
2018 : 2020
Con Edison
System Analyst
• Installation, maintenance, end-user support, and customer service for Networks, desktops,
• laptops using Windows 7 and Windows 10, and the typical range of ancillary IT systems and
• utilities.
• assist in the support, diagnosis and configuring of computer equipment.
• Using HP Service Management Ticketing system for all communication records for over 600
• users with in the Central Engineering Department
• Image, install, and support Engineering and workstations, laptops, tablets
• support and administer Central Engineering document and drawing management systems
• Maintain up-to-date inventory of all workstations, laptops, tablets, printers, plotters, and
• peripheral equipment throughout Central Engineering using Computer Cost Central (CCC), and
• Active Directory.
• evaluate current systems and applications to provide input in upgrades and enhancements based
• on new industry standards.
• Application Support on AutoCad, Adept, and various engineering drawing tools
• Migrated all users in Department to windows 10 from windows 7
• Ensured all users were up to date with all security compliance across Central Engineering
• Ensured users were up to date on all application and security patches per Corporate IT standards
• Hosted monthly IT forums along with Security Compliance Presentations within Central
• Engineering
• Utilized Bomgar and Remote Desktop Connection to remote into users machine
2017 : 2018
Con Edison
System Analyst
Company:
Principal Financial Group
Years of Experience:
10
Skills
Administration, Application Security, Connectivity, Cyber, Desktop Computers, Escalation, Infrastructure, IT Service Management, Risk Management, Security Information and Event Management (SIEM), Security Operations Center, Service Desk, Troubleshooting
About
A result oriented IT professional with over 5 years as a dedicated Cyber Security Professional and 10+ years of Information Technology Experience.
Expertise in creating and managing all aspects of Governance, Risk and Compliance which include Third Party Risk, Due Diligence, Incident Response Plans, Risk Assessments, Security and Awareness Training, and Security Certifications (ISO 27001 and SOC 2)
Proficient in conducting security assessments and creating reports from different security standards such as ISO 27001,SOC 2 Type 1 and Type 2,HIPAA, FFIEC, NIST CSF, NIST 800-53 Rev 4 and 5, & FedRAMP
Expertise in managing proactive and reactive Security Operations Center using SIEM tools, vulnerability scanners, IDS/IPS, open source tools, and sandbox environment.
Profile Photo
