Profiles search
Tina Burgess
Information Security Consultant-COV-VITA
Moseley, VA, United States
Details
Experience:
Reports directly to the ISO for VITA assisting security program support to 11 agencies for state clients participating in the ISO Security Service. Training of new Information Security Officers in the following areas : applying SEC 501 controls to ensure agency compliance; training in risk assessment work; working with vendors for compliance documentation; assistance scripting policies, procedures, system security plans. Assisting agencies in audit preparation, remediation, and responses.
Comprehensive knowledge of VITA policies, and procedures. Responsible for reviewing Business Impact Analysis and Risk Assessments for state agencies. Conducts Risk Assessments ensuring adherence to the COV SEC 501 and SEC 525 IT Security Controls. Use of NIST IT Security Standard Frameworks. FAIR Quantitative Analysis for Risk Assessments.
Ability to apply risk management frameworks to implement security recommendations to protection of Commonwealth of Virginia’s assets. Demonstrated ability to work independently and collaboratively with internal teams and external clients. Ability to translate technical data pulled from Archer to assimilate against agency risk reviews. Ability to ensure resolution against key agency stakeholders.
Working together with several agencies on VITA initiatives including the FAIR Quantitative Work Committee. Leadership Development Program and participate in the Including Affinity U Group for women.
2020 : Present
Commonwealth of Virginia
Information Security Consultant
Dominion Energy Cyber Security IT Risk Management. Protecting the company's assets by providing internal controls and monitoring for cyber security purposes using the Access Revocation application based on the NERC Regulation Federal standards (specific to the Power Generation Industry). Partnering with all business lines for best results ensuring to be audit ready. Work to create relationships which support the business and overall company compliance success.
IT Audit Preparation & Remediation to identify and prevent security breaches and mitigate risk.
Experience in NERC CIP audit preparation and evidence collection.
Ensuring all cyber access revocation tasks for NERC assets are removed within Compliance of the NERC Regulation standard of 24 hours.
Acted as senior advisor for capital projects ($100K) including budgeting and staffing needs, projects lasting more than 12 months. Senior advisor to management to aide in decision making for resources on capital projects and analysis.
Ensuring internal controls are providing removal tasks to internal groups and tasks are completed within NERC Regulation standards.
Ensuring all quarterly and annual training tasks are completed by users who have NERC Cyber Access.
Partnering with internal departments to create and maintain internal cyber controls.
Administrator of the Access Revocation Application used to track NERC and SOX access to applications. o Quarterly reviews of internal user access.
o Setting up new Assets and Sub assets to track access for users
o Tracking and Reporting data within the Access Revocation Application for audit review and control purposes
Administrator of the Learning Management System (LMS)
o Annual NERC Training Assignments for 25,000 sensitive access employees
Ensuring all content is updated annually, following the review process with program managers. Working with LMS technical teams to ensure content has the latest NERC CIP Requirements.
2017 : 2020
Dominion Energy
Senior Cyber Security Analyst - Dominion Energy
2016 : 2020
Dominion Energy
Senior Cyber Security Analyst-Compliance
Comprehensive knowledge of VITA policies, and procedures. Responsible for reviewing Business Impact Analysis and Risk Assessments for state agencies. Conducts Risk Assessments ensuring adherence to the COV SEC 501 and SEC 525 IT Security Controls. Use of NIST IT Security Standard Frameworks. FAIR Quantitative Analysis for Risk Assessments.
Ability to apply risk management frameworks to implement security recommendations to protection of Commonwealth of Virginia’s assets. Demonstrated ability to work independently and collaboratively with internal teams and external clients. Ability to translate technical data pulled from Archer to assimilate against agency risk reviews. Ability to ensure resolution against key agency stakeholders.
Working together with several agencies on VITA initiatives including the FAIR Quantitative Work Committee. Leadership Development Program and participate in the Including Affinity U Group for women.
2020 : Present
Commonwealth of Virginia
Information Security Consultant
Dominion Energy Cyber Security IT Risk Management. Protecting the company's assets by providing internal controls and monitoring for cyber security purposes using the Access Revocation application based on the NERC Regulation Federal standards (specific to the Power Generation Industry). Partnering with all business lines for best results ensuring to be audit ready. Work to create relationships which support the business and overall company compliance success.
IT Audit Preparation & Remediation to identify and prevent security breaches and mitigate risk.
Experience in NERC CIP audit preparation and evidence collection.
Ensuring all cyber access revocation tasks for NERC assets are removed within Compliance of the NERC Regulation standard of 24 hours.
Acted as senior advisor for capital projects ($100K) including budgeting and staffing needs, projects lasting more than 12 months. Senior advisor to management to aide in decision making for resources on capital projects and analysis.
Ensuring internal controls are providing removal tasks to internal groups and tasks are completed within NERC Regulation standards.
Ensuring all quarterly and annual training tasks are completed by users who have NERC Cyber Access.
Partnering with internal departments to create and maintain internal cyber controls.
Administrator of the Access Revocation Application used to track NERC and SOX access to applications. o Quarterly reviews of internal user access.
o Setting up new Assets and Sub assets to track access for users
o Tracking and Reporting data within the Access Revocation Application for audit review and control purposes
Administrator of the Learning Management System (LMS)
o Annual NERC Training Assignments for 25,000 sensitive access employees
Ensuring all content is updated annually, following the review process with program managers. Working with LMS technical teams to ensure content has the latest NERC CIP Requirements.
2017 : 2020
Dominion Energy
Senior Cyber Security Analyst - Dominion Energy
2016 : 2020
Dominion Energy
Senior Cyber Security Analyst-Compliance
Company:
Commonwealth of Virginia
About
Information Security Risk Analyst-Consultant for the Commonwealth of Virginia inter Virginia ITAgency. Provide guidance for state agencies to ensure compliance with SEC-501, SEC-525
Profile Photo
