Profiles search
Troy F.
Senior Information Security Engineer
United States
Details
Education:
Master's Degree
Cyber Security
University of Maryland University College
2012 : 2014
Bachelor's Degree
Cyber Security
University of Maryland University College
2010 : 2012
Bachelor's Degree
English Language and Literature, General
University of Maryland University College
2007 : 2010
Cyber Security
University of Maryland University College
2012 : 2014
Bachelor's Degree
Cyber Security
University of Maryland University College
2010 : 2012
Bachelor's Degree
English Language and Literature, General
University of Maryland University College
2007 : 2010
Experience:
2017 : Present
Lenovo
Information Security and Risk Analyst
Supported the NIST CSF and 800-53 r4 program and lifecycle implementation and governance documentation. Assist in the selection and implementation of NIST 800-53 r4 controls. Achieved program/project objectives by contributing information and recommendations to strategic plans and reviews. Provided planning support for NIST control processes and procedures. Documented requirements for NIST controls and processes. Supported and/or led complex security controls assessments of enterprise systems, services, and programs. Worked closely with program governance and stakeholders to achieve consensus and drive governance. Partnered with technical ECS security teams to achieve program goals. Defined key metrics and data elements to track compliance with, and effectiveness of, identified controls.
2015 : 2017
Veritude
Senior Technical Risk Analyst
Managed IT Governance, Risk Management, and Compliance efforts in support of the management’s Global IT Security program. Assisted internal global IT and business partners to identify and manage information security risks as a member of the Information Technology Risk and Security Group. Reviewed documentation for standards compliance and worked with Subject Matter Experts (SMEs) to maintain documentation. Assisted in the documentation of control narratives, as well as the preparation of scorecards for reporting on IT compliance and governance. Additionally, tracked and reported the status of company IT SOX controls. Identified security risks and exposures by participating in security reviews and evaluations. Supported SSAE16 audit process from inception to issuance of reports for the technology organization.
2014 : 2015
MetLife
IT Risk and Security Analyst
Implemented and configured new security infrastructures, conducting all administrative processes required to evaluate and eliminate security vulnerabilities. Established and integrated security policies to enforce and manage user access, improve enterprise security, and mitigate threats to internal and external networks.Supported Federal Reserve Board (FRB) security assessments in accordance with NIST 800-53 information assurance family of controls and FISMA guidelines. Supported AT&T Networx OSS security authorization and accreditation/certification and accreditation processes. Assisted with completing security assessment reviews of networks and applications; examined and revised existing system security analyses; developed Information Assurance solutions and risk mitigation strategies. Applied knowledge of Federal, DoD, and industry information security requirements, standards, and best practices to align administrative initiatives to requirements network, application, and security-related issues.
2013 : 2014
AT&T
Information Security Analyst
Assisted in the development and maintenance of system security and contingency plans. Participated in risk assessments to periodically reevaluate sensitivity of the system, risks, and mitigation strategies. Assisted with maintaining Plans of Actions and Milestones (POA&Ms) and provided timely updates on their status. Collaborated on the development of new/updated processes, creation of templates, implementation of tools, and other initiatives to improve the client’s risk management process.
2011 : 2013
JReller Technologies
Junior Information Security Analyst
Lenovo
Information Security and Risk Analyst
Supported the NIST CSF and 800-53 r4 program and lifecycle implementation and governance documentation. Assist in the selection and implementation of NIST 800-53 r4 controls. Achieved program/project objectives by contributing information and recommendations to strategic plans and reviews. Provided planning support for NIST control processes and procedures. Documented requirements for NIST controls and processes. Supported and/or led complex security controls assessments of enterprise systems, services, and programs. Worked closely with program governance and stakeholders to achieve consensus and drive governance. Partnered with technical ECS security teams to achieve program goals. Defined key metrics and data elements to track compliance with, and effectiveness of, identified controls.
2015 : 2017
Veritude
Senior Technical Risk Analyst
Managed IT Governance, Risk Management, and Compliance efforts in support of the management’s Global IT Security program. Assisted internal global IT and business partners to identify and manage information security risks as a member of the Information Technology Risk and Security Group. Reviewed documentation for standards compliance and worked with Subject Matter Experts (SMEs) to maintain documentation. Assisted in the documentation of control narratives, as well as the preparation of scorecards for reporting on IT compliance and governance. Additionally, tracked and reported the status of company IT SOX controls. Identified security risks and exposures by participating in security reviews and evaluations. Supported SSAE16 audit process from inception to issuance of reports for the technology organization.
2014 : 2015
MetLife
IT Risk and Security Analyst
Implemented and configured new security infrastructures, conducting all administrative processes required to evaluate and eliminate security vulnerabilities. Established and integrated security policies to enforce and manage user access, improve enterprise security, and mitigate threats to internal and external networks.Supported Federal Reserve Board (FRB) security assessments in accordance with NIST 800-53 information assurance family of controls and FISMA guidelines. Supported AT&T Networx OSS security authorization and accreditation/certification and accreditation processes. Assisted with completing security assessment reviews of networks and applications; examined and revised existing system security analyses; developed Information Assurance solutions and risk mitigation strategies. Applied knowledge of Federal, DoD, and industry information security requirements, standards, and best practices to align administrative initiatives to requirements network, application, and security-related issues.
2013 : 2014
AT&T
Information Security Analyst
Assisted in the development and maintenance of system security and contingency plans. Participated in risk assessments to periodically reevaluate sensitivity of the system, risks, and mitigation strategies. Assisted with maintaining Plans of Actions and Milestones (POA&Ms) and provided timely updates on their status. Collaborated on the development of new/updated processes, creation of templates, implementation of tools, and other initiatives to improve the client’s risk management process.
2011 : 2013
JReller Technologies
Junior Information Security Analyst
Company:
Lenovo
Years of Experience:
13
About
IT professional with experience in conducting security assessment reviews/certification and accreditation of government and commercial information systems/ensuring organizational policies are compliant with the National Institute of Standards and Technology (NIST) framework.
Profile Photo
