Security Information
Resume:
KAREN ALDINI
*** **** **. *** ******, IA ***** Cell Phone: 515-***-****
ac6xgu@r.postjobfree.com
SUMMARY OF QUALIFICATIONS
Many years’ experience in Information Technology (IT). Expertise includes Archer, vendor risk management, technical risk and security assessments, metrics/reporting.
Additional skills include:
Vendor Management
Security Risk Assessments
Vendor Risk Assessments
Security Policy Development
Customer Interfacing
Key Risk Indicators (KRI)
Key Performance Indicators (KPI)
Proficient with NIST, FISMA ISO and HIPPA
Analyze security incident and data reporting such as Penetration, Vulnerability testing. SAE16 reporting, SOC1,SOC2 reports
Account provisioning and de-provisioning
SharePoint Experience
Review of patches of Network/Platform
Work closely with internal and external auditors and customers on security related requests.
Prepare and analyze security incident and event data reporting.
Insurance Agent – Medicare Supplement
Medicare, Medicaid & Private Insurance claims
Access Management
Data Loss Prevention (DLP)
PROFESSIONAL EXPERIENCE
Wells Fargo – Des Moines, Iowa Jan – 2018 – Current (Contractor)
●Quality Assurance and Requirements Analyst
Governance of individual products and the vulnerability data associated with the infrastructure area of the Enterprise.
Responsibilities include engaging with the individual engineering teams when vulnerabilities have been detected in Connectivity related assets ensuring the team is aware a vulnerability has been detected and that they are creating remediation plans to address those vulnerabilities.
Farm Bureau - Des Moines, Iowa June - 2017 -Dec- 2017 (Contractor)
Access Management
Processes user access control change requests, such as adding, modifying, and deleting user and group accounts within
AD platform and various clinical and business applications.
Access recertification reviews to prevent unauthorized access to data and maintain proper security levels.
Provides a broad level of support to customers to identify, troubleshoot, and resolve user access-related issues and escalates for assistance when appropriate.
Assists end users about the proper submission of access requests to meet all established policies and audit guidelines.
VOYA - Des Moines, Iowa Dec- 2013 - April- 2017
Technology Risk & Security Management (TRSM) – Vendor Risk Management (VRM)
IT Security Specialist
Conduct Vendor Risk Assessments (VRA) for Voya engagements to include security reviews for Voya IT related projects;
Five plus years of experience heading or working on a variety of technology-based projects.
Create Metrics for team monthly Performance Dialogue reports.
Perform detail security and technical risk assessments to ensure vendor comply with information security controls and policies for the business engagement and type of data being accessed and stored; complete multiple Vendor Risk
Assessments; ensuring compliance with ISO standards and Voya security policies.
Work with stakeholders/business unit and Technical Security Officers (TSO) within a business to develop and implement solutions to mitigate risks and maintain appropriate controls for Vendor engagements.
Communicate with the business unit to ensure all security requirements are met and the vendor is in compliance with company policies and standards before a business engagement is initiated.
Track and report IT risks and mitigations to ensure all risks are monitored; ensure remediation plans are tracked for all information security risks as a result of the VRA.
Facilitate TSO bi-weekly call to discuss current VRA’s for TSO business unit(s); ensure TSO’s are aware of any issues with current assessments.
Update Archer reports and dashboards for TSO as individuals change positions and business units; ensuring TSO received all appropriate VRA’s for their business units.
Assist team in creating VRM monthly metrics using Archer; ensuing all assessments are track to include tracking open risks.
Assisted in 13 new types of Vendor Risk Assessment questionnaires to replace the one general questionnaire to ensure that vendors receive questions specific to their engagement with Voya; quicker turnaround time for vendors to complete assessments and for VRM team to complete overall risk rating for the vendor engagement.
Created weekly reports for Vendor Risk Owners (VRO) and TSO to ensure they have an up to date status of the in-progress assessments; reduced questions from VRO and TSO on status of assessments.
Created a new VRO final report to ensure that key risks are pointed out to the VRO.
Created a new Sourcing final report that includes all the vendor responses to the VRA that can be attached to the contract for new vendor engagements.
Train new team members on vendor risk assessment process; meet with new team members bi-weekly to discuss VRA’s.
Update Vendor Risk Management Process; ensuring all new updates are added to the document and that a current copy is posted on the intranet.
Analyzed and combined data from Voya business units for legacy vendors to create a vendor list that require a completed VRA on file.
Assist team to monitor and manage Vendor Risk Management monthly metrics to assist with tracking month-to-date
(MTD) and year-to-date (YTD) vendor risk assessments and risk ratings.
Stragtic Staffing-Des Moines, Iowa Aug-2012 – Dec-2013
ING
IT Security Specialist- Contractor
Perform auditing and provide reporting to security team to meet customer requirements.
Enforce security policies or guidelines in accordance with Federal Government Security Standards.
Validate access request forms for proper authorization.
Create new accounts as needed within the IT systems.
Maintain accounts as needed within the IT systems.
Review system and account reports to identify and report on possible violations of security.
Counsel users in regards to security violations related to identity and access management.
Work assigned help desk tickets related to Identity and Access Management.
East High School, Des Moines IA (1982 – 1986)
Kaplan University, Online (2009 – 2011)
Contact this candidate