Security Analyst Risk Management
Resume:
PAUL ZAH
Security Analyst
848-***-**** ad9txc@r.postjobfree.com http://linkedin.com/in/paul-zah-sec Somerset EXPERIENCE
Cybersecurity Analyst
Amazon 08/2022 - Present Somerset, NJ
Identified 20+ critical issues through vulnerability assessments, achieving a 30% reduction in security risks using SIEM tools like Splunk
Improved remediation efficiency by 30% through timely scans and management of Qualys and Nessus systems
Strengthened compliance with GDPR and NIST standards by 25% through developing and enforcing data protection policies Enhanced security culture by collaborating with 10+ cross- functional teams, driving awareness and adherence to compliance standards
Third-Party IT Risk Assessor (Contract)
Advance Auto Parts 07/2021 - 07/2022 Dayton, NJ
Recommended 15+ corrective actions in technical reports, expediting vulnerability resolutions and reducing risk exposure Managed vulnerability processes across 100+ systems using Qualys and Nessus, ensuring comprehensive security coverage Assessed third-party security controls with NIST standards, escalating 20+ high-risk issues, which boosted vendor compliance by 25%
Improved IT compliance by maintaining up-to-date knowledge of 5 regulatory requirements as a subject-matter expert Increased security efficacy by coordinating 20 internal resources and third parties for activities execution
Information Security Analyst
Amazon 04/2021 - 10/2021 Somerset, NJ
Achieved compliance with industry standards by developing and tracking 15 key security metrics for risk management Launched risk programs, overseeing assessments for 5 corporate departments and developing 10 strategic risk treatment plans Elevated risk assessment quality by producing 50+ technical reports with actionable insights for senior management Jr. Security Analyst
Softafrique 06/2020 - 03/2021 Woodbeidge, NJ
Maintained a 95% compliance rate by efficiently managing POA&M processes for vulnerability resolution
Documented findings from 50+ vulnerability assessments with Nessus and Qualys, enabling timely remediation efforts Supported risk mitigation for 20+ projects by reviewing and assessing key security documentation
Successfully evaluated 30+ Security Plans, resulting in enhanced risk management strategies
Conducted 15 Security Assessment Plans, resulting in a significant reduction of vulnerabilities
EDUCATION
Associate in Applied Science
Lehigh Carbon Community College, Schnecksville, PA - Computer Specialist - Network Technology (In Progress) Schnecksville, PA
SUMMARY
Cybersecurity and Information Security
Analyst with expertise in Governance, Risk,
and Compliance (GRC), Risk Management
Framework (RMF), threat monitoring, policy
development, vulnerability management, and
incident response, with compliance to
standards such as ISO 27001, NIST, GDPR and
SOC2. Proven track record in enhancing
security posture by implementing protocols,
developing policies, conducting risk
assessments, and leading cross-departmental
initiatives to strengthen organizational
security.
CERTIFICATION
Comptia security+
CompTIA CYSA+ (In Progress)
CISA (In Progress)
SKILLS
Policy Development
Incidence Response Risk Assessment
Vulnerability Management SIEM
NIST, GDPR, FedRAMP, IS0 27001, SOC2,
PCI DSS Compliance
Nessus Endpoint Security Qualys
Splunk FedRAMP CSAM
KEY ACHIEVEMENTS
Risk Reduction
Achieved a 30% reduction in security risks at
Amazon through proactive vulnerability
assessments.
Compliance Boost
Initiated a compliance boost by improving
adherence to GDPR standards by 25%.
Vulnerability Management
Managed vulnerability processes for 100+
systems, ensuring security across expansive
IT infrastructure.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
E q
Contact this candidate