Tamika Albert, CISSP, SSCP, HCISPP

248-496-8467

Talbert80@msn.com

 

 

QUALIFICATIONS:

 

·   Understanding of regulatory compliance such as GBLA, PCI-DSS, SOX, and HIPAA

·   Proven hands-on experience and knowledge of HITRUST, ISO/IEC 27000 series, FIPS, NIST 800 series, FFIEC IT Security Controls, COBIT4/5, and HIPAA/CMS Controls

·   Proven experience with data privacy principles, including PIPEDA, HIPAA Privacy Rule, Safe Harbor, GAPP, GBLA

·   Certified Information Security Systems Professional (CISSP)

·   Systems Security Certified Practitioner (SSCP)

·   Healthcare Information Security and Privacy Practitioner (HCISPP)

·   Experienced in auditing information systems

·   Experienced establishing auditing and information security program

·   Experienced developing information security policies, standards, and controls

·   Proficient in developing metrics and reporting for information technology

·   Proficient in security and privacy impact assessments

·   Expert in secure systems development lifecycle

·   Experienced in performing risk assessments

·   Exposure to third-party risk management

Proficient risk assessor of with information technologies, networks, operating systems and web applications

·   Trained in Information Technology Infrastructure Library best practices

·   Skilled in lean technical writing, including process and procedure documentation

·   Created and updated test plans

·   Coordinated Regression testing

 

 

TECHNICAL SKILLS:

 

·   Experienced with Symantec Governance Risk and Compliance Tools

·   Experienced in IBM Governance, Risk, and Compliance Tools

·   Experienced in Data Loss Prevention software

·   Developed and maintained Access 2007/2010 databases

·   Developed SharePoint sites and designed custom workflows in SharePoint 2010

·   Microsoft Office: Word/PowerPoint/Excel/Access/Project/Visio 2010-2016 (expert level), HTML, XML, SQL, Crystal Reports, SAP

 

 

PROFESSIONAL EXPERIENCE:

 

Business Unit Risk Analyst II – Assigned to Comerica Bank

·   Responsible for implementation of COBIT 5 and FFIEC controls framework

o   Performed precertification technology maturity testing and assessments

o   Business process mapping to assess/analyze current and future state environment

·   Develop, review, and revise information security policies, standards, and controls

·   Responsible for auditing systems against controls framework

·   Responsible for performing organizational technology risk assessments

·   Developed form and database in SharePoint to capture and address self-identified audit issues

o   Developed custom notification and approval workflows

·   Assist in developing information security metrics program

 

 

Information Security Governance Lead – Assigned to Blue Cross Blue Shield

·   Assigned to health care company

·   Worked on project to implement HITRUST in the information technology environment

·   Developed, reviewed, and revised information security policies, standards, and controls

·   Conducted risk assessments on third parties for vendor risk management program

·   Security event monitoring and incident response/investigations

·   Responded to information security control questionnaires/assessments from external stakeholders (group customers/regulatory agencies)

·   Advised internal stakeholders on policies and standards compliance

·   Assessed policy, standards, and controls effectiveness

·   Evaluated technical, physical, and administrative controls against information security frameworks/legislation/industry best practices

·   Assisted in developing information security metrics program

·   Assisted in conducting Information Security training and awareness events and related reporting

·   Information security governance administration/Sr. Management support

 

Audit, Risk, and Compliance Lead

·   Led recurring campaigns with Data Loss Prevention, Enterprise Access Controls, and Compliance Risk Assessment, ensuring action items are completed on time

·   Used Clarity to assign and manage resources

·   Performed reviews and security assessments of areas such as operating systems, database management systems, firewalls, intrusion detection systems, and web based applications

·   Responsible for reviewing and approving information security policies and standards

·   Responsible for approving security exceptions and risk acceptances, ensuring compensating controls are met

o   Responsible for governance in maintaining regulatory compliance (PCI-DSS, SOX, HIPAA, GBLA) on new IT projects

o   Ensuring compliance with corporate policy, financial and internal controls

·   Participate in Internal, SOX, and other regulatory audits and created/supported TI Management responses

o   Track, drive and aggressively monitored remediation of audit comments progress to closure of issues within TI

o   Subject matter expert in data protection, company records management, and audit compliance

o   Advised project teams on requirements and risk

·   Responsible for executive reporting of audit and compliance efforts

o   Reengineered remediation reporting process by creating interactive dashboards in Excel and PowerPoint

§   Implemented new reporting and tracking mechanisms

·   Maintained Business Continuity/Disaster Recovery Plans in SunGard for the TI Business Office

o   Responsible for plan testing and drills

·   Data Privacy Officer, ensuring company data is (according to HIPAA, PCI Compliance, GBLA) protected by analyzing security events in the Symantec Data Loss Prevention tool

o   Performed incident response and forensics analysis

o   Conducted privacy and security impact assessments during projects

Reporting Analyst Consultant

·   Created reports and dashboards for International Logistics using Excel and Access for executive management

·   Used advanced Excel and Access functions to populate data within the forms

·   Created Access databases

o   Data mined other databases to gather data

o   Used reports created from SQL queries within SAP Materials Management Module

o   Analyzed and tracked customer service, parts fulfillment, and inventory levels for Europe, Middle East, Africa, and Latin America

o   Ran Access and Excel Macros to update daily, weekly, monthly dashboards

·                                                             Managed data audit logs

·                                                             Provided weekly status on project tasks/deliverables

 

Compliance Analyst

·   Coordinated on six week project to conduct an audit, risk and security assessment on existing banking applications with technologies noncompliant with the company’s technology lifecycle management, regulatory compliance, and information security policies

o   Created exception request forms for risks outside of feasibility to remediate

o   Ensured compensating controls were met

·   Tracked and reported status of project to Executive Management

·   Scheduled and facilitated working sessions to complete analysis of applications

·   Used advanced Excel functions to populate data within the forms

o   Data mined other databases to gather data

o   Analyzed system diagrams to identify system interdependencies

o   Analyzed system integration documents to produce financial reports for executive management

o   Used ChangePoint to pull support hour information for use in building business cases for exception forms

·                                                             Managed data audit logs

·                                                             Managed data privacy through GRC tool

·                                                             Provided weekly status on project tasks/deliverables

·                                                             Created system architecture roadmaps for business banking, corporate, and service banking applications

·                                                             Ensured documents were complete, current and stored appropriately in Domino Lotus Notes Database

·                                                             Used Lotus Notes to schedule meetings, manage the database, and for project communication

·                                                             Provided thought leadership to identify and correct issues

 

Implementation Consultant

·   Project Coordinator/Data Analyst MSP implementation Project for Caterpillar Third Party Labor Program into the VMS tool IQ Navigator

o        Implemented three full iterations/cycles

o        Responsible for regulatory privacy compliance

·   Responsible for vendor risk management for compliance and enrollment in the program

·   Tracked and reported project status and metrics

o        Responsible for scheduling and facilitating status meetings

o        Delivered status in meetings with stakeholders

·   Created test plans and scripts

·   Conducted pre-implementation and post implementation software testing

·   Used SharePoint for documentation and version control

·   Responsible for reporting in IQNavigator tool and Excel

·   Responsible for conducting classroom and individual training to suppliers, employees, and other users of the tool

·   Created documentation

·   Responsible for training and knowledge transfer

Program Coordinator Consultant (Remote)

·   Program Coordinator on network hardware refresh project for Siemens using ITIL standards, hired for definite length to absorb project duties of Senior Project Managers

·   Scheduled, assigned, and tracked resources

·   Managed a staff of thirty-forty technicians

·   Managed ten million dollar hardware budget

·   Created and managed change controls for standard hardware changes in HP Project and Portfolio Management

·   Used SAP PPM Module for project scheduling and financial reporting

·   Responsible for risk assessments and regulatory self-assessments

·   Using Microsoft Excel 2007 to create reports

o        Data mining various databases/spreadsheets to extract information for weekly status reports

o        Used VBA to create macros

·   Gathered, documented, and translated user requirements

·   Responsible for database regression and user acceptance testing post upgrade

·   Used SharePoint for document management

o        Created Access database on team site

·   Created and maintained action logs and status reports

·   Updated documentation

·   Updated and maintained project communication

Access Control Compliance Analyst

·   Responsible for ensuring compliance with the role-based access controls within the bank

·   Conducted reviews of user access to ensure access to systems were appropriate role

·   Updated access in Active Directory

·   Executed daily macros to ensure data access controls were current, researching and resolving variances

·   Performing daily variance reviews, importing data from and to Excel/Access 2010

·   Updated and enhanced user access templates and user lists in Excel

·   Used SQL to create user access and identity management queries in Symantec Control Compliance Suite

·   Created and updated process documentation

Business Systems Analyst Consultant

·   Worked as business analyst on project with Ford to upgrade and manage database tool in Global Securitization

·   Responsible for role-based access control administration, ensuring compliance with IT Security Controls and regulatory compliance

·   Performed risk and security assessments on in-house developed tools for compliance to policy and regulations

·   Performed security controls testing throughout the phase of the lifecycle to ensure hardening of system controls

·   Designed SharePoint workflows using SharePoint Designer

·   Modified custom SharePoint web parts and page design

·   Responsible for business continuity and disaster recovery planning and testing

·   Responsible for creating/modifying test plans

·   Coordinated regression and user acceptance testing

 

Snelling Personnel – Assigned to Nitto Denko

June 2008 – December 2009

Release Coordinator / Business Analyst

·   Responsible for change and release management

·   Facilitated change management meetings

·   Tracked and reported change request status from initiation to implementation to management

·   Coordinated on project to move from AS/400 to JD Edwards ERP system

·   Coordinated unit testing

·   Responsible for tracking project milestones and tasks

·   Responsible for managing project calendar

·   Trained team members during ERP to use JD Edwards system

·   Created macros in Excel to create product reports for senior management

·   Responsible for maintaining SOX security controls and coordinating security risk assessments

·   Designed and implemented of database in MS Access 2010 to maintain and update account information/files

·   Created queries and tables to track and monitor reports in Access Database

·   Utilized VB script to modify records and run reports in Access Database

·   Provided logistics support (truck and air freight)

·   Used advanced functions in Excel to analyze shipments, order patterns, and product data

·   Created user manuals in Word/Excel

·   Gathered and documented requirements and communicated with customers and vendors.

·   Created desk procedures and process maps

·   Responsible for reporting customer data to vice president of operations

·   Extracted data from accounts for creation of aging reports

·   Created JD Edwards Reports

·   Created MS Excel reports and master lists to maintain customer contact information

The Computer Merchant – Assigned to Hewlett-Packard for General Motors EDWS IMAC/Refresh Project

March 2006 – March 2007

Jr. Project Manager

·   Developed project plan using MS Project- managing resources, deliverables, scope, time, and cost

·   Managed resource budget of two million dollars

·   Responsible for vendor risk assessments and service level management

·   Created reports using MS Excel, MS Access and Crystal Reports for management

·   Scheduled and participated in sessions to create work instructions

·   Created process flows and organizational charts using MS Visio

·   Reengineered raw data into financial reports using Excel according to HP Project Management Office standards

·   Developed work instructions for project requirements

·   Tracked and reported request status to PMO office

·   Introduced SharePoint site to hold project documents

·   Created SharePoint site for documentation

·   Responsible for access control in SharePoint

·   Responsible for controls compliance and risk management

·   Responsible for change management

·   Submitted change requests on behalf of business customers

·   Created Access 2003-2007 database for asset management

·   Responsible for training and development of new team members

·   Utilized VB script to modify records and run reports in Access 2003 database

·   Managed communication and requested changes

·   Designed and implemented database for asset, human resource, and time management using MS Access 2007

·   Initiated requests using HP Open View Service Desk

·   Dispatched and managed service requests (IMACS/Refreshes, trouble tickets) for end users at HP, General Motors, and Electronic Data Systems through Workflow Manager and HP Open View Service Desk

 

 

EDUCATION:

 

Certified Information Security Systems Professional (ISC2), expires September 2018

Systems Security Certified Practitioner (ISC2), expires May 2018

 

Healthcare Information Security and Privacy Practitioner (ISC2), expires August 2018

 

Master of Science in Information Technology with a focus in Cybersecurity, August 2017

Walsh College

Currently Attending

 

Bachelor of Business Administration in Business Management, April 2013

Cleary University