American AirlinesSecurity Analyst II
Dec. 2017Fort Worth, Texas, United StatesAmerican Airlines, Security Analyst Dec 2017 – Present
Responsible for planning and supporting incident investigations, standardizing procedures to meet litigation requirements, and leading integrated work groups to develop proper workflows for vendors. Developing internal/external audit plans and performing General Computers control network penetration tests, application assessment scans and risk assessment reviews. Overseeing the company’s vendor risk management systems, using data mapping to ensure adherence for vendor security controls. Ensuring an accurate data upload of vendors on ongoing monitoring platform using BitSight and maintaining annual security control assessment. Single-handedly giving technical reviews and providing an unbiased assessment of security function and compliance such as SOC, ISO 27001 reports. Facilitating changes by regularly inspecting and testing GRC controls to align with CMMC framework thereby resulting in effectiveness and efficiency complying with the management’s policies. Spearheading risk assessments using leading frameworks like, but not limited to- ISO, NIST, FISMA, GRC, FedFRamp, SOC, ISO 27001. Developing, implementing and monitoring reports performance that demonstrate value and ensure vendor performance by conducting reviews.