DecisionsLead Security and Compliance Analyst
Feb. 2023 - Aug. 2024Virginia Beach, Virginia, United StatesClosed gaps in cybersecurity training programs to go from 75% to 100% readiness for SOC 2 Type 2 and PCI DSS audits, which allowed us to complete our audit ahead of schedule and with minimum exceptions. Developed security training and phishing campaigns with a 100% completion rate of security training and 97% not prone to phishing rate as measured by a quarterly phishing campaign. Worked with senior leadership to develop and implement an incident response plan and team with no major incidents recorded in 2023. Investigated vulnerabilities in hosted systems on a biweekly basis and reported findings to CloudOps for remediation, which reduced levels of high and medium vulnerabilities to 0. Conducted incident response tabletop exercises with key personnel, also increasing participation from three employees to sixteen employees, which led to conversations about security in different departments throughout Decisions and raised awareness of security conscience. Performed thorough reviews of security platforms that were in use and revamped our program to use only the tools necessary to perform core job functions and mature security posture, saving the company approximately $15,000 per year.