Profiles search
Dounia Elrhatassi, MBA, CTPRA
Cybersecurity Lead - ISO at Moss Adam’s
Tampa, FL, United States
Details
Experience:
2022 : Present
Moss Adams
Cybersecurity Lead Engineer - ISO
•Participated in assessment of vendor risk, develop mitigation plans and partner with internal stakeholders to manage responsibility
•Helped ensure strong oversight of all vendors’ risks and provide member firms and business partners visibility of existing and emerging risks
•Prepared and completed risk assessments and assist with policy, regulatory and accreditation audit preparation
•Drove towards a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal / State Regulatory requirements
•Facilitated maintenance and administration of the VRA platform (ServiceNow)
•Provided guidance to the business, procurement and other stakeholders to ensure requirements of VRM are fully understood
•Supported development and execution of a robust communication and training plan to facilitate the effective application and awareness of VRM
•Monitored risk findings, remediate resolution including development and execution of corrective action plans, and ensure follow-on reporting and monitoring
•Analyzed, updated, and modified procedures and processes to identify and continuously implement vendor risk management process improvements
•Improvees awareness of operational risks faced by Business from vendor failure/poor performance and work with Strategic Sourcing/Legal/Business to mitigate any losses through vendor compensation achieved through establishment of robust contracts
2020 :
Deloitte
Lead Cybersecurity Risk Engineer
Defined and implemented application security architecture and analyze technology vulnerability analysis.
Collaborated with application development teams, infrastructure security architects, and security policy experts to define an integrated framework of applications. Audit/assessment coordination (evidence gathering/collection), Vendor issue management (action plan collection, timeline follow-up, and issue documentation), and business partner assessments (security assessments of 3rd party vendor).
2019 : 2020
Kohl's
Sr. Information Security Analyst
Analyzed and investigated problems that have been reported by users, determined root cause of issues, documented it and provided a solution • Efficiently responded to application support escalations which involve troubleshooting moderate technical issues and resolving data/configuration issues • Provided remote technical assistance and support, and resolved problems related to the use of applications for end users • Consistently met standards for ticket system management and documentation responsibilities • Clearly conveyed technical issues and material to non-technical audience • Collected and organized technical data related to assigned projects. Present data and findings for review at the next level of engineering • Identified, research and resolved complex technical problems • Provided weekday & weekend on-call support for all business applications • Incident prioritization, coordination, and administration • Escalated issues requiring a deep product / technical knowledge or special client engagement, complex, cross-team impact assessment & work closely with peer teams as well as application developers to deliver high availability and optimum performance for customers
2018 : 2019
Northwestern Mutual
Application Support Engineer
• Assisted in the identification of the controls; ensured the generation of accurate and complete financial reports • Documented and evaluated entity, general computer and application controls • Performed walkthroughs to test control design/operating effectiveness • Evaluated and managed the risk factors involved in the audit project. • Conducted effective interviews with both business process owners and IT process owners to understand the processes around IT general controls also defined and communicated the objectives, our business requirements.
• Developed and delivered training material to SOX/MAR Program participants, including Business/IT management and Internal Audit • Provided consultative advice to business and IT management on current or emerging Information & Technology risk (focus on Business Resiliency risks) control and governance matters. Prepared and presented reports of the conducted data status, significant findings, and improvement recommendations • Ensured the quality and integrity of the audits done by providing the requisite audit information. • Derived conclusions based on the audits conducted, maintained the documentation and papers related to the audit work by making use of statistical, quantitative and computer-aided techniques.
2016 : 2018
Northwestern Mutual
IT Auditor
Moss Adams
Cybersecurity Lead Engineer - ISO
•Participated in assessment of vendor risk, develop mitigation plans and partner with internal stakeholders to manage responsibility
•Helped ensure strong oversight of all vendors’ risks and provide member firms and business partners visibility of existing and emerging risks
•Prepared and completed risk assessments and assist with policy, regulatory and accreditation audit preparation
•Drove towards a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal / State Regulatory requirements
•Facilitated maintenance and administration of the VRA platform (ServiceNow)
•Provided guidance to the business, procurement and other stakeholders to ensure requirements of VRM are fully understood
•Supported development and execution of a robust communication and training plan to facilitate the effective application and awareness of VRM
•Monitored risk findings, remediate resolution including development and execution of corrective action plans, and ensure follow-on reporting and monitoring
•Analyzed, updated, and modified procedures and processes to identify and continuously implement vendor risk management process improvements
•Improvees awareness of operational risks faced by Business from vendor failure/poor performance and work with Strategic Sourcing/Legal/Business to mitigate any losses through vendor compensation achieved through establishment of robust contracts
2020 :
Deloitte
Lead Cybersecurity Risk Engineer
Defined and implemented application security architecture and analyze technology vulnerability analysis.
Collaborated with application development teams, infrastructure security architects, and security policy experts to define an integrated framework of applications. Audit/assessment coordination (evidence gathering/collection), Vendor issue management (action plan collection, timeline follow-up, and issue documentation), and business partner assessments (security assessments of 3rd party vendor).
2019 : 2020
Kohl's
Sr. Information Security Analyst
Analyzed and investigated problems that have been reported by users, determined root cause of issues, documented it and provided a solution • Efficiently responded to application support escalations which involve troubleshooting moderate technical issues and resolving data/configuration issues • Provided remote technical assistance and support, and resolved problems related to the use of applications for end users • Consistently met standards for ticket system management and documentation responsibilities • Clearly conveyed technical issues and material to non-technical audience • Collected and organized technical data related to assigned projects. Present data and findings for review at the next level of engineering • Identified, research and resolved complex technical problems • Provided weekday & weekend on-call support for all business applications • Incident prioritization, coordination, and administration • Escalated issues requiring a deep product / technical knowledge or special client engagement, complex, cross-team impact assessment & work closely with peer teams as well as application developers to deliver high availability and optimum performance for customers
2018 : 2019
Northwestern Mutual
Application Support Engineer
• Assisted in the identification of the controls; ensured the generation of accurate and complete financial reports • Documented and evaluated entity, general computer and application controls • Performed walkthroughs to test control design/operating effectiveness • Evaluated and managed the risk factors involved in the audit project. • Conducted effective interviews with both business process owners and IT process owners to understand the processes around IT general controls also defined and communicated the objectives, our business requirements.
• Developed and delivered training material to SOX/MAR Program participants, including Business/IT management and Internal Audit • Provided consultative advice to business and IT management on current or emerging Information & Technology risk (focus on Business Resiliency risks) control and governance matters. Prepared and presented reports of the conducted data status, significant findings, and improvement recommendations • Ensured the quality and integrity of the audits done by providing the requisite audit information. • Derived conclusions based on the audits conducted, maintained the documentation and papers related to the audit work by making use of statistical, quantitative and computer-aided techniques.
2016 : 2018
Northwestern Mutual
IT Auditor
Company:
Moss Adams
Spoken Language:
Arabic, English, French
About
I am a senior Information Security, Privacy and Risk Management Professional with a solid technical background and a highly analytical mind. I hold an MBA with a focus in Information Technology. I have been involved within the information security field for the last 6+ years.
Looking ahead, I plan to grow as a business professional, and succeed at every opportunity that come my way. I believe every opportunity creates a new path for success.
I enjoy making connections with individuals that develop and challenge my professional skills and have the potential to develop into long-term relationships.
Profile Photo
