Profiles search

Edward Hernandez

Information Security Associate at Federal Reserve System
New York, NY, United States

Details

Education: Masters

Information System

Stevens Institute of Technology

2010 : 2012

bach

Finance, General

Rutgers Business School

2003 : 2006

Bachelor of Science (B.S.)

Finance

Rutgers, The State University of New Jersey-New Brunswick

2003 : 2006
Experience: 2017 : Present

Federal Reserve System

Information Security Associate

Vendor / Third Party Information Security onsite or remote assessments.

* Communicate with MUFG Bank appropriate stakeholders to better understand the services, define the scope for the assessments, coordinate onsite visits and collect due diligence documentation.

* Conduct assessments for onsite (at vendor location) and remote assessments for high and critical third-parties.

* Observe physical and environmental controls of third party facilities where the data resides. Collect and review due diligence documentation such as relevant third-party policies and procedures, Share Assessments Standardized Information Gathering (SIG) questionnaire, network and application penetration test, SSAE 16 SOC Reports, among other documents to conduct onsite and remote assessments.

* Highly experienced in utilizing Shared Assessment Agreed Upon Procedures (AUP) tool to evaluate the adequacy of IT controls and identify control deficiencies and gaps during the assessment.

* Responsible for recommending remediation or compensating controls that meet MUFG Bank policy, regulatory requirements, and best practices to ensure that they meet MUFG policies requirements, regulatory requirements (FFEIC, OCC), and best practices (NIST, ISO 27001, COBIT).

* Develop comprehensive post-assessment report for senior management and business stakeholders to review.

* Familiar with using RSA Archer tool to store collected due diligence documentation and record moderate and high findings.

* Responsible for follow-up on findings to ensure proper closure of control gaps.

* Provide peer-to-peer training and guidance to new staff.

* Maintain and update KPI for management reports.

2016 : 2017

MUFG

AVP - Senior Vendor / Third Party Risk Analyst - Information Security

- Performed multiple engagements for systems, applications and business functions.

- Responsible for planning all aspects of assigned engagements, which include audit plan/scope, audit program, audit questionnaire, and risk matrix.

- Responsible for coordinating all aspects of an engagement with stakeholders, which include audit initiation, data gathering, validation of findings, and closing of engagement.

- Responsible for identifying all material risks associated with the engagement.

- Responsible for assessing engagement's current controls and documenting supporting evidence.

- Responsible for recommending controls that mitigate risks to an acceptable level.

- Responsible for developing audit reports that clearly communicate to all stakeholders findings, risks, and remediation steps.

- Utilized vulnerability tools such as Nessus and GFI Languard to assess systems and provided mitigation steps to the organization.

- Utilized external resources when conducting IT audits, such as NIST framework, NIST Special Publications on Computer Security and Cybersecurity Best Practices, CIS benchmarks, GAO Federal Information System Controls Audit Manual (FISCAM), Global Technology Audit Guides (GTAG), and systems and application best practices to identify and mitigate risks.

- Familiar with other popular frameworks, such as COBIT, ISO 27001 and 27002, and ITIL.

2013 : 2016

Port Authority of NY & NJ

IT Auditor

• Assisted in the analysis of risk assessment documentation.

• Assisted the Informatics Analyst Database Administrator in the removal and identification of over 2000 redundant items.

• Helped the Informatics Lead in the collection of project management documentation and the development of a WBS.

• Collaborated with the Customer Care Analyst Lead in assessing the work process of members of her team.

• Developed an Excel spreadsheet for the Customer Care

• Analysts for the tracking of information and statistics via PivotTables

• Developed a detail statistical report

2012 : 2013

Atlantic Health

Intern - Strategic Sourcing & Information Security

- Accounting and financial reporting responsibilities.

2008 : 2011

Stevens Cooperative School

Business Associate
Company: Federal Reserve System
Years of Experience: 17
Spoken Language: Spanish

Skills

Access Control, Accounting, Analysis, Business Analysis, Business Continuity Assessment , Business Process Improvement, Business Process Mapping, Business Risk and Analysis , Contract Requirements, Contract Review, Cybersecurity, Data Analysis, Data Privacy, Enterprise Risk Management, Excel, Finance, Financial Analysis, Information Security, Information Security Contract Review, Information System Audit, Internal Audit, Internal Control Assessment , Internal Controls Recommendation , ISO 27001, IT Audit, IT Risk Management, IT Security Assessments, Microsoft Excel, Microsoft Office, MS Project, NIST, NIST 800-53, Physical Controls , Process Improvement, Program Management, Project Management, Risk Analysis, Risk Assessment, Risk Management, Sales, Security, Security Controls, Software Documentation, Third Party Risk Management (TPRM), Third Party Vendor Management, Vendor Assessments, Vendor Contracts, Vendor Management, Visio, Electronics, Software Installation, Troubleshooting, Switches, WAN, Network Administration, DoD, Security Clearance, Networking, Computer Security, BMC Remedy, Optical Fiber

About

Information Security  and IT Audit professional with a broad range of skills in information technology and strong understanding of internal control practices. Well versed in planning, analyzing, and reporting of information technology third-party assessments and internal IT Audit reviews.