Profiles search
Gary Rucker
Information Security Analyst at Teksystems/Providence Hospital
Oxon Hill, MD, United States
Details
Experience:
2012 : Present
Providence Hospital
Security Analyst
*Developed sound understanding and experience regarding relevant federal documents regs. (e.g., FIMSA, CSAM, HIPAA, POA&M, FICAM, FISCAM, FIPS and NIST800-18, 53 Rev3, 53A Rev1, 61 Rev2, 83, 94) information technology security regulation standards, policies, and procedures.
*Conducted Risk Assessment annually to determine whether formal or informal policies or practices exist to conduct an accurate assessment of potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.
*Performed each month a active directory audit access controls to determine strength, and weaknesses by verifying the domain user from Meditech to determine what application each user has granted access to and compared these result to the security access request form to verify that each user is granted access on a need to know basis.
*Obtained and review formal or informal policy and procedures and evaluate the content in relation to specified performance criteria to determine if an appropriate review process is in place of information system activities.
2012 :
TEKsystems
Information Security Analyst
*Provided expert advice, recommendations, and representation to higher DOE management levels on matters relating to cyber security risk, threat, and vulnerability management services, as well as the integration of cyber risk management requirements into the budget formulation and execution processes, policies and procedures for the organization.
*Closely monitors the cyber intelligence threat and risk management situation by obtaining and using all available automated and manual systems and serving as the DOE representative to other government organizations, including United States-Computer Emergency Response Team (US-CERT), Department of Defense (DOD), National Security Agency (NSA).
*Developed sound understanding and experience regarding relevant federal (e.g., FIMSA, Privacy Act, HIPAA, and NIST800-53, OMB, and FIPS) information technology security regulations, standards, policies, and procedures.
*Developed new or emerging technologies and processes that were incorporated as solution to reoccurring security concerns or policy requirement paying close attention to details.
2011 : 2012
ENERGY RESOURCE SOLUTION INC, DOE
Security Incident Response Analyst-contract
*Developed internal control and security policies and guidance from the ground up for the cashier’s business and finance office resulting in 25% error rate.
*Developed objectives, principles, policies, procedures and standards for planning and overseeing the centralized Departmental cyber threat identification/analysis and risk management operations and services that provide quality service to the College’s customers reducing threat risk from 60% to 50%.
*Implemented strong internal controls in cash draw-downs receiving wire transfer grant funds addressing recurring quality issues that had been largely ignored by predecessors; resolution resulted in key customers increasing grants 60%.
*Identified the need for IT security changes based on new technologies and increase in threats due to implementation of social median use by company staff.
2009 : 2010
BALTIMORE CITY COMMUNITY COLLEGE
Senior Accountant Auditor
Providence Hospital
Security Analyst
*Developed sound understanding and experience regarding relevant federal documents regs. (e.g., FIMSA, CSAM, HIPAA, POA&M, FICAM, FISCAM, FIPS and NIST800-18, 53 Rev3, 53A Rev1, 61 Rev2, 83, 94) information technology security regulation standards, policies, and procedures.
*Conducted Risk Assessment annually to determine whether formal or informal policies or practices exist to conduct an accurate assessment of potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.
*Performed each month a active directory audit access controls to determine strength, and weaknesses by verifying the domain user from Meditech to determine what application each user has granted access to and compared these result to the security access request form to verify that each user is granted access on a need to know basis.
*Obtained and review formal or informal policy and procedures and evaluate the content in relation to specified performance criteria to determine if an appropriate review process is in place of information system activities.
2012 :
TEKsystems
Information Security Analyst
*Provided expert advice, recommendations, and representation to higher DOE management levels on matters relating to cyber security risk, threat, and vulnerability management services, as well as the integration of cyber risk management requirements into the budget formulation and execution processes, policies and procedures for the organization.
*Closely monitors the cyber intelligence threat and risk management situation by obtaining and using all available automated and manual systems and serving as the DOE representative to other government organizations, including United States-Computer Emergency Response Team (US-CERT), Department of Defense (DOD), National Security Agency (NSA).
*Developed sound understanding and experience regarding relevant federal (e.g., FIMSA, Privacy Act, HIPAA, and NIST800-53, OMB, and FIPS) information technology security regulations, standards, policies, and procedures.
*Developed new or emerging technologies and processes that were incorporated as solution to reoccurring security concerns or policy requirement paying close attention to details.
2011 : 2012
ENERGY RESOURCE SOLUTION INC, DOE
Security Incident Response Analyst-contract
*Developed internal control and security policies and guidance from the ground up for the cashier’s business and finance office resulting in 25% error rate.
*Developed objectives, principles, policies, procedures and standards for planning and overseeing the centralized Departmental cyber threat identification/analysis and risk management operations and services that provide quality service to the College’s customers reducing threat risk from 60% to 50%.
*Implemented strong internal controls in cash draw-downs receiving wire transfer grant funds addressing recurring quality issues that had been largely ignored by predecessors; resolution resulted in key customers increasing grants 60%.
*Identified the need for IT security changes based on new technologies and increase in threats due to implementation of social median use by company staff.
2009 : 2010
BALTIMORE CITY COMMUNITY COLLEGE
Senior Accountant Auditor
Company:
Providence Hospital
Spoken Language:
Backtrack 4 Penetration Testing tool, C, Visual Basic, ProDiscover, Encase, Wireshark, Nmap, Nessus
About
Meticulous, assertive and goal driven professional seeking to support the Security team with an emphasis on developing, implementing, and maintaining security throughout the SDLC. A Master of Business Administration in Information Security. An exemplary history of success, cultivated by an impassioned work ethic should indicate future performance excellence in the INFOSEC field.
Profile Photo
