Profiles search
Maryam Kamali
Senior Information Security Analyst
San Francisco, CA, United States
Details
Experience:
2022 : Present
*confidential2*
Senior Information Security Analyst
-Select, identify, and develop InfoSec controls based on ISO 27000, SOC 2 and NIST
-Assess the design and effectiveness of security controls to advise IT employees and other staff on various issues related to InfoSec
-Write, review, and maintain security policies and standards
-Maintain IT Asset Management, Vulnerability Management, Change Management, and Security Awareness Program
-Perform gap analysis and follow up on audit findings to ensure corrective action has been taken
-Responsible for security risk management. Maintain and keep updated risk register and track security risk daily
2019 : 2022
Confidential
Information Security Analyst
-Co-design the security architecture of organization's Android apps.
-Design, establish, and update Information Security Management System
-Write, review, and update security policies and standards
-Design and implement security awareness program
-Research and implement essential solutions such as multi-factor authentication (MFA), Single Sign-on (SSO), Pretty Good Privacy (PGP) encryption, and other solutions based on regular risk assessment
-Work with Penetration Testing teams such as Cure53 and Digital Defenders Partnership (DDP) to -assure the security of multiple platforms developed
-Work with project managers and architects on a variety of security projects from requirements to deployment in production
2015 : 2019
Berkeley Human Right & Tech Non-profit
Information Security Engineer
-Perform information control reviews to include system development standards, operating procedures, system security, communication controls, backup and disaster recovery, and system maintenance for the customers to get certified for ISO 27001
-Perform reviews of control procedures based on ISO 27002 to prepare customers for the ISMS audit
-Assess the design and effectiveness of security controls and advise IT employees, system administrators, and other staff on various issues related to InfoSec
-Perform gap analysis, IS audit, and follow up on audit findings to ensure that customers have taken corrective actions and then liaison with external auditors to get certified for ISO 27001
-Assist with the risk assessment and risk management processes for customer environments
2013 : 2015
Asia Systems Management Inc.
Information Security Analyst
- Installed and maintained computer systems and networks
- Performed upgrades and installed updates
- Provisioned and deprovisioned user accounts
- Provided on-site support and troubleshooting of network equipment – routers, switches and firewalls
2011 : 2014
GTI Parsian
IT Technician
*confidential2*
Senior Information Security Analyst
-Select, identify, and develop InfoSec controls based on ISO 27000, SOC 2 and NIST
-Assess the design and effectiveness of security controls to advise IT employees and other staff on various issues related to InfoSec
-Write, review, and maintain security policies and standards
-Maintain IT Asset Management, Vulnerability Management, Change Management, and Security Awareness Program
-Perform gap analysis and follow up on audit findings to ensure corrective action has been taken
-Responsible for security risk management. Maintain and keep updated risk register and track security risk daily
2019 : 2022
Confidential
Information Security Analyst
-Co-design the security architecture of organization's Android apps.
-Design, establish, and update Information Security Management System
-Write, review, and update security policies and standards
-Design and implement security awareness program
-Research and implement essential solutions such as multi-factor authentication (MFA), Single Sign-on (SSO), Pretty Good Privacy (PGP) encryption, and other solutions based on regular risk assessment
-Work with Penetration Testing teams such as Cure53 and Digital Defenders Partnership (DDP) to -assure the security of multiple platforms developed
-Work with project managers and architects on a variety of security projects from requirements to deployment in production
2015 : 2019
Berkeley Human Right & Tech Non-profit
Information Security Engineer
-Perform information control reviews to include system development standards, operating procedures, system security, communication controls, backup and disaster recovery, and system maintenance for the customers to get certified for ISO 27001
-Perform reviews of control procedures based on ISO 27002 to prepare customers for the ISMS audit
-Assess the design and effectiveness of security controls and advise IT employees, system administrators, and other staff on various issues related to InfoSec
-Perform gap analysis, IS audit, and follow up on audit findings to ensure that customers have taken corrective actions and then liaison with external auditors to get certified for ISO 27001
-Assist with the risk assessment and risk management processes for customer environments
2013 : 2015
Asia Systems Management Inc.
Information Security Analyst
- Installed and maintained computer systems and networks
- Performed upgrades and installed updates
- Provisioned and deprovisioned user accounts
- Provided on-site support and troubleshooting of network equipment – routers, switches and firewalls
2011 : 2014
GTI Parsian
IT Technician
Company:
*confidential2*
About
-Industry accreditations including Certified Information Security Manager (CISM), and ISO/IEC 27001 Lead Auditor
-6 years of experience in different areas of Risk Management, and Information Security Compliance
-Experience with security-related regulations, standards, and frameworks such as HIPAA, PCI DSS, ISO 27000, NIST, SOC 2
-Several years of experience in different areas of network engineering, information security, and network administration
Profile Photo
