BEATRICE DJEUKOU
Information Security Analyst
Dallas,TX
Summary
Passionate Information Security Specialist with extensive experience developing and testing security frameworks for cloud-based software. Adept at aligning security architecture plans and processes with security standards and business goals. Skilled in deploying and managing security solutions to safeguard sensitive data. Experienced in GRC Archer for governance, risk, and compliance management, automating compliance assessments and providing real-time visibility into risk posture. Strong communicator and collaborator, able to liaise effectively with cross-functional teams and third-party vendors to drive security initiatives forward. Committed to staying abreast of emerging threats and industry best practices through continuous learning and professional development.
Demonstrated ability in enhancing cloud infrastructure security through advanced AWS configurations and CASB solutions. Proven track record in leading ISO 27001 certification processes and participating in SOC2 audits, NIST 800-53, 800-60, 800-37, FIPS 199, and FIPS 200. Dedicated to maintaining rigorous security standards and versed in robust network defense strategies.
Overview
4
4
years of professional experience
6
6
Certifications
Work History
Information Security Analyst
Boston Scientific
05.2020 - Current
- Conducted internal audits to identify areas of improvement within the organization''s information security program.
- Championed a culture of continuous improvement through regular evaluations of existing security measures against established benchmarks and metrics.
- Developed, tested and implemented security policies, plans and procedures for organizational protection.
- Performed risk analyses to identify appropriate security countermeasures.
- Deployed and configured Cloud Access Security Broker (CASB) solutions to monitor and control data traffic between on- premises and cloud environments, ensuring data security and compliance.
Led the certification process for ISO 27001 compliance, including gap analysis, policy development, risk assessment, and implementation of security controls to achieve certification.
Participated in SOC2 audits by providing documentation, evidence, and evidence of security controls to auditors, ensuring compliance with service organization controls related to security, availability, processing integrity, confidentiality, and privacy.
Implemented and managed AWS security solutions to secure cloud infrastructure, including Identity and Access Management (IAM), Virtual Private Cloud (VPC) configurations, and Security Groups.
Implemented NIST 800-53 controls to establish security baselines and ensure the confidentiality, integrity, and availability of sensitive information.
Conducted FIPS 199 categorization of information systems to determine the appropriate security controls required to protect organizational data assets.
Developed and maintained FIPS 200 security controls to enforce minimum security requirements for information systems and applications and ensure compliance with federal standards.
NIST 800-60 guidelines were used to develop and maintain risk management strategies, including risk assessments, threat modeling, and vulnerability management processes.
Led the implementation of the NIST 800-37 framework for risk management, guiding the organization through identifying, assessing, and mitigating security risks across IT systems and applications.
Utilized security information and event management (SIEM) tools to monitor and analyze security events, detect anomalies, and investigate potential security incidents.
Collaborated with third-party vendors and service providers to evaluate their security posture, assess risks, and ensure compliance with contractual security requirements.
Stayed abreast of emerging security threats, vulnerabilities, and industry best practices through continuous learning, participation in professional forums, and obtaining relevant certifications.
Integrated Malwarebytes Endpoint Protection platform into the organization's security infrastructure to detect and mitigate malware, ransomware, and other advanced threats targeting endpoints and servers.
Implemented CrowdStrike Falcon endpoint detection and response (EDR) platform to proactively detect and respond to sophisticated cyber threats, including fileless malware, zero-day exploits, and advanced persistent threats (APTs).
Utilized GRC Archer as a governance, risk, and compliance (GRC) platform to streamline risk management processes, automate compliance assessments, and provide real-time visibility into the organization's risk posture.
Implemented and configured AWS security tools such as AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), AWS WAF (Web Application Firewall), AWS Security Hub, and AWS GuardDuty to enhance the security posture of cloud environments and protect against unauthorized access, data breaches, and malicious activities. - Collaborated with IT teams to ensure seamless integration of security measures into existing infrastructure.
Education
Bachelor of Science - Computer Science
University of Buea,
Cameroon 05.2001 -
Skills
Multitasking
undefinedCertification
CISA
Timeline
Information Security Analyst
Boston Scientific
05.2020 - Current
Bachelor of Science - Computer Science
University of Buea,
05.2001 -