Norman Starks
Location
Virginia Beach, VA
Durham, NC
Education
A
Alexandria School of Scientific Therapeutics
August 2016 - January 2020
degree
Bachelor's
major
Information Technology (IT)
Work Experience
M
Mathematica
Senior Information Security Analyst Risk and Control Lead
Bowie, MD, US
August 2021 - present
company
Mathematica
title
Senior Information Security Analyst Risk and Control Lead
overview
- Support Information and Technology risk taxonomy development and implementation, including development of risk appetite, key risk indicators and key performance indicators
- Experience developing an enterprise risk reporting capability, and ability to coordinate information technology risk status and updates to management and Board of Directors Audit Committee
- Experience leading information and technology audits and testing of security controls for design and effectiveness and coordinate third party security assessment, such as SOC2 and client-specific assessments Lead Mathematica SOC2 certification for two years
- Experience facilitating, risk and control, serve as system admin for input and documenting IT processes, risks, and controls in GRC tool Auditboard
- Experience developing and documenting security incident reporting process and procedures. Leading providing substantial support to the development and delivery of information and technology risk training material
- Risk and Control Lead provide technical expertise and trainer for all employees for constant cyber Hygiene
A
ACI Federal
Senior Cyber Security Engineer
Bowie, MD, US
January 2020 - December 2021
S
Solers, Inc
Senior Security Engineer
Arlington, VA, US
January 2018 - December 2020
D
Data System Analysts, Inc
Senior Information Assurance Specialist
Fairfax, VA, US
January 2016 - December 2018
T
TM3 Solutions
Information Assurance Analyst
Alexandria, VA, US
January 2014 - December 2016
See 2 More
Skills
Analytical ThinkingAuditing SkillsAutomationCarrying out AssessmentsCernerCertified Ethical HackerCertified in Risk and Information Systems ControlCompTIA Security+Computer SecurityConceptual ModelsCoordination SkillsCryptographyCustomer ServiceDatabasesData SystemsDemonstration SkillsDomain Name System (DNS)Dynamic Host Configuration ProtocolElectronicsEnvironmental ProtectionFederal Information Security Management ActFirewalls (Computer Science)Governance Risk Management and ComplianceHealth Insurance Portability and Accountability Act ComplianceHost Based Security SystemsHyper-VIncident ReportInformation AssuranceInformation SystemsInformation TechnologyIntrusion Detection SystemsIso StandardsIT Risk ManagementIT Security StandardsJazzKey Performance IndicatorsKey Risk IndicatorKnowledge of EngineeringKnowledge of HygieneLoan Origination ProcessMathematicaNagiosNational Institute of Standards and TechnologyNavseaNessusNetwork ArchitectureNetwork SecurityPCI Data Security StandardsProblem SolvingPublic Key InfrastructurePublishing SkillsRadio FrequencyRetinaRisk AnalysisRisk AppetiteRisk ManagementRSA (Cryptosystem)Safety PrinciplesSecurity AuditsSecurity ControlsSecurity EngineeringSecurity PoliciesSecurity SystemsShipyardSoftware System Penetration TestingSoftware Vulnerability ManagementSymantec Endpoint ProtectionTCP/IPTechnical SupportTechnology RiskTesting SkillsTripwireVulnerabilityVulnerability AnalysisWiresharkXacta