Calbert Anderson

Experience

• 

  T-Mobile

  Jan 2021 - Jun 2021

  Sr. Governance/Security Analyst

  • Assisted with client planning/scope validation/execution for PCI-related controls assessments.• Ensured execution of client controls assessments are aligned with audit standards, guidelines, and best practices. Identify areas of non-compliance and risks that impact cardholder data environment and organization.• Evaluated client documentation and concluded on the effectiveness of remediation actions performed by technology and business process owners.• Prepared audit observations and review results with technology and business process owners, including C-Suite.• Communicated client observations and conclusions and control gaps and risks. As needed, assist with the PCI Report on Compliance and other related reporting requirements. Keep abreast of relevant business developments and evolving IT risk areas.• Contributed ideas and opinions to client Internal Audit teams by identifying changes within the environment that could impact the PCI assessment, designing audit programs/procedures to assess internal controls, and communicating results.• Effectively communicated in writing, verbally and during presentations/webinars with key client stakeholders. Show less

• 

  Cotiviti

  Mar 2021 - Aug 2021

  Sr/Lead Security Auditor

  • Led the security audit execution for client IT departments and worked with external auditors who sent over document requests. These requests are collected from control owners. Communication is critical in this role to build relationships with external auditors and communicate security issues/resolutions.• Provided strong experience and direction with client HITRUST, SOC, NIS and ISO initiatives.• Communicated with client ERP control owners to meet compliance objectives • Raised issues with senior management as they were discovered• Led client meetings between internal control owners and external auditors• Thoroughly communicated all client major security issues that were detected within audits, as well as the remediation measures that would need to be implemented to mitigate flaws within ERP systems• Worked with and analyzed client security reports from security tools such as Qualys, Axonius, Splunk, Veracode, Crowdstrike & Sonrai to keep senior management apprised of security vulnerabilities.• Used MyCSF and ZEN GRC tools to facilitate the HITRUST process Show less

• 

  Paychex

  Apr 2023 - now

  Security Analyst 3

  Contractor• Designed the Risk Management department framework and change management process for the Archer GRC application• Configured the Archer Risk Management GRC application with the Risk Management framework.• Trained junior security analysts on how to write/manage departmental risks, findings, and remediation plans.• Evaluated client documentation and concluded on the effectiveness of remediation actions performed by technology and business process owners.