DELANIE MEGHAN SUH

Upper Marlboro

Summary

Cybersecurity professional with 7+ years of experience supporting risk management, compliance, incident response, and third-party security oversight in regulated environments. Experienced in assessing security controls, reviewing audit artifacts, supporting audits, and maintaining compliance with NIST 800-53, NIST CSF, ISO 27001, SOC reports, HIPAA, and FedRAMP.

Work History

Information Security Specialist (FedRAMP / GRC)

USDA

Washington

10.2022 - Current

Supported security and risk management activities to ensure compliance with NIST 800-53 and FedRAMP requirements.
Review security documentation, control evidence, and vulnerability assessment reports.
Assist with risk assessments and identification of security control gaps.
Tracked remediation activities and POA&Ms for addressing compliance findings and improving security posture.
Participate in internal and external audits, coordinating evidence and responses.
Maintain System Security Plans (SSPs) and supporting compliance artifacts.
Collaborated with engineering and operations teams to identify and resolve security issues, enhancing overall system security.
Communicate security risks and remediation status to technical and non-technical stakeholders.

Information Security Analyst (Third-Party Cyber Risk Management)

Bank of America

Dallas

04.2019 - 10.2022

Conducted security assessments for internal systems and third-party vendors, enhancing risk management in financial services.
Evaluated SOC 1/SOC 2 reports, ISO 27001 certifications, and regulatory evidence to ensure compliance and identify vulnerabilities.
Captured risk findings and provided remediation recommendations, facilitating informed decision-making on residual risks.
Supported vendor onboarding and periodic security reviews.
Partnered with Legal and Procurement on security requirements and contract reviews.
Monitored vendor-related vulnerabilities and incident notifications.
Used RSA Archer and ServiceNow GRC to manage assessments and remediation tracking.
Prepared reports summarizing risk posture and trends for leadership.

Incident Response Analyst

Centene Corporation

St. Louis

01.2017 - 03.2019

Monitored and investigated security alerts with SIEM and endpoint detection tools to identify and mitigate potential threats.
Performed incident response activities including triage, containment, and recovery.
Investigated phishing, malware, and unauthorized access attempts.
Documented incidents and corrective actions, ensuring compliance with audit requirements and enhancing overall security posture.
Collaborated with infrastructure and application teams on remediation.
Supported security operations in healthcare environment, ensuring alignment with HIPAA regulations and safeguarding patient data.
Participated in tabletop exercises and post-incident reviews.
Maintained incident records and evidence in ServiceNow.

Education

MSc - Cyber Technology

University of Maryland

BSc - Applied Information Technology

University of Baltimore

Skills

Regulatory Compliance (HIPAA, FedRAMP)
GRC Tools (RSA Archer, ServiceNow)
NIST 800-53
NIST CSF
ISO 27001
Information Security & Risk Management

Third-Party & Vendor Risk Support
Security Control Assessments
SOC 1 / SOC 2 Report Review
Incident Response & Security Operations
Vulnerability & Risk Remediation Tracking
Audit Support & Evidence Collection

Certification

CompTIA Security+
CISM

Personal Information

Title: Cybersecurity Analyst | Risk & Compliance

Timeline