| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
PHONE NUMBER AVAILABLE EMAIL AVAILABLEClearance Public Trust(US CITIZEN)Security / Risk Assessor, POA&M manager, System AuditorEXECUTIVE SUMMARYSkilled and detail-oriented Security Control Assessor, POA&M Oversight, IT Auditor with 8yrs experience in all steps of the Risk management Framework including Privacy Risk and Security. Experience in applying NIST Special Publications 800 Series and FIPS series, for the System Development Life Cycle and System Authorization Life Cycles Best practice .Involved in the Federal IT Modernization Support, Continuous Diagnostic Mitigation (CDM ), Supports Information System Security Officer ( ISSO), Chief Information Security Officer (CISO), and stake holders with development, updating, reviewing Documents,Tracking Audit findings,Testing, monitoring and Validating Security Controls. A good team player, has strong ability to work efficiently, independently, with teams and under pressure.FUNCTIONAL SKILLSHands-on experience assessing, developing, and/or updating security documents /artifacts including but not limited to System Security Plans (SSP), Configuration Management Plans (CMP), Information System Contingency Plans (ISCP), Incident Respond Plans (IRP), Business Impact Analysis (BIA), e-Authentication Risk Assessment, Security Assessment Plans (SAP), Security Assessment Reports (SAR), Verification and Validation Process, Federal regulations/guidelines, Technical writing and implementation of Best practices.Experienced with Information Security Governance, Monitoring, Reviewing, Analysis, Tracking and defining requirements and posture for Defense in Depth (DiD) using the following Guides; SP 800-30, SP 800-37, SP 800-53 Rev 4, SP 800-53A, SP 800-60, SP 800-137, 800-18, 800-171, FIPS 199, FIPS 200, OMB Circular A-123, and OMB Circular A-130.Assessment and POA&M tracking tools (Cyber Security Assessment Management (CSAM)Experienced developing, tracking, and oversight of Plan of Action and Milestones (POA&M) process as part of Continuous Diagnostic Mitigation and AssessmentMicrosoft Office Suite (Word, Excel, PowerPoint, Visio, Outlook)Proficient using Windows 7, 8,10, and XPProficient using Remedy, Nessus Tenable Vulnerability Assessment.Expertise with Telecommunications Fundamentals System Forensics, FISMA, FIPS PublicationsST&E, Risk Management Framework 800-37, SSP, Risk Assessment, IT Security Controls, DISA, STIGs compliance, Sarbanes-Oxley Compliance (SOX 404), HITRUST, Contingency Planning, Change Management, Security Gap Analysis, Configuration Management, HIPAA, SDLC, C&A, System Monitoring & Regulatory Compliance,In depth knowledge of Commercial Frameworks such as COSO, COBIT, ISO, SSAE 16, PCI-DSS and HIPAA frameworks.SECURITY AUDIT TOOLS:SIEM ( security Information & Event Management), Audit Logs Review,GRC (Governance Risk and Compliance tools), SRC ( Security Risk Compliance ), Archer DashboardOther TOOLS:Retina Tenable Nessus CSAM, Carbon Black, ALM, ForeScout, BigFixEDUCATION AND CERTIFICATIONSB. A. Theology, Life Christian University, Lutz FL Graduated June, 2012A.A. New York University, Respiratory Therapy, New York, NY- Graduated June, 1991FISMA RMF/ DIACAP - DOD Training Center, Columbia, MD GraduatedSECURITY+ / DOD 8570 Training Center, Columbia, MD - GraduatedCompTIA Security+ Certification - CERTIFIEDSPLUNK Trained . Archer Dashboard Trained, ForeScout Trained, BigFix Trained.Certified Information System Manager, (CISM ) In progress.Certified Authorization Professional (CAP) in progress.PROFESSIONAL EXPERIENCEAlutiiq, 737 Volvo Parkway, Chesapeake, VANovember 2018 Feb 2020 ( Cybersecurity Auditor / Technical Writer)Support SOC (Security Operations Center) to Identify, Protect, Detect, Respond and RecoverOCIO Support for identifying Gaps, Vulnerabilities and RemediationFederal /Agency Dashboard, CDM / Timely Audit ProcedureIdentification, Protection, Detection, Responding and RecoveryCISO Support with Audit remediation DocumentsConfiguration Management processVulnerability Management process.Configuration Management Team SupportSoftware Asset management, Hardware Asset ManagementCollaboration with Booze Allen and DHS for CDM projectContinuous Diagnosis Mitigation (CDM ) Support .ATO PackagesSecurity control tailoringGovernance Integrated Project Team Contributor,Apply Logic Consulting Group, McLean, Virginia. (Fed Contract)June 2017 OCT 2018 ( POAM and ATO management)Supported Project - 2020 CensusPOA&M management / oversight working with Project managers.Reviewing and updating Security Assessment ReportsDeveloping, Reviewing,Updating ATO packagesCreating System Security PlansUsing the Risk Management Framework to Identify, Protect, Detect, Respond and RecoverReviewing and Assessing Security ControlsUsing NIST SP 800-53, NIST 800-53A, NIST 800-39, 800-37, 800-30Developing Policy, Procedure and S.O.P in compliance with Risk Management Framework.Snr Information Assurance Analyst, Smartthink LLC, Berwyn Heights MDMarch 2012 June 2017 ( Security Authorization and Audit ) Federal / T-Rowe PriceEnsures proper system categorization using NIST 800-60 and FIPS 199Implements appropriate security controls for information systems. NIST 800-53 Rev 4 .Developed, Updated or Reviewed System Security Plans (SSPs)Reviews and updates remediation on Plan of Action and Milestones (POA&Ms) Using CSAMEnterprise Mission Assurance Support (eMASS) RMF/ ATO PackagesSupports System Owners and system teams through the ATO process, using NIST 800-37.Creates, modifies, and reviews Security Assessment Report (SAR), Contingency Plan (CP)Continuously Monitoring Controls, Applications, Hardware and user activitiesDevelops a variety of Assessments & Authorization deliverables including; System Security Plan (SSP), FIPS 199 Categorization, PIA, ST&E, SAP, SAR, DRP, IRP, CMP.Analyzes and updates System Security Plan (SSP), Risk Assessment Reports (RAR), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)Coordinates with the Agencys Privacy Records, and Governance Divisions in regards to policy and procedure.Applied COBIT, COSO, ISO 27000, 22000 frameworks to systems and processesConducted Contingency Plan Testing or functional methods at least annually to update plan.Supported Configuration Management Team and procedure to ensure that changes are monitoredResponds to emerging requirements or policies as set by legislation, regulation or policySupports annual assessments in accordance with Organizational policies .Created Waivers or Risk Acceptance Memos to assist in the effective management of system risksSecurity Analyst, JMAT Systems, Greenbelt MDJanuary 2010 February 2012 : Continuous Monitoring / Audit (Federal and Civilian Contracts ).Conducted systems risk assessment through Risk analysis, identify all possible vulnerabilities within systems and implementing Mitigation Strategies .Assessed security controls in accordance with the assessment procedures defined in the security assessment plan (SAP) through examination, interviews, and testing.Conducted initial remediation actions on security controls based on the findings and recommendations of the security assessment report and re-assesses remediated control(s), as appropriate.Conducted security assessments by reviewing System Security Plans (SSP) Security Assessment Plans (SAP), Test Plans and Security Controls Testing .Uploaded Plan of Action and Milestones (POA&Ms) into CSAM, validate artifacts provided to remediate POA&MsDrafted Security Assessment Reports (SAR) to provide Findings and RecommendationsParticipate in the SOX testing of the General Computer Controls,Used COBIT, SOC-1, SOC-2 FrameworksReviewed POA&Ms and enforced timely remediation of audit issuesReviewed Tenable Nessus vulnerability and compliance scans and Web-Inspect, application scans as part of Vulnerability Oversight and Remediations as needed.Performed FISMA continuous monitoring-related activitiesNetwork/ NOC Support : Jmat Systems Inc, Greenbelt, MDJanuary 2008 - December 2010 (NOC support )Experience with TCP/IP & OSI network technologies/ModelsInitiate service calls with client/users and resolve network issuesSolid NOC Support experience(24x7x365)LAN/WAN monitoring and troubleshooting using Netcool and HP OpenviewPrepare & submit regular equipment failure report & maintaining logs of service interruptions.Experience with Remedy for Ticketing & Change Management System.Maintain documents of Daily Task and projects |
