| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
OWINGS MILLS, MDEMAIL AVAILABLE PHONE NUMBER AVAILABLESUMMARYKnowledge of cybersecurity best practices in NIST publication series, RMF, and control families. I have over five years of experience in Security Assessment and Authorization (SA&A) employing FISMA, OMB, HIPAA, and appropriate HITRUST standards in the Risk Management Framework (RMF) process, Systems Development Life Cycle (SDLC), security life cycle, and vulnerability management Supported government (FISMA & NIST) and commercial IT security assessments and monitoring with knowledge and assistance. Direct and distant analysis, critical thinking, communication, and people skills. Knowledge of GRC tools. Experienced with industry-based information security and control frameworks such as ISO 27001, PCI-DSS, Cloud Security Alliance (CSA), NIST RMF 800-53, ISO 27001&2, SOC 2, and FedRAMP. Assess risks and vulnerabilities, determine deviations from approved configurations, enterprise, or local policy, assess risk, and offer mitigating strategies in operational and nonoperational situations. EXPERIENCEJNT IT Solutions, MD July 2017 - PresentCyber Security/GRC Analyst Determines security categorizations using the FIPS 199 and SP 800-60 as a guide in the risk management framework. Performs Privacy Threshold Analysis (PTA), e-Authentication with business owners and selected stakeholders. On an on-going basis, coordinates with business process owners to ensure timely identification and remediation of jointly owned risk related issues and action plans (POA&M). Assists System Owners and ISSOs through Security Assessment and Authorization (SA&A) Process, ensuring that operational, management and technical controls securing sensitive Security Systems are in place and being followed according to the Federal Guidelines (NIST SP 800-53). Organizes and participates in kick-off meetings with CISO and system stakeholders prior to assessment engagement. Identifies and advises on major security incidents, which could impact day-to-day services and operations. Performs security testing and analyzes results to identify vulnerabilities and violations of information security work to determine strategies and takes measures to mitigate risk. Prepares documentation and review System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Miles tones (POA&M), Authorization letter/memorandum (ATO). Provides FedRAMP Authorization to Operate (ATO) support for Workday public cloud deployment following FedRAMP and NIST guidelines. Liaises with external auditors and internal control owners to support various internal and external audits/assessments such as FedRAMP, ISO 27001, PCI-DSS, SOC 2, and NIST 800-53. Coordinates with internal stakeholders during audit period by collecting appropriate evidence. Provides advisory and guidance support to Workday stakeholders regarding the implementation of NIST 800-53 controls and requirements. Manages the creation and update of security documentation for FedRAMP Moderate environment such as(System Security Plan (SSP), SSP Attachments, Policies and Procedures. Functional knowledge of incident response, proper handling of forensic data, and the ability to provide Candidate's Name
OWINGS MILLS, MDEMAIL AVAILABLE PHONE NUMBER AVAILABLEmeaningful recommendations for remediation and attack prevention. Have experience reviewing and analyzing raw log files (e.g., firewall, network flow, IDS, system logs) and performs data correlation. Performs real-time and proactive analysis on various data sources, such as anti-virus logs, firewall logs, IDS and IPS data, event logs, and other host based and network-based artifacts. Protects enterprise systems and information by promptly responding to security threats and incidents, acting individually and as part of a team to resolve issues. Proactively hunts for threats and enacts identification, containment, and eradication measures while supporting recovery efforts. Collects and analyzes event information and performs threat or target analysis duties. Interprets, analyzes, and reports all events and anomalies in accordance with cyber security related directives, including initiating, responding, and reporting discovered events. Coordinates with key stakeholders & management on aligning risks, issues, incidents and assist with investigations across the enterprise. Assesses & implements new technologies in Cybersecurity analytics and reviews existing technology for capabilities and limitations. Reviews and updates existing information security policy, standards, and procedures based on federal and departmental regulations. Manages Security & Accreditation Packages. Planns and conducts security authorization reviews and assurance case development for initial installation of systems and networks. Reviewes authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network. Performs security reviews and identified security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. Performs periodic gap assessments to validate compliance on an ongoing basis. Supports vendor due-diligence process and helps to lead and define overall third-party risk management efforts. Supports internal and external audit process for relevant compliance. Coordinates and participates in disaster recovery and business continuity planning. Stays up to date and informs on developing regulatory concerns and changing IT and information security trends. Provides input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). Ensures that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. University of Maryland St. Joseph Med. Ctr, Towson, MD January 2015 - June 2017Support Specialists, IT Help Desk Followed standard help desk procedures (New User, Terminate User, Application Access Request ). Candidate's Name
OWINGS MILLS, MDEMAIL AVAILABLE PHONE NUMBER AVAILABLE Knowledge of backup and recovery procedures. Knowledge of information technology security policies and procedures. Knowledge of agency network control procedures. Ability to assist in the configuration of computer networks. Knowledge of current trends, standards and procedures. Evaluated new technology for compatibility with current system, processes and procedures. Supported operation of Microsoft Desktop Operating Systems (Windows 7, 8), applications (Outlook, Office, Word, Excel), mobile devices, and removal of malicious software. Ensured Active Directory maintenance, user creation and group administration, including MS Exchange attributes Explained simple procedures in writing or verbally. Created user accounts and managed access control based on company policies. Set up work stations for new employees and providing IT introductory training. Served maintenance and updates, including patch management, performance monitoring, and hardware maintenance. Troubleshooted current Microsoft operating systems, server and workstation. Provided support for organizations network including LAN, WAN, and WLAN. Provided support for phone messaging system, voicemail, and electronic fax. Provided support after normal working hours when necessary. Performed system backups, conduct tests for data restores and followed documented processes. Future Care, Irvington, MD Aug 2012 Dec 2015Respiratory Therapist Following HIPAA guidelines, assisted clients with ambulation and mobility around the house or outside(doctors appointments, walks etc.). Assisted clients with personal care and hygiene. Evaluated and treated patients with long term conditions and Tracheostomy. Set up and operated devices, such as mechanical ventilators, therapeutic gas in long-term care. Educated patients and families about respiratory modalities. Administered medications as prescribed by physician. Helped clients with physical therapy exercises. Performed light housekeeping duties that clients cant complete on their own. Reported any unusual incidents. Acted quickly and responsibly in cases of emergency. Participated in the planning and evaluation of patient needs based on patient behaviors. Genesis Healthcare, Towson, MD Feb 2009 - July 2012 Respiratory Therapist Following HIPAA guidelines, provided direct patient care services in accordance with the treatment plan and under the direction of a physician. Assisted with providing a safe and therapeutic environment according to established policies and procedures. Wrote comprehensive reports and presentations daily. Candidate's Name
OWINGS MILLS, MDEMAIL AVAILABLE PHONE NUMBER AVAILABLE Evaluated and treated patients with long term conditions and Tracheostomy. Set up and operated devices, such as mechanical ventilators, therapeutic gas in long-term care. Educated patients and families about respiratory modalities. Administered medications as prescribed by physician. EDUCATION & CERTIFICATIONTOWSON UNIVERSITY, Towson, MDBachelor of Technical and Professional Studies/Management Allied Health, June 2015 Certified Information Security Manager (CISM): In Progress CompTIA Security + CertificationProfessional Scrum MasterSKILLS AND TOOLSWorking knowledge of NIST 800 Series publications, HIPAA, ISO 2700, FedRAMP, HITRUST, IT Infrastructure & Network Protocols, Assessment and Authorization, Security Control Testing, Vulnerability Scanning, Sans-20 Security Standards, Ability to generate residual risk reports and POA&M Risk Management Framework, OMB, POA&M, Microsoft Office Suite (Word, excel, PowerPoint), GRC tools such as XACTA, CSAM, RiskVision, etc. REFERENCESWill be provided upon request |
