| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidate
Candidate's Name
Street Address | | C: PHONE NUMBER AVAILABLE | EMAIL AVAILABLESummaryClearable, experienced Cyber Security Analyst with 9+ years of result-oriented background in maintaining the security and integrity of data by planning and carrying out security measures to protect computer networks and systems, enterprise information systems, network systems and operational processes through information assurance controls, compliance verifications, risk assessment, vulnerability assessment in accordance with NIST 800 series, FISMA, and industry best security practices.Skills Experience with federal security regulations, standards, and processes including FISMA, FIPS199, 200, NIST 800-53 rev4, NIST 800 37 and FedRAMP Experience with composing continuous monitoring documents such as such as PIA, SSP, BIA, PTA, RA, SAP and SAR s
Experience with performing continuous monitoring activities and executing steps 1-6 of the RMF process Experience with HIPPA, SOPs, POA&Ms and policies Respond to requests for specialized cyber threat reports Provide timely and relevant security reports to help support and manage security services Strong communication with various clients Creative and detail oriented Earn value management experience with Cloud systems Discover vulnerabilities in information systems
Evaluate malware software Familiar with security regulations and standards Use various tools to detect and mitigate security risksTools
CSAM Excel Microsoft Office Archer SharePoint
Information Privacy Security Officer November 2020 PresentHealth and Human Services (HHS) Koniag- Rockville, MD Review ATO packages as well as risk assessments (RA s), information system contingency plans, SA&A executive Summaries, POA&M reports including meetings with stakeholders to retrieve documents that satisfy security assessment initiative Ensure that the Components assigned to my team are in compliance with the Risk Management Framework as well as NIST guidelines and regulations Provide recommendations for agency security templates as well as conduct trend analysis across agency security documentation while developing the annual IT Security Awareness training and performing Monthly Cyber Security initiatives Meet with various stakeholders to determine the Privacy threshold and impact for On-Prem/Cloud systems
Meet with stakeholders to determine Categorization of On-Prem/Cloud systems ensuring the data types are accurately included as well as complete kick-off meetings for new systems Conduct internal assessment of components by reviewing all security and privacy documentation to determine if component is in right standing to move forward for third party assessment review Meet with technical team to determine results of vulnerability scans to mitigate and review weaknesses that arise Perform Gap analysis of Security, Privacy, Policy and SOP documentation in order to close any outstanding issues that may have been identified Conduct Contingency Plan Test with system stakeholders and Incident Response teams to ensure contingency and incident procedures are fully effective while developing lessons learned documentation if needed from test results Develop SAR as well as annual control review schedules for Administration for Strategic Preparedness and Response(ASPR) systems Meet with team to determine weekly goals while ensuring critical priorities are being metCyber Security ISSO July 2019 November 2020Tetra Tech Washington, DC Played leadership role to review/develop policies, contingency plans, security assessment plans and testing requirements for agency systems Monitored Cloud systems according to FedRAMP standards and technical procedures Assisted in developing and improving cybersecurity capability while leading project to develop tracker for OIG audit deficiencies for the office of the secretary ensuring that vulnerabilities were mitigated in a timely fashion. Composed software and hardware inventory spreadsheets to create awareness of tools that need to be updated or disposed Managed gap analysis to reveal misalignment between standards of procedures (SOP) and policies according to NIST 800 53 criteria Developed audit activity PowerPoints and spreadsheets for CISO council review while assisting to create system security plans (SSPs) for moderate systems Performed Agency FISMA audits quarterly to ensure that security controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirement for the systems, including information technology products and services used in security control
Provided reviews and recommendations for Authority to Operate (ATO) documentation, Cyber Security Assessment and Management (CSAM) artifacts, and acceptance of risk documentation also including working with technical staff to develop SOP s for onboarding personnel Maintained regulatory requirements while managing and facilitating informationsecurity assessment continuous monitoring activitiesCyber Security Compliance Analyst Nov 2017 July 2019United States Department of Agriculture - Washington-DC Analyzed and made recommendations on policy, governance, and procedural changes to identify and reduce transmission cyber risk commensurate with evolving industry best practices and standards Composed SSP s for Information Systems Revised supporting content for products and edited material prepared by other writers or staff Incorporated animation, graphs, illustrations, or photographs to increase users understanding of the material Selected appropriate medium, such as manuals or videos, for message or audience in order to standardized content across platforms and media Updated and composed documentation including but not limited to; contingency plans, configuration management plans, incident response plans, security assessment reports residual risk reports, risk threat matrix reports Identified security integration issues related to the implementation of new systems within the existing infrastructure; recommend mitigation and/or resolution options Developed and implement improved risk-based practices such as NIST Risk management framework, over a multi-year horizon Responded to cybersecurity & compliance incidents in collaboration with the manager and per established procedures Proposed mitigation plan measures and timelines for vulnerabilities and compliance incidents Ensured that systems are FISMA compliant by developing and implementing an integrated risk-based information security program for each system Created and monitored POA&Ms while working with security team to mitigate risks that were found Played key role as subject matter expert in ensuring security baseline met command cyber criteria for excellent rating during security audit. Guided leadership, peers and subordinates in tactics techniques and procedures. Continuously assessed, monitored, updated and test controls of high, moderate and low Systems including front-end cloud systems through the RMF process Created and updated Fed-Ramp documents for cloud system continuous monitoringIT Security Analyst Aug 2015 to Nov 2017Verizon Data Center Baltimore, MD Acted as a liaison between various departmental groups on information securityrelated topics to audit systems based on security standards. Collaborated in teams of technical and non-technical experts providing resultsthat are beneficial to the company. Made recommendations to senior management on results of analysis and worked closely with other information technology groups to refine and enhance security controls. Developed, reviewed, and updated information security system policies, system security plans (SSP), and security baselines in accordance with FedRAMP, NIST, FISMA, NIST SP 800-18
Analyzed risk assessment reports for data systems to ensure adherence to NIST and FISMA guidelines. Reviewed the controls that support the RTM and the details of the SSP to determine completeness and accuracy Provided security assessment results to meet client requirements and standards, which will include at a minimum the following documents: SAR, RTM, and a detailed technical results document as stipulated by the client
Assisted with the interpretation and analysis of the SAR upon completion of each security assessment and/or as requested to assist with post-assessment questionsCustomer Service RepresentativeJohns Hopkins Hospital- Baltimore July 2009- September 2011 Managed large amounts of inbound and outbound calls Entered patient information into a customer information system Ensured customer satisfaction by assisting them with issues/concerns related to their health Was in charge of receiving and processing telephone and fax requests from patients and referral sources to provide DME Was responsible for entering orders accurately and efficiently Answered high volume calls using a multi-line phone system Verified insurance and update patient files Provided instructions on how to use and maintain vital signs equipmentEducation
Bachelor of Science, Information Technology
Methodist University Accra GhanaCertificationsCompTIA Security +
Certified Authorization Professional (CAP)
|
