| 20,000+ Fresh Resumes Monthly | |
|
|
| | Click here or scroll down to respond to this candidateCandidate's Name , CISAAustin, TX PHONE NUMBER AVAILABLE EMAIL AVAILABLEPROFESSIONAL SUMMARYSkilled Information Security Analyst, knowledgeable in risk management framework (RMF), systems development life cycle (SDLC), security life cycle, and vulnerabilities management using FISMA, FedRAMP, and applicable NIST standards. Organized, Solutions-focused, deadline-focused, team oriented, work well independently, or in team providing all facets of computer supports with in-depth knowledge and understanding of numerous software packages and operating systems. A proven project and team lead with aptitude for good customer service, leadership, excellent communication (both oral and written), and presentation skills. Specialized in providing IT security expertise and guidance in support of security assessments and continues monitoring for government and commercial clients.Functional areas of expertise include:Assessment and Authorization (A&A)IT Security ComplianceVulnerability AssessmentVulnerability ScanningSecurity Test and Evaluation (ST&E)Certification and Accreditation (C&A)Risk AssessmentSystems Development Life CycleTechnical WritingProject Management and SupportTECHNICAL AND SPECIALIZED SKILLSNessus Vulnerability Scanner, Microsoft Office, Excel, Word, PowerPoint, MS Project, Access, Mac, Microsoft Windows, Linux, VMware, Oracle virtual box, Parallel Virtual Machine, CSAM, RSAM, Tripwire, Accellion kiteworks /WatchDox secured file solution, RMPS, Remedy, Splunk, Active Directory, ServiceNow, Trend Micro, Excel, VBA, Pivot tables, SQL, Hadoop, Python.EXPERIENCE2020 2023 IT Security AnalystJOHNSON & JOHNSON TITUSVILLE, NJSupported client Security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous MonitoringSupported all Assessment and Authorization (A&A) phases and processesProven ability to support the full life cycle of the Assessment and Authorization (A&A) processDeveloped, reviewed, and updated Information Security System Policies, System Security Plans, and Security baselines in accordance with NIST, FISMA, OMB App. III A-130 and industry best security practicesApplied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53, FIPS 199, FIPS 200 and OMB A-130 Appendix IIIDirect experience with formatting, customizing, and providing feedback for documentation relating to Information Assurance & IT Security VulnerabilityProvided security expertise and guidance in support of security assessments.Supported A&A (C&A) activities according to the A&A project planReview, analyze and evaluate business system and user needs, specifically in Authorization and Accreditation (A&A)Perform internal audits of the systems prior to third party auditsReviewed authorization documentation for completeness and accuracy for complianceFacilitated Security Control Assessment (SCA) and Continuous Monitoring ActivitiesExecuted examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4Ensured cyber security policies are adhered to and that required controls are implementedValidated information system security plans to ensure NIST control requirements are metAuthored recommendations associated with findings on how to improve the customers security posture in accordance with NIST controlsAssisted team members with proper artifact collection and detail to clients examples of artifacts that will satisfy assessment requirementsUpdated and reviewed A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, POA&M, CPTPR, BIA, PTA, PIA, and moreCollected Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamlessUploaded supporting docs in the Systems Artifact Libraries, Google Docs, and CSAMUpdated, reviewed, and aligned SSP to the requirements in NIST 800-53, rev4; so that assessments can be done against the actual requirements and not ambiguous statementsManaged vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single, and multiple assets across the enterprise networkReviewed SAR post assessment; created and completed POAMs milestones to remediate findings and vulnerabilitiesMonitored security controls post authorization to ensure continuous compliance with the security requirements2016 2020 Cybersecurity EngineerKUB TECHNOLOGIES STRATFORD, CTDeveloped, reviewed, and updated Information Security System Policies, System Security Plans, and Security baselines in accordance with NIST, FedRAMP, FISMA, OMB App. III A-130 and industry best security practicesApplied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53, FIPS 199, FIPS 200 and OMB A-130 Appendix IIIProvided security expertise and guidance in support of security assessmentsSupported A&A (C&A) activities according to the A&A project planReviewed authorization documentation for completeness and accuracy for complianceFacilitated Security Control Assessment (SCA) and Continuous Monitoring ActivitiesExecuted examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4Ensured cyber security policies are adhered to and that required controls are implementedValidated information system security plans to ensure NIST control requirements are metEDUCATION2020 2022 RICE UNIVERSITY, JONES GRADUATE SCHOOL OF BUSINESS HOUSTON, TXMaster of Business Administration (MBA) degree, Strategy Concentration. May 2022.2016 2018 UNIVERSITY OF BRIDGEPORT, SCHOOL OF ENGINEERING BRIDGEPORT, CTMaster of Biomedical Engineering Forensic Concentration2006 2012 UNIVERSITY OF NIGERIA, BIOENGINEERING & VET MEDICINE ENUGU, NIGERIADoctor of Veterinary MedicineADDITIONAL SKILLSAbility to establish and maintain effective working relationships with clients and co-workersSkills in interviewing users to help analyze and resolve issuesStrong communication (verbal & written) and presentation skillsStrong organizational, analytical, and planning skillsAbility to read and interpret system security policies, rules and regulationsAbility to communicate security and risk-related concepts to both non-technical and technical audiences |