| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Philadelphia, PA Street Address
PHONE NUMBER AVAILABLE EMAIL AVAILABLEProfessional SummaryInformation Assurance Specialist with over 3 years of experience, specializing in information security, project development and management, and the Assessment & Authorization (A&A) process. Focused on enterprise security risk management, with extensive knowledge in risk assessment, implementing controls, vulnerability mitigation, and configuration management using industry-standard frameworks. Familiar with federal security policies, standards, and guidelines including NIST 800 SPs such as 800-37, 800-53/53A rev 4, FIPS 199/200, FISMA, HIPAA, & FedRAMP. Proficient in Risk Assessment, Risk Management Framework (RMF), Systems Development Life Cycle (SDLC) and Security Assessment and Authorization process (SA&A). Experienced in developing ATO package documents such as SSPs, SARs, POA&Ms, Contingency Plans, Incident Response Plans, PIA, and Configuration Management Plans. Skilled in communicating technical information to clients and non-technical personnel at all levels of the organization.Work ExperienceInformation Security AnalystHerran Associates, Philadelphia, PA 02/2021 to present. Collaborate with Information System Security Officers to prepare Assessment and Authorization(A&A) packages using the six-step Risk Management Framework Process (RMF). Develop and track corrective actions for the Plan of Action and Milestones (POA&M) of all accepted risks upon completion of Security Control Assessment (SCA) exercises, documented in the system security plan (SSP). Create system security artifacts such as contingency plans (CP), incident response plans (IRP), privacy impact assessments (PIA), MOUs/ISAs and risk assessment (RA) documents for compliance with NIST 800 guidelines and agencys security requirements. Monitor controls post-authorization to ensure continuous compliance with security requirements, evaluates threats and vulnerabilities through Nessus scan results, and collaborated with IT staff for mitigation actions. Develop and update Authorization to Operate (ATO) packages such as the SSPs, SAR and POA&Ms for information systems to ensure compliance with the organizations information security requirements. Conduct the ST&E Kick-off Meeting and populated the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A. Review implementation statements and supporting evidence of security controls to determine if the systems are currently meeting the requirements and provide findings/suggested mitigations to stakeholders.Global Communication, Ghana 02/2014 03/2019System Support Analyst Formulated and upheld updated security policies, protocols, and standards, ensuring streamlined and more efficient management of information system measures. Identified issues and implemented solutions to facilitate the repair of diverse computer components(both hardware and software). Documented the resolution process and conducted policy reviews to gauge the efficacy of the remedial measures. Conducted manual antivirus scans on computers following notifications of security breaches. Assisted in the comprehensive monitoring of operational computer systems across the organization. Offered support for printer operation, software functionality, and peripheral devices while managing workstation services and assisting users with standard office tools and local applications. EDUCATIONHigh School DiplomaProfessional Certifications Certified Information Security Manager (CISM) COMPTIA Security+ (S+) Scrum Master Accredited Certification (SCM) Certified Governance, Risk and Compliance (CGRC) In Progress Skills Risk Assessment & Management Security Assessment & Authorization PO&AM Management Authorization-To-Operate (ATO) Process System Security DocumentationTechnical Tools Governance, Risk, and Compliance (GRC), CSAM Vulnerability Assessment Tool, (Nessus) Operating Systems, Windows Operating Systems Microsoft Suites, Word, Excel, PowerPoint |
