| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
White Plains MDPHONE NUMBER AVAILABLEEMAIL AVAILABLEActive Secret ClearancePROFESSIONAL SUMMARYPatrick has extensive background and experience in Information Security Management, IT infrastructures and ensuring secure design, operations, and maintenance of large information systems, and enterprise networks. Work experience encompasses threat analysis, incident response, and network surveillance, Risk Management Framework (RMF), National Institute of Technology (NIST), FISMA (Federal Information System Management Act), NIST 800-53 Rev4, NIST 800-37, System Development Life Cycle (SDLC), Information security documents, developing and promulgating System Security Plans (SSP), Documentation and POAM.EDUCATION & CERTIFICATIONUniversity of Ghana Bachelors Information Technology 2002/2006CISACompTIA Security+CORE SKILLSNIST RISK Management Framework (RMF)ISO 27001FEDRAMP, FISMASOC-2Control AssessmentSecurity ManagementRisk AssessmentGovernance Risk Compliance (GRC)Vulnerability ManagementPROFESSIONAL TRAININGFISMA Authorization and Assessment TrainingFedRAMP Authorization and Assessment TrainingGovernance, Risk and Compliance TrainingISO 27001 TrainingCMMC TrainingSOC Type 1&2 TrainingThird Party Assessment TrainingPROFESSIONAL EXPERIENCEMildeeng Systems, LLC September 2019 - PresentInformation Security AnalystPerform Security Assessments on assigned systems using the Risk Management Framework (RMF) guidelines.Create technical documentation for working SOPs to help develop security solutions andRequirements.Ensure that plans of actions and milestones (POAMS) or remediation plans are in place forvulnerabilities identified during risk assessments, audits, inspections, etc.Scan, monitor and report vulnerabilities on the network to system administrators via ACASReview authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).Support the implementation of the information technology (IT) security controls, security authorization documents, and participates in system audits.Conduct IT risk assessment to identify system threats, vulnerabilities, and risk, and generate reports.Maintain, review and update information security system documentations, including System Security Plan (SSP), Plan of Action & Milestone (POA&M), Risk Assessment (RA), policies and procedures, security control baselines in accordance with NIST guideline and security practices.Apply appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53.Support A&A activities (Categorize, Selection, Implement, Assessment, Authorize, Monitor) according to the A&A project plan.Smartthink, LLC January 2017 August 2019Information Security AnalystPerforming security assessments and providing consulting support to assist clients in meeting FISMA and FedRAMP requirements. The ideal candidate will have a firm understanding of how to apply the principles of Information Security in a variety of circumstances and expertise translating the NIST 800-53 guidelines into common technical implementations.Develop Security Authorization Packages that are compliant with FISMA/FedRAMP requirements. Package components include: System Security Plans, Contingency Plans, Configuration Management Plans, Incident Response Plans, Privacy Impact Assessments, and Plan of Action and Milestones (POA&M)Assist in the review and analysis of Security Authorization Packages for completeness and compliance with FISMA/FedRAMP requirementsDemonstrate ability to lead compliance and assessments projects through the project lifecycle from initiation to project closureLead working sessions with client and audit team to ensure expectations and direction are aligned and timelines are being metCollaborate across multiple internal teams to ensure successful delivery of artifacts and closure of audit field workProvide review and analysis of vulnerability scan results from tools such as Nessus,Build a customer-focused relationship with client(s)Experience reviewing and updating policies, standards, and procedures to ensure they are up to date and reflect current practices.Vital ClickInformation Assurance Specialist December 2016- December 2017Ensured compliance with NIST security requirements through continuous monitoring and conducting of annual Security Assessments and Security Impact Assessments.Managed and oversaw the monthly patching schedule and ensure ISSOs are current on reporting all identified vulnerabilities.Actively participated in working group meetings to identify, plan, and execute strategies in response to emerging cybersecurity Risk Management Framework (RMF) policies.Maintained awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes.Worked with Department of Energy IT Team to analyze scan reports using Reviewed Nessus scan reports and worked with the team to remediate identified vulnerabilities.Utilized Archer GRC as a risk management tool to document, update, and track POAMs from start to completion Archer served as the artifact repository where all our documentation suchSSP and ATO documentations.Performed SA&A for moderate and high systems compliant with FISMA/NIST Standards.Led vulnerability management activities to identify, analyze and prioritize vulnerabilities, assess risk, report remediation activities and ensure the adequacy of existing information security controls.Reviewed and conducted audits to ensure information systems maintained the compliance baseline. Review system-level documentation to ensure system security requirements, incorporating the RMF.Participated in the development and/or review of SSP. Supervise and coordinate with appropriate personnel to run vulnerability scans on a regular basis and ensure timely remediation actions.Facilitated requirement gathering sessions, document and validate requirements with stakeholders as they relate to current environments and future trends.Reviewed, analyzed, and researched scan findings and coordinated remediation efforts in a timely fashion |
