Candidate Information | Title | Risk Management Security Analyst | Target Location | US-PA-Philadelphia | | 20,000+ Fresh Resumes Monthly | |
|
|
| | Click here or scroll down to respond to this candidateIT SECURITY ANALYSTKnowledge of FISMA Compliance under NIST Street Address -53, NIST SP 800-66, NIST SP 800-171 for Controlled Unclassified Information (CUI), CMMC frameworks, FedRAMP, CIS, and HIPAA.Experience working and documenting Risk Management Framework processing with end results achieving an Authority to Operate (ATO).Solid experience with NIST Risk Management Framework (RMF) process, risk assessment, and continuous monitoring.Experience in performing vulnerability and risk analyses of applications during all phases of the system development life cycle.Areas of ExpertisePolicies & ProceduresBusiness RequirementsNIST 800 guidelinesCloud ComputingHIPAAFISMAFedRAMPRisk ManagementVulnerability AssessmentsBOD 18-01FIPS 199,200Information AssuranceSDLCCompliance & RemediationPOA&M ManagementProfessional ExperienceProSec Solutions, Washington, DCISSO Mar. 2019 PresentReview and conduct self-assessment on Premise and Cloud environments.Prepare Assessment and Authorization packages for IT systems, and ensure management, operational and technical security controls adhere to well-established security requirements authorized by NIST SP 800-53.Support the full life cycle of the assessment and authorization (A&A) process by updating the following documents: System Security Plan (SSP), Plan of Action & Milestones (POA&M), Disaster Recovery Plan, Contingency Plan, Incident Response Plans, Business Impact Analysis, Configuration Management Plans, Risk Assessment, and E-authentication.Participate in the development of the Contingency Plan and Tabletop exercises.Review Vulnerability scan results and ensure that risks are assessed and evaluated.Work with System Owner to assign risk impact ratings for systems in accordance with Federal Information Processing Standards (FIPS) 199.Provide continuous monitoring support for control systems in accordance with FISMA guidelines and conduct FISMA-based security risk assessments.Coordinate continuous audits between stakeholders and external auditors to ensure that audit findings are remediated accordingly, and corrective actions implemented per SOPs and regulations.Ensure appropriate system changes are implemented and complete the System Impact Analysis form.Responsible for the development, assessment and documentation of the security controls documented in the Systems Security Plan (SSP) per NIST 800-53.Provide continuous security monitoring of assigned systems.Develop and maintain the Plan of Action and Milestones and support remediation activities.Ensure IT systems have all security controls in place and function properly in accordance with NIST 800-53A publications.ProSec Solutions, Washington, DCBusiness Analyst May. 2018 Mar. 2019Assisted the business team with software development changes to enhance eligibility and benefits applications.Provided program management, requirements gathering, process diagramming, operational concepts, usability, and testing.Created and delivered high quality solutions for the software systems to ensure that the implemented software code and processes met the requirements of the business programs, and conformed to all applicable Federal and state laws and meets the needs of customers.Supported internal product teams by providing recommendations for product enhancements.Assisted in the creation and maintenance of documentation related to testing procedures, business requirements, and project deliverables.PHAM, Lancaster, PAProgram Coordinator May. 2016 May. 2018Responsible for maintaining up-to-date policies and procedures, applicable laws and regulations.Coordinated daily operations and activities related to compliance, in collaboration with Compliance Case Manager and supervisors.Tracked the timely review of compliance policies, procedures and standards of conduct.Identified instances of non-compliance, conducted investigations, formulated reports, provided recommendations, and ensured monitoring of corrective actions' implementation, updating the compliance database accordingly.Education-Bachelors degree in psychology Temple University, Philadelphia, PACertifications-Security+, AWS Cloud Practitioner, Certified Authorization Professional (in progress)Technical ToolsArcher, OneTrust, CSAM, Nessus Tenable, WebInspect, Nmap, Invicti, StackRox, Rapid7, Remedy, JIRA, ServiceNow, SharePoint |