| 20,000+ Fresh Resumes Monthly | |
|
|
| | Click here or scroll down to respond to this candidateCandidate's Name
Street Address
Phone: PHONE NUMBER AVAILABLE, Email: EMAIL AVAILABLEProfessional Summary:A well experienced cyber security professional with repeated accomplishments investigating all types of cyber security incidents and breaches impacting service, people, and businesses. Proficient in security assessment and authorization, risk management, and vulnerability management. Experienced in cybersecurity risk management and its impact on organizations information Systems Confidentiality, Integrity, and Availability triad. Results-oriented Cyber Security Professional with experience in information technology, including data monitoring, threat detection and response, threat analysis, and security control implementation and assessment. Adept at working with system stakeholders in the development and implementation of information security strategies required to protect enterprise information systems, networks, data, and operational processes through the Security Assessment & Authorization (SA&A), using industry-based standards such as NIST, FISMA, OMB, RMF, and FedRAMP, process. Strong background in Governance, Risk Management, and Compliance requirements and well-versed in installing, configuring, and deploying next-generation Cyber Security tools.AREAS OF EXPERTISESecurity Assessment & AuthorizationThird Party Risk ManagementPolicy and Process DevelopmentSecurity PlanningIncident ResponseRisk AssessmentsVulnerability ManagementFISMA Act 2002NIST SP 800-SeriesTenable Nessus ScanningISO 2700XFedRampPCI-DSSServiceNow SecurityRisk Management FrameworkCloud SecurityBusiness Continuity and Disaster Recovery planningIT general Controls (ITGC) AuditingSplunkEducation and Certifications:Strayer University, VA BSc. Business AdministrationCISA (Certified Information Systems Auditor)CISM (Certified Information Systems Manager)Information security Audit and Compliance Training Coursera 06/2016SIEM TECHNOLOGIES & ToolsNessusSplunkWiresharkCore Skills:Provide FedRAMP Authorization to Operate (ATO) support for Workday public cloud deployment following FedRAMP and NIST guidelines.Participate in the development and oversight of required corrective action plans relating to security compliance and PCI issues.Liaise with external auditors and internal control owners to support various internal and external audits/assessments such as FedRAMP, ISO 27001Manage the creation and update of security documentation for FedRAMP Moderate environment such as (System Security Plan (SSP), SSP Attachments, Policies and Procedures.Partner with team members and cross partner groups to ensure programs align with PCI compliance requirements.Assess Vendors of any risk that might come with their business association, including their 4th Parties.Assess Vendors using OneTrust and Security Score CardRequest/review all Artifacts submitted by Vendors for assessmentPerformed comprehensive assessments and wrote reviews of management, operational and technical security controls for audited applications and information systems.Used checkpoint Firewall Analyzer to access predefined Checkpoint firewall reports that help with analyzing bandwidth usage and understanding security and network activities.Analyze reports and archive logs from Check Point Firewalls.Develop and execute Cloud (AWS) Information Security strategy to proactively identify risk and drive remediation.Improve the efficiency of information security processes and advance the effectiveness of the information security controls of the AWS cloud operating model.Participates in Incident Response activities in coordination with other teams as necessary, Reviewing and editing event correlation rules, performing triage on these alerts by determining their criticality and scope of impact, evaluating attribution and adversary details.Develop and conduct Security Control Assessments (formally ST&E) per NIST SP 800-53A and NIST SP 800-53R4Over 5 years of experience in system security monitoring, auditing and evaluation, C&A and Risk Assessment of GSS (General Support Systems) and MA (Major Applications)Performed Certification and Accreditation documentation in compliance with company standards.Developed, reviewed and evaluated System Security Plans based on NIST Special PublicationsCompiled data to complete Residual Risk Report and to insert contents into POA&MsSecurity Life Cycle and Vulnerability Management, using FISMA and applicable NIST standards.PROFESSIONAL EXPERIENCE:Third Party Security Risk and Privacy AnalystGeekView Tek Solutions, Frederick MD 07/2021 - PresentSchedule kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.Conduct formal end-to-end Vendor Security Risk Assessments (review of questionnaires, third-party security audit reports, and artifacts).Review new/existing third-party services and data in the scope of the assessment and analyze engagement risk rating.Categorize Vendors based on their Criticality and Classification.Participate in the development and oversight of required corrective action plans relating to security compliance and PCI issues.Partner with team members and cross partner groups to ensure programs align with PCI compliance requirements.Work together with the TPRM team and stakeholders to review the assessment and escalate any issues.Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A Rev 4.Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination and testing.Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool.(CSAM) Request scans and later review the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.Develop documentation [FIPs 199, FIPs 200, PTA, PIA, e-authentication on new or existing systems.Provide system/equipment/specialized training and technical guidance.Serve as liaison with clients, participating in meetings to ensure client needs are met.Independently research and collaborate with teams to develop knowledge regarding the environment.take on leading roles within the team and effectively train team members based on inherent knowledge.ISSO (Information System Security Officer)AGO Worldwide Consulting., Severn, MD 09/2018 07/2021Provide responses to data calls and all audit requests by due dates and Maintain tracking reports and central repository of data call artefacts.Prepare and document System's ATO Brief for submission to Authorizing Official (AO) for his adjudication to grant ATO to a new system or for the existing system to continue operation.Schedule, track and manage the monthly and quarterly POA&M review process. Coordinates meetings and tasking with System Owners (SOs), Information System Security Officers (ISSOs) and support remediation of opened POA&M itemsReview Information System Security Policies and Procedures, System Security Plans (SSPs), and Security baselines in accordance with NIST, FISMA, OMB App III A-130, and industry best security practicesAssess Security Controls through document review, interview, and test procedures to ensure compliance with FISMA, and NIST SP 800-53A Rev 1Conducting in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.Providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.Review and validate vulnerability scan results at the operating system (OS) and application level and work with stake holders to architect and implement mitigations.Monitor and analyze Security Information and Event Management (SIEM) alerts to identify security issues for remediation and investigate events and incidents.Using wide variety of tools such as Splunk, Cisco Firepower, Symantec, Checkpoint Endpoint Security, etc. to identify, prioritize, and manage potential security incidents.Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).Create and update the Security Assessment Report (SAR) in compliance with NIST and FISMA regulations.Assist in the coordination and implementation of major detection enhancements to SOC analytics.Provide security management, process engineering and operations management to a Security Operations Centre.Security Control Assessor 03/2017 - 09/2018Henry Mensah CPA LLCSchedule kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide.Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A Rev 4 Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination and testing.Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool.(CSAM) Request scans and later review the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.Develop documentation [FIPs 199, FIPs 200, PTA, PIA, e-authentication on new or existing systems.Provide system/equipment/specialized training and technical guidance.Serve as liaison with clients, participating in meetings to ensure client needs are met.Independently research and collaborate with teams to develop knowledge regarding the environment.take on lead roles within the team and effectively train team members based on inherent knowledge. |