| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateEXPERIENCE SUMMARY:Highly motivated Information Security Analyst with nine years of experience analyzing various security-related events, performing assessments, and protecting enterprise information systems. Expertise in customer service management, security, and data protection, team leadership, project management, strategic planning, and policy and procedure reinforcement.AREAS OF EXPERTISE:Candidate's Name
LinuxContingency PlanISCPPOA&MRMFIncident ResponseTEXTSOPNessusWindowsPTANIST 800 SeriesCSAMATO PackageVulnerability ManagementRisk AssessmentISO 27001GRCFedRAMPDRPeMASSData AnalysisPROFESSIONAL EXPERIENCE:Guide House 09/22 PresentGrant Thornton 08/20 09/22Information System Security OfficerImplements the Risk Management Framework (RMF) in accordance with NIST SP 800-37 Rev 2Working with clients to produce non-FedRAMP and FedRAMP compliant System Security Plans and all required documents using CSAM.Assisting clients with the maintenance and monitoring of controls and required FedRAMP artifacts and submissions.Work with the client, SaaS providers, and internal development team to identify security gaps and resolve them to protect client data.Reviews security categorization of systems using FIPS 199 & NIST SP 800-60 Vol 2Updates technical, operational, and management control families and controls with guidance from NIST 800-53 Rev 4 and FIPS 200.Work with a team of Developers, Information Security Owners, and System Engineers to select, implement, and tailor security controls to safeguard system information.Reviews and updates SSP implementation statements of respective applicable control to assigned systems as the need arises using NIST 800-18Provide support for security-related FedRAMP compliance controls; and audit systems, services, and processes to verify adherence to company security policies and procedures.Central point of contact for questions about the companys FedRAMP security practices and support process for responding to Federal customer security questionnaires.Develop information security policies, standards, procedures, and best practices to support a FedRAMP moderate operating environment.Maintain A&A project documentation in CSAM and update the documents annually as part of the continuous monitoring RMF requirement.Perform independent compliance reviews, tracking, and continuous monitoring of RMF A&A packages in CSAM.Independently put together a variety of Security Authorization deliverables including System Security Plans, Security Assessments Reports, Risk Assessment Plans, and POA&M.Conduct risk assessments regularly; ensure measures raised in assessments were implemented in accordance with the risk profile, and root causes of risks were fully addressed following NIST 800-30 and NIST 800-37.Conduct Self-assessments and provide briefings to stakeholders like system owners and Business owners.Document and Review security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.Provide routine support of IT security programs to ensure that security objectives of Confidentiality, Integrity, and Availability are met.DT Tech Consulting 05/24/2019 08/07/2020Cloud Security Analyst/FedRAMP SpecialistConducted a comprehensive review of the Cloud System seeking Agency Authorization using FedRAMP standards and provided Authorization recommendations to the Authorizing Official.Conducted continuous monitoring of SaaS applications that have been procured by the agency and provided status updates to the stakeholders.Reviewed security controls, policies, and procedures and provided recommendations for the adaptation of new technologies or policies.Identified improvement areas and provided organization-wide security awareness training.Obtained and reviewed FedRAMP ATO packages for SaaS and PaaS applications.Work with teams to ensure they make safe, compliant, design and architectural decisions.Performed security categorization, using FIPS 199, and reviewed Privacy Threshold Analysis (PTA), and E-Authentication with business owners and selected stakeholders.Developed NIST Compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M) and addressed system weaknesses.Performed comprehensive Security Control Assessment (SCA) and prepared reports on management, operational, and technical security controls for audited applications and information systems.Provided answers to Audit inquiries.Conducted risk assessments regularly; ensured measures raised in assessments were implemented in accordance with the risk profile, and root causes of risks were fully addressed following NIST 800-30 and NIST 800-37.Conducted Self-assessments and provided briefings to stakeholders like system owners and Business owners.Documented and reviewed the System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO.Documented and Reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.Conducted Risk Management Framework (RMF) assessments and Continuous Monitoring: Performed RMF assessment on several different environments using both scanning tools and manual assessment. The assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance on evidence needed for security controls, and documenting the findings of the assessment.Defense Point Security 09/24/2018 05/03/19Security Assurance AnalystIdentified improvement areas and provided organization-wide security awareness training.Reviewed security controls, policies, and procedures and provided recommendations for the adaption of new technologies or policies.Conducted FISMA-based security risk assessments for government contracting organizations and application systems, including interviews, tests, and inspections; produced assessment reports and recommendations; conducted out-briefings.Performed security categorization, using FIPS 199, and reviewed Privacy Threshold Analysis (PTA), and E-Authentication with business owners and selected stakeholders.Obtained and reviewed FedRAMP ATO packages for SaaS and PaaS applications.Conduct continuous monitoring of SaaS applications that have been procured by the agency and provide status updates to the stakeholders.Assessments conducted following NIST 800 processes and controls.Work with teams to ensure they make safe, compliant, design and architectural decisions.Perform security categorization, using FIPS 199, and review Privacy Threshold Analysis (PTA), and E-Authentication with business owners and selected stakeholders.Develop NIST Compliant vulnerability assessments, technical documentation, and Plans of Action and Milestones (POA&M), and address system weaknesses.Perform a comprehensive Security Control Assessment (SCA) and prepare a report on management, operational, and technical security controls for audited applications and information systems.Reviewed and Analyzed System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO)Risk Management Framework (RMF) assessments and Continuous Monitoring: Performed RMF assessment on several different environments using both scanning tools and manual assessment. The assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance on evidence needed for security controls, and documenting the findings of the assessment.Conducted risk assessments regularly; ensured measures raised in assessments were implemented per risk profile, and root causes of risks were fully addressed following NIST 800-30 and NIST 800-37.Conducted Self-assessments and provided briefings to stakeholders like system owners and Business owners.Conducted comprehensive reviews of Cloud Systems seeking Agency Authorization using FedRAMP standards and provided Authorization recommendations to the Authorizing Official.Documented and Reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.Washington Tech Solution 03/09/2015 - 09/14/2018Information Security AnalystConducted self-assessments of security controls on various impact systems following agency guidelines to ensure compliance with NIST 800-53a.Collaborated with System Owners, and security team members, to make sure security controls are updated properly, and have evidential material to support security control.Ensured Security documentation (System Security Plan, Contingency Plan, Risk Assessments, and Incident Response Plan, etc.) are reviewed, maintained, and up to date for FISMA Compliance.Worked with a team of Developers, Information Security Owners, and System Engineers to select, implement, and tailor security controls to safeguard system information.Created Standard Operating Procedures templates (SOPs) for assigned systems.Provided support during ATO Assessments, providing evidence as needed.Created and reviewed POA&Ms to ensure all POA&Ms have a documented path forward.Collaborated with ISSO and security team to implement security controls selected in SSP Using NIST 800-18 as a guide to develop SSP.Work with ISSO and Security team to access security controls selected, in updating SAP, ROE where Vulnerability scanning and penetration testing procedures are included in the assessment,Conducted assessment meeting kickoff and security Control meeting with ISSO and System Owner Assessment finding results be reflected on the (RTM) or Test case and all weaknesses noted be reported in our SAR report.Monitored security controls using NIST 800-137 as a guide by testing a portion of one-third of the Applicable Security controls annually and performing periodic Vulnerability Scanning.EDUCATION AND CERTIFICATIONS:University of Buea, B.S., Computer Science and Information TechnologyOracle Certified Associate Oracle Solaris 10 - Oracle UniversityCloud Security Alliance V3 CCSKCEHCHFISec+CISA |
