| Candidate Information | | Title | Information Systems System Security | | Target Location | US-MD-Bethesda |
| | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateProfessional SummaryA professional Cybersecurity Risk Analyst with over eight (8) years of professional relevant experience in managing risks using tools and policies/guidelines such Risk Management Framework (RMF), Assessment and Authorization, Auditing and Evaluation, vulnerability management and operational policy and procedures for on-prem and cloud-based information systems. Analyze systems and control implementations to provide recommendations that can be used to make risk-based decisions that improve the security posture and environment.SKILLSExperience with Government Regulations (OMB Circular A-123 Appendix A, Executive Orders)Experience with NIST Special Publications (NIST 800-53, NIST 800-53A, FIPS 199 & 200, 800-60, 800-37)Experience with developing and reviewing security documentation (Change and Configuration Management Plan, Contingency Planning, MOU, ISA, E-AUTH).Experience analyzing vulnerability scans using Tenable Nessus, ACAS, DISA STIGs.Familiar with Governance, Risk, and Compliance Tools (eMASS, CSAM, and XACTA)Excellent knowledge of Windows OS, MS Office SuiteExcellent oral and written communication skills, as well as excellent time management and analytical skills with little need for direct supervision and ability to work with little or no supervisionCertificationCompTIA Security +ISACA Certified Information Systems Auditor (CISA)Work ExperienceInformation System Security Analyst 05/2020 to PresentMedStarDevelop, review, and update security policies, system security plan (SSP), and security baselines in accordance with NIST 800-series publications, FISMA, OMB App. III A-130, and industry best security practices.Conduct a comprehensive assessment of management, operational, and technical security controls employedAssist with FISMA compliance and the preparation of systems Assessment & Authorization (A&A) for on-prem and cloud-based systems.Perform, review and certify/validate supporting artifacts uploaded to close open POA&Ms in the GRC tracking tool.Develop Rules of Behavior (RoB), Interconnection Security Agreement (ISA) and Memorandum of Understanding (MOU) for external systems seeking connections to on-prem systems.Perform vulnerability scanning and assessment, prioritizing findings per risk severity level.Categorize new systems using FIPS 199 and NIST 800-60 to ensure the appropriate watermark and required security controls.Develop E- Authentication Risk Assessment, System Security Plan (SSP), and Contingency Plan.Perform Privacy Threshold Analysis (PTA) to determine if a Privacy Impact Assessment (PIA) will be required for a system.Develop and track open findings identified during the A&A process in a Plan of Action & Milestone (POA&M) until resolved.Work with the system engineers and administrators to generate the implementation statements for security controlsDetermine security violations and or inefficiencies through security tests, evaluations and auditsDevelop Test Plans, Testing Procedures and documented test results and exceptionsMonitor controls post authorization to ensure continuous compliance with the security requirements.Information System Security Officer (ISSO) 01/2016 to 04/2019MedStar. Washington, DCAssisted with development of System Security Plan (SSP)Developed and modified implementation of system security controlsAnalyzed, assessed and recommended security controls required for FedRAMP complianceTested system technical security configuration settings generated from Nessus scan resultsDisaster Recovery Plans, Contingency Plans, and Incident Response PlansContingency Planning, and POA&M management and continuous monitoring.Assisted with developing and reviewing compliance reports that clearly identify security findings and proposed remediation strategies.Performed assessment of information systems based upon the Risk Management Framework (RMF)Provided expert guidance in the development or delivery of requisite documents Authorities to Operate (ATO)s, Initial ATOs; conducting systems patching and evaluation associated with IA compliancy, Information Assurance.Examined, interviewed, and tested procedures in accordance with NIST SP 800-53Ensured cyber security policies are adhered to and that required controls are implemented.Prepared system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53)Initiated POA&Ms with identified weakness and recommendations from the SARTracked findings with POA&M through mitigation and/or risk acceptancePerformed the role of security control assessor, performing non-technical and technical assessments of FIPS 199 rated HIGH, MODERATE, and LOW systems.EducationBachelor of Business Administration August 2014The University of the District of Columbia Washington DC |
