| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Street Address Legacy Parc Circle, Pelham, AL /PHONE NUMBER AVAILABLE / EMAIL AVAILABLE/ US CitizenInformation Systems Security Officer/Security Controls Assessor/ RMF AnalystData driven and goal oriented Cybersecurity professional with 10 years of experience in Privacy and Data Security Management & Operations, Vulnerability Scanning, Certification and Accreditation (A&A), Project Management, NIST 800 - 53 Rev1 and rev4 and NIST SP 800-37 rev 1, 800-18, 800-53A rev4 and 800-34,FIPS, FISMA Security Content Automation Protocol, NIST Family of Security Control, FedRAMP Security Assessment Framework, POA&M, Incident and Contingency Planning. Worked in different capacities as Information Systems Security Officer, Security Control Assessor and Third party Risk Analyst. Adaptable and transformational leader with ability to work individually or as a team player in achieving organizational goals.PROFESSIONAL EXPERIENCEInformation System Security Officer ISSO, Cyberrisk Beyond Solutions, AL (September 2021 to Present)Support the Client on Systems Re-Authorization efforts and Security Authorization Processes, and best practices in accordance with NIST 800-37, 800-53.Documenting and reviewing System Security Plan (SSP), Risk Acceptance Memorandum (RA), Security Assessment Plan, Requirements Traceability Matrix (RTM), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO).Work with Certification and Accreditation team; perform risk assessment; update System Security Plan (SSP), contingency plan (CP), Privacy Impact Assessment (PIA), and Plan of Actions and Milestones (POA&M).Develop Plan of Action & Milestones (POA&M) document to take corrective actions.Supporting client with POA&M remediation effortsReviewing of security and privacy compliance aspects of Cloud Customer contracts and inquiriesReviewing and updating ATO package documents such as SSP, POA&M, IR, MOU, ISA, SAP, DRP, BIA, PTA, RA, ISCP, CPTProvide information security matter expertise to technology teams and projects within a cloud environment (including AWS, Azure, Google etc.).Reviewing cloud security control documentation.Reviewing STIGs and follow-up activities with respect to identified vulnerabilities/findings, maintaining proper reports and logs of resolution.Performed assessment of controls on Information Systems by conducting the Security Control Assessment meeting (SCA) Kick-off Meeting and populate the Requirements Traceability Matrix (RTM), interviewing and testing methods using NIST SP 800-53A as a guide.Reviewed System Security Plan (SSP), Security Assessment Plan, Requirements Traceability Matrix (RTM), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO) as part of conducting an assessment.Performed data gathering techniques (e.g., questionnaires and document reviews) in preparation for assemblingSupported client in creating memos for POA&M that past schedule completion date (SCD).Ensured that security controls testing, and evaluations are completed and documented.Assessed changes in the system, its environment, and operational needs that could affect the accreditation.Supported and guided through the phases of FISMA A&A, including monitoring of the A&A artifacts compliance, annual control-assessment (NIST SP 800-53A guidelines).Assessed program and security controls using Organization IT Security Policy, procedures and NIST Special Publications to provide information necessary to determine their overall effectiveness.Reviewed internal security and compliance IT security policies and ensured compliance with scheduled testing, reviews, re-testing, and corrections.Reviewed vulnerability/ Nessus scanning reports.Security Control Assessor, New Horizon Security Services, TX (June 2016 to August 2021)Assisted client with ST&E and documented policy compliance throughout the system Development Life Cycle (SDLC)Created templates, performed research, develop documentation, advise on techniques for mitigating POA&M and program action items.Assisted in execution of Plan of Action and Milestones (POA&M) and mitigation items, security technology evaluations, cloud security integration efforts, and advise the client on ad hoc cybersecurity issues.Assisted in development of new intellectual capital.Worked with senior leadership in business development activities and proposed technical approach section development.Performed Security Impact Analysis (SIA) as per NIST 800-128 guidance.Followed the Risk Appropriate Verification and Evaluation (RAVE) Timeline to implement the assessment process and leading my assessment team in executing the process.Lead in Coordinating and Conducting Kick-Off Meetings and Assessment Interviews using the necessary tools to ensure compliance with Energy Information Technology Services (EITS) and NIST SP 800-53.Supported FISMA and NIST based ATO processes for the enterprise infrastructure.Assisted in technical audit activity to ensure compliance with security policies and other industry standards (e.g. RMF / FedRamp).Requested and reviewed artifacts; and coordinated completion of the documentation evaluations.Created, Compiled and Completed Authorization Packages which include the System Security Plans (SSP), Security Assessment Reports (SAR), Risk Assessment Report (RAR), and Standard of Operations (SOP).Vendor Risk Analyst, Baylor Scott and White Hospital, TX (July 2012 to May 2016)Conducts comprehensive risk assessments of new and existing vendors, evaluating factors such as financial stability, regulatory compliance, security protocols and data privacy practices.Implements and supports processes for ongoing monitoring of vendor activities and performance, identifying potential risks and implementing mitigation strategies as needed.Collaborates with cross-functional teams to develop and update vendor risk management policies, procedures, and standards in alignment with industry best practice and regulatory requirements.Conducts due diligence reviews of potential vendors, assessing their capabilities, reputation, and adherence to contractual obligations.Cultivates positive and collaborative relationships with vendors, serving as a point of contact for risk-related inquiries and facilitating regular communications.Monitors vendor compliance with contractual and regulatory requirements, escalating issues as necessary and coordinating remediation efforts as needed.Prepares and maintains accurate records of vendor risk assessments, findings, and remediation activities, generating regular reports for senior management and regulatory authorities as required.Conduct risk assessments of new and existing third parties, evaluating and identifying potential risk factors related to information security, data privacy, regulatory compliance, business resiliency, operational resilience, and other relevant areas and compliance with regulatory requirements.Implements action plans to address identified risks and vulnerabilities associated with third party relationships and enhance the overall risk posture of the organization. This includes working closely with third parties to remediate issues and enhance their risk posture.Identify, monitor, and track third party risk indicators, including incidents and issues requirement remediation, assess the ongoing risk exposure and potential impacts.Collaborate with internal subject matter experts to ensure due diligence questionnaires are reviewed in a timely manner.Conduct ongoing monitoring, periodic reviews, and audits of third parties to verify compliance with contractual requirements, security standards, and regulatory obligations; work to identify opportunities for process improvements and cost efficiencies.Manage third party's lifecycle from onboarding to offboarding, ensuring adherence to contractual terms, service level agreements (SLAs), and performance metrics.Establish and maintain strong relationships with third parties and internal stakeholders.Identify inherent risks associated with outsourcing business processes to third parties.SUMMARY OF QULIFICATIONSExperience with NIST 800 series to include but not limited to NIST SPs 800-60,800-53/53A, 800-18,800-30,800-137 and FIPPS 199 and FIPPS 200, FISMA guidelines.Experience in the performance of risk assessment and risk management to ensure compliance to FISMA requirements.Adept in the development of System Security Plans (SSP), Security Assessment Report (SAR), Disaster Recovery Plans, Incident Response Plans, and Configuration ManagementAssess policy needs to govern IT activities.Plans, System Security Checklists, Privacy Impact Assessments, Security Plan of Action and Milestones (POA&M)Experienced with Performing Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders.Experienced with reviewing and ensuring Privacy Impact Assessment (PIA) document after a positive PTA is created.Experienced with identifying and communicating security exposures and information security incidents.Experienced with working face-to-face with multiple stakeholders, interviewing, planning, and participating in a team effort to bring multiple complex projects to execution in a highly motivated environment.Experience in conducting updates to system security plan (SSP), developing system assessment report (SAR) and documentation of assessment results by creation of requirement traceability matrix (RTM).EDUCATION AND CERTIFICATIONSBachelor of Science, Management Information System Faulkner University, Montgomery, Alabama.Information Technology CertificationCompTIA Security +Certified Information System Auditor (CISA) |
