| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateSandra Kwarteng, MS, Security +, CISATyrone, GA Street Address Phone: PHONE NUMBER AVAILABLE E-Mail: EMAIL AVAILABLESUMMARYA highly motivated and hardworking individual with experience in cyber security, risk, and governance looking for an opportunity where I can add value and support the organizations values and mission.EXPERIENCESOUTHTECH CONSULTING, BALTIMORE MD OCTOBER 2020 Present INFORMATION SECURITY SPECIALISTPrepared security Assessment and Authorization (A&A) packages to ascertain that management, operational, technical and privacy controls adhere to NIST SP 800-53 standards.Coordinated and facilitated a systems Authorization to Operate (ATO) by drafting security and risk assessment reports, recommend Plans of Action and Milestones (POA&M) and/or Risk Based Decisions for the systems Authorizing OfficialPerformed, participated and supported all assessment and authorization (A&A) efforts for systems, networks, and applications requirements. Served as a hands-on SME for ensuring all applications receive Assessment and Authorization(A&A) and maintained an acceptable A&A statusExperienced in system classification and categorization using the RMF, FIPS 199 and NIST SP 800-60 processes to ensure system CIAReviewed and updated the System Security Plan (SSP) using NIST SP 800-18 guidelines.Conducted a kick-off meeting in order to categorize agency's systems according to NIST requirements of Low, Moderate or High, supports client with the administration of IT application systems operations and ensures compliance with Federal security regulations, policies, guidelines, and applicable National Institute of Standards and Technology (NIST) standardsExperienced with translating vulnerability scan results into findings aligned to NIST SP 800-53 Revision 4 security controls and using established templates and processes to communicate threat, vulnerabilities, and risk information to stakeholders in executive management positions in a clear mannerEvaluated threats and vulnerabilities of each system and ensures proper safeguards are in place to protect information systemsVENDOR RISK SPECIALIST OCTOBER 2018 OCTOBER 2020Established best practices for communicating with Vendor ManagersLed a team responsible for assessing and managing portfolio vendor Information Security Risk across the organizationCommunicated vendor management policy and vendor risk management program within the organization.Educated and led Business Owners in accomplishing set goals and responsibilitiesManaged internal tracking of risk assessments and facilitated escalations for outstanding or incomplete Internal Risk Assessments and Vendor Risk AssessmentsFacilitated escalations and signoffs when red flags were identified, and risks acceptedCoordinated executive reporting on compliance with VRM processes.Assisted with the coordination of the vendor due diligence process including risk assessment, financial analysis, and contract management.Assisted Vendor Management personnel with the maintenance of vendor files, program software and related documentation.Assisted with line-of-business communications and tracking of documentation and review requestsConducted periodic third-party risk assessment of vendors and partners that addresses security threat and changes to business processes.HOLY CROSS HOSPITAL, SILVER SPRING MD SEPTEMBER 2015 OCTOBER 2018 GOVERNANCE, RISK, AND COMPLIANCE SPECIALISTExecuted cyber security oversight and technical assessment of customer information systems (IS) and network infrastructure.Performed comprehensive assessment of management, operational, and technical security controls employed with, or inherited by, the IS and determine its overall effectiveness.Collaborated with IT/Network/Facilities Teams to ensure security and complianceSandra Kwarteng, MS, Security +, CISATyrone, GA 30290 Phone: PHONE NUMBER AVAILABLE E-Mail: EMAIL AVAILABLEPerformed compliance reviews of Agency policies, procedures, and assessment reports to ensure NIH complied with FISMA and NIST requirementsWorked to resolve moderately complex issues and seek guidance from management on escalated issuesEvaluated emerging technologies based on security and business requirements within agencyPrepared security Assessment and Authorization (A&A) packages to ensure management, operational, technical and privacy controls adhere to NIST SP 800-53 Rev. 4 standards.Coordinated and facilitated Authorization to Operate (ATO) by drafting security and risk assessment reports, recommend Plans of Action and Milestones (POA&M) and/or Risk Based Decisions for the systems Authorizing OfficialPerformed, participated and supported all assessment and authorization (A&A) efforts for systems, networks, and applications requirements.Served as a hands-on SME to ensure all applications receive Assessment and Authorization(A&A) and maintained an acceptable A&A statusExperienced in system classification and categorization using the RMF, FIPS 199 and NIST SP 800-60 processes to ensure system CIAReviewed and updated the System Security Plan (SSP) using NIST SP 800-18 guidelines. Reviewed scan results, collaborated with system owners, created security documentation, including Security plans, SSPs, SOPs, IRPS, DRPs, and Contingency PlansFacilitated and directed the preparation of RMF Authorization and Assessment (A&A) body of evidence and supporting vulnerability artifacts.Facilitated and ensured documented plans of action and milestones (POA & M's) for system-level findings have suspense dates and are correctly implemented.EDUCATIONWagner CollegeRelevant CourseworkMaster of ScienceOLD DOMINION UNIVERSITYRelevant CourseworkBachelor of ScienceSKILLSSECURITY + CertificationConfidentiality, Integrity, & AvailabilityCertified Information Systems Auditor (CISA)IT Risk ManagementFISMA ComplianceMS Office Suite (Visio, Word, Excel, Access,FIPS 199Outlook, SharePoint, and etc.)NIST SP SeriesContingency PlanningSSAE 18 SOC 1/ SOC 2 AuditsIncident Response PlanningSystem Security PlanProject ManagementHIPAA AuditVendor Risk ManagementSecurity Assessment Report (SAR)Access ManagementPlan of Action & Milestone (POA&M)2 |
