Candidate Information Name Available: Register for Free Title System Security Controls Target Location US-MD-Hagerstown Email Available with paid plan Phone Available with paid plan	20,000+ Fresh Resumes Monthly     View Phone Numbers     Receive Resume E-mail Alerts     Post Jobs Free     Link your Free Jobs Page     ... and much more Register on Jobvertise Free
Search 2 million Resumes Keywords: City or Zip:	Related Resumes

Candidate's Name
Hagerstown MD, Street Address
PHONE NUMBER AVAILABLEEMAIL AVAILABLEHagerstown MD, Street Address
PROFESSIONAL SUMMARYI am a Cybersecurity Professional with 5+ years of experience with a comprehensive knowledge in FISMA, Compliance, SOX 404 compliance, Security Assessment & Authorization (SA&A), Risk Management, Developing and Reviewing Assessment Report as well as IT Security Policies, Procedures and Guidelines. I am fluent in English, Possess strong written and verbal communication skills, Managerial skills and the ability to effectively work in a diverse and multicultural environment with the desire to make an impact in a motivational environment.SUMMARY OF QUALIFICATIONSDevelop Certification and Accreditation documentation in compliance with NIST and organizational standards.Develop, review, and evaluate System Security Plans (SSP) and Information System Contingency Plans (ISCP) based on NIST Special Publications.Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems.Develop and conduct Security Test and Evaluation (ST&E) according to NIST SP 800-53ACompile data to complete Residual Risk Report and to insert contents into the POA&M.Ability to multi-task, work independently and as part of a team.Strong analytical and quantitative skills.Effective interpersonal and verbal/written communication skills.Identify deficiencies in accordance with OMB Circular A-123, Appendix A.CERTIFICATIONSCertified Diploma in completion of Cybersecurity CompTIA+Srum Master CertificationCertified Diploma in completion of CAP  In progressEDUCATIONBachelor of Science in NursingPROFESSIONAL EXPERIENCEAdvancing Opportunity Inc. April 2018-PresentSecurity Controls AssessorPlanned and conducted security control assessments (full and annual) to validate and identify control weakness.Assisted in preparing and reviewing security documents to include System Security Plans (SSPs), Risk Assessment Reports (RAR), and other Assessment & Authorization (A&A) artifacts.Lead in researching and addressing information security issues as required, and developed and maintained the Plan of Action and Milestones (POA&M) and support remediation activitiesConducted pre-assessment preparationSelected and identified security control inheritabilities (common, hydrate, system specific).Performed continuous monitoring of security controls to ensure control adequacy and results.Advised system owners on matters related to privacy and IT security.Conduct IT control risk assessment to identify system threats, vulnerabilities, and risk, generate reports.Develop and conduct Security Test and Evaluation (ST&E) according to NIST SP 800-53A.Develop a security baseline controls and test plan that was used to assess implemented security controls.Develop System Security Plan (SSP) to provide an overview of the system security requirements and describe the controls in place.Develop Security Assessment Report (SAR) detailing the results of the assessment along with the Plan of Action and Milestone (POA&M).Create standard templates for required security assessment and authorization documents; Risk Assessment (RA), system Security Plan (SSP), Contingency Plan (CP), and Security Plan (SP).Involve in third party contract evaluation, Review information security accreditation request.Conduct periodic IT Risk Assessment and Reviewed IA controls for any deficiencies and reported to the ISSO appropriate mitigation actions.Conduct Business Impact Analysis (BIA) to identify high risk area where audit effort will be allocated to.MercuryGate International January 2016-April 2018Information Security AnalystConduct kick off meetings to categorize systems in accordance with NIST requirements of a Low, Moderate or High system using FIPS 199 and SP 800-60.Conduct IT risk assessment to identify threats and vulnerabilities.Assist System Owners and ISSO in preparing Certification and Accreditation package in accordance with FISMA and FedRAMP compliance.Draft and review Privacy Threshold (PTA) and Privacy Impact Analysis (PIA) of systems and applications collecting and processing Personal Identifiable Information (PII).Develop review and evaluate the System Security Plan (SSP), Security Assessment Report (SAR) and the POA&Ms based on organizational policy and NIST special publications.Conduct Annual Assessments to determine security controls adequacy (NIST SP 800-53A).Created standard templates for required security assessment and authorization documents, including risk assessment. Security Plans, Security Assessment Reports, Contingency Plans, and Security Authorization Packages.Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Analysis (PIA), System Security test and Evaluation (ST&E) and the Plan of Action and Milestones (POA&M).Work with multiple Cloud Service Providers (CSP) and System Owners to determine the right CSP and Service Models (IaaS, PaaS, SaaS) adequate and tailorable to an IT environment.