| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Providence, RI-Email me at: EMAIL AVAILABLEA detailed Cybersecurity Analyst with over 5 years experience in Information Systems Technology and over with 3 years of experience and expertise in Cybersecurity, implementing all phases in the Risk Management Framework(RMF) from the Categorization through Continuous Monitoring phases, security engineering, vulnerability scans, security evaluations, risk analysis, and security controls assessments with systems ranging from small networks to wide enterprise systems. Additionally, also preparing and implementing Information Security policies, System Security Plan (SSP), Plan of Actions and Milestones (POA&M). Experience in Management and Operations, Certification and Accreditation (A&A), NIST 800-53 Rev4 and NIST SP 800-37 rev 2, 800-18, 800-53 Rev4,800-34, FIPS, NIST Family of Security Controls, Incident Response and Contingency Planning. Highly knowledgeable in the performance of Security Control Assessment (SCA), operational and technical security controls for audited applications and information systems. Dedicated professional with an excellent work ethic. Experienced in a range of technologies with the ability to learn quickly and adapt to new environments.Work ExperienceInformation Systems Security Officer (ISSO)Micdenlak IT Consult LLC, Virginia, USAMay 2023 PresentRisk Management Framework (RMF) assessments and Continuous Monitoring. Performed RMF assessment on several different environmentsAssessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.Experienced with developing and updating system categorization levels using FIPS 199/NIST 800-60, selecting the controls using NIST 800-53/FIPS 200, implementing controls and developing SSP and other key deliverable documents.Utilize processes within the Security Assessment and Authorization environment such as system security categorization, development of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring.Conduct ISSO responsibilities to include the approval of change request, review of audit logs, review of system accounts, and analysis of vulnerability scansCommunicate with management of new security, regulations, or policies and monitor NIST guidance for upgrades that may affect ongoing system management.Provide input to management on appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major applications.Support the execution of the development of program required security documentation, including items such as security plans, contingency plans, and security tests plans and procedures in compliance with policyDocument and review System Security Plan (SSP), Security Assessment Report (SAR) and Plan of Action and Milestones (POA&M)Update and track the remediation of security weaknesses and vulnerabilities as documented in the POA&M.Worked with team to tailor security controls following NIST guidelines and company policiesUpdated SSP with implementation details, as part of continuous monitoring and in preparation for ATO.Performed data gathering techniques (e.g. Questionnaires, interviews and document reviews) in preparation for assembling C&A/A&A packages and ATO.Support the Security Assessment and Authorization (SA&A), FISMA compliance, NIST requirements and continuous monitoring for Security ControlsSupport the development and documentation of Contingency Plans (CP), Disaster Recover (DR) Plans and Continuity of Operations (COOP) PlansServe as the IT security POC for assigned systems to ensure information systems comply with applicable policies.Develop, maintain, and communicate consolidated risk management activities and deliverables calendar.Security Control AssessorMetLife, Inc.March 2022 May 2023Prepare artifact request lists to collect artifacts to validate control implementationReview ATO package documents like SSP and POAMS prior to assessment for compliance, completeness, and accuracy and to recommend remediation of any preliminary findings.Prepare Security Assessment Plan (SAP) to document controls to be assessed, the assessment schedule, assessment methodologies and other assessment details and requirements.Facilitate kick-off meetings with system stakeholders to get more information about the system, discuss the assessment plan, and give clarifications on the assessment process.Review control implementation, control inheritance, tailored controls, and organizationally defined parameters using NIST 800-53 A rev 4 and policy documents as a guide.Validate information system security plans to ensure NIST security control requirements are met.Collect and document artifacts and evidence to support security control implementation and the effectiveness of these controls with respect to securing the information systems.Collect and Upload supporting assessment documentation on a share point siteAssess and evaluate system compliance with Departmental policies and NIST guidelines by reviewing policies and the security controls documented in the System Security Plan (SSP).Document initial assessment findings in test plans and final assessment results in Security Assessment Report (SAR)Analyze weaknesses or deficiencies discovered during assessments and develop security assessment reports (SAR) to document the results of the security control assessment and recommendations for correcting any weaknesses or deficiencies in the control implementationConduct final review meetings with system stakeholders to discuss the draft SAR and ensure stakeholders understand the required remediation or the weaknesses uncovered during the assessmentTrack, update team schedule and send reminders to team members about dates for key deliverablesParticipate in weekly team meetings to obtain updates and present status reports on ongoing projectsWork with teams to review remediation and closure of POAMs Internal AuditorMetLife, Inc., 700 Quaker Lane, Warwick RIMarch 2018 March 2022Support the planning, testing, and reporting of internal controls to the companys quarterly and annual plan on the effectiveness of internal controls over financial reportingPerform audit assignments to ensure that all business risks are anticipated, identified, recognized and appropriately managed in alignment with the departmental audit plan and initiativeExecute testing of controls as defined by the test program to verify, analyze and validate informationDevelop process workflows to identify risk and control points through process mapping of business processesCreate clear and accurate documentation of workpapers based on control soundness in testing results and exceptions to validate adequacy and complianceAssist in the support of SOX deliverables and conduct external audit direct- assisted workCommunicate timely and appropriately with audit team and identified stakeholders through audit lifecycleAccounts Payable Accountant/CoordinatorCVS Health, 700 Quaker Lane, Warwick RIMay 2017 March 2018Researching, analyzing and resolving supplier merchandise disputes related to payment variances, chargebacks and inventory discrepancies for resaleResolving supplier payment issues as well as processing of open invoicesMatching of invoices and credits to payments and deductions in vendor open balanceHandling high volume workload while maintaining accuracy in working closely with suppliers in addressing additional accounts payable requestsWorking independently and in a team environment with others internal to Accounts Payable and outside of APCommunicating with different departments in relation with merchandise returns, warehouse delivery, and prioritizing accounts paying in shorter time intervals with larger sumsEducationBachelor of Science in Business Administration, University of Rhode Island, Kingston, RI - May 2016Major: Accounting Minor: WritingSkillsComputer NetworkingInternal Control Planning and ExecutionRisk Analysis and ManagementProcess Workflow DevelopmentSystem SecurityPlan of Action and Monitoring (POA&M) ManagementControl Compliance and ExecutionSystem Security PlansSecurity Control AssessmentInformation SecurityEnterprise SoftwareNIST StandardsRisk ManagementTechnical writingCybersecurityVulnerability AssessmentCertificates and LicensesCertified Information Security Manager (CISM) |
