| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateElsa S. BoncoungouPHONE NUMBER AVAILABLE EMAIL AVAILABLEProfessional Summary Highly experienced Security Control Assessor with over 7 years of expertise in implementing, evaluating, and managing security controls in compliance with NIST standards and frameworks. Adept at conducting thorough risk assessments, assessment and authorization (A&A), developing comprehensive security plans, and performing rigorous audits to ensure adherence to NIST SP 800-53, NIST SP 800-37, and other relevant guidelines. Proven ability to collaborate with cross-functional teams to enhance organizational security posture, mitigate risks, and ensure compliance with federal and industry-specific regulations. Strong analytical skills, attention to detail, and a commitment to maintaining the highest information security and risk management standards.Certifications and Training ISC2 Certified in Governance Risk and Compliance (CGRC) CompTIA Advanced Security Practitioner (CASP+) CE Certification CompTIA CySA+ ce Certification CompTIA Security+ Professional Cloud Architect Professional Cloud Architect FedRAMP Cloud trainingSKILLS AND COMPETENCIESMicrosoft Office Suite (Word, Excel, PowerPoint)Comprehensive risk management framework (RMF) implementationMicrosoft SharePointFederal Information Security Management Act (FISMA)Expert knowledge of NIST standards, including SP 800-53, SP 800-37, SP 800-30, and SP 800-171Developing and maintaining system security plans (SSPs)Excellent communication and documentation skillsSoftware Development Life Cycle (SDLC)Windows Operating systemTenable Nessus Security CenterQualys Vulnerability ManagementSecurity Controls AssessmentConducting security control assessments (SCAs) and auditsPreparing assessment reports and remediation plansUser Behavior Analytics (UBA)Data Loss Prevention (DLP)SIEM Platforms: Splunk, IBM QRadarEndpoint Detection and Response (EDR): CrowdStrike FalconIncident Response PlanningPolicy Development and ComplianceTraining and AwarenessPROFESSIONAL EXPERIENCESecurity Control AssessorCyberFirst Solutions LLC, Columbia, Maryland May 2021 to Present Scheduling and attending kickoff meetings with clients to understand systems and prepare for assessment. Requesting documentation from clients such as configuration management plan, account management plan, disaster recovery plan etc.) Collaborate with stakeholders for pre- and post-Assessment and Authorization (A&A) activities. Categorizing information systems, determining and assigning the highest watermark. Selecting security controls, identifying common controls and applying tailoring. Providing guidance to clients on implementing security controls. Reviewing security controls implementation descriptions. Assessing security controls by testing, interviewing, examining, and observing based on NIST 800-53a. Developing a Security Assessment Report (SAR) and Plan of Action and Milestones (POA&M). Reviewing artifacts and providing feedback to clients on how to remediate findings. Performing vulnerability scanning with Nessus Security Center and providing vulnerability report to client. Preparing security Authorization Package for Authorizing Officials to make a risk-based decision for granting ATOs. Developing an Information Security Continuous Monitoring (ISCM) plan to monitor controls post ATO. Working with ISSO to review Privacy threshold analysis (PTA) and Privacy Impact Assessment (PIA). Prepare security, privacy, and supply chain assessment reports containing the results and findings from the assessment. Conduct security control assessments that include validations documentation review, implementation statements, the component implication of security controls, configurations (CISA, STIG, etc.) of General Support System, public-facing internet, employee intranet, and applications for tracking foreign travel, visa/passport usage, grants spending, and ad hoc administrative requests. Insider Threat Analysis Third Party Vendor Projects CyberFirst Solutions LLC, Columbia, Maryland- Cypher24 Austin Tx 6 Years- Monitored and analyzed user activities using SIEM and UBA tools to detect and investigate insider threats.- Conducted forensic analysis of digital evidence and provided actionable insights to mitigate risks.- Collaborated with cross-functional teams to develop and implement incident response plans, reducing incident response time by 20%.- Implemented data access controls and policy improvements resulting in a 15% reduction in insider threat incidents.Information Security AnalystFATIMA AND SON CONSULTING, Columbia, Maryland Jan 2017 to May 2021 Prepare, examine, or analyze accounting records, financial statements, or other financial reports to assess accuracy, completeness, and conformance to reporting and procedural standards. Managed and maintained accounts payable listing and general ledger as well as the printing and distributing of monthly financial reports and/or documents for review and analysis. Handled the acquisition and verification of invoices and requisitions for goods and services. Evaluated transactions to comply with financial policies and procedures enforced by the company. Administered the preparation of invoice batches for data entry along with entering invoices for payment, managing weekly check runs, handling vendor checks for mailing, and listing all vendor checks in the logbook. Serve on a team of information security professionals in the development of security policies, procedures, and security certification & accreditation (A&A) packages for a variety of commercial and government activities worldwide Developing and conducting A&A according to NIST SP 800-53A and OMB Circular A-130 Participate in the planning, execution, and reporting on the effectiveness of the security controls adopted for the information on the system. Conduct meetings with the IT team to gather evidence and create documentation about their control environment to plan for security assessments Review vulnerability scan, audit, and risk assessment reports Review the System Security Plan (SSP) to scope/ frame the assessment engagement and to reflect any changes in the system post-assessment as well as during continuous monitoring Review the System Plan of Action and Milestones (POA&M) in order to support remediation efforts and ensure that vulnerabilities are tracked and remediated within the proper SLA. Support remediation efforts for findings noted on the Security Assessment Report (SAR), by noting and closing low-hanging fruit, reassessing security controls, updating recommendations, etc. Establish Continuous Monitoring for each system (Vulnerability Scanning and Testing Controls) Use Continuous Monitoring results to iteratively scope and tailor security controls based on Risk levels and Business Mission/ goals for the assessment project. Information System Security Officer PULTE LLC, Columbia, Maryland Jan 2012 to Jan 2017 Engage key stakeholders in categorizing information systems that need to undergo a full Security Assessment and Authorization (SA&A) process. Interview key personnel to document the implementation statements for security controls. Risk Management Framework (RMF) assessments and Continuous Monitoring: Performed RMF assessment on several different environments using both scanning tools and manual assessment. Determine security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements). Ensure customers are in compliance with security policies and procedures following NIST 800 53 and NIST 800-53A. Created documents for FEDRAMP A&A process to retrieve ATO through GSAUsed NIST SP 800-53 to review SSP, SAR and SAP templates for cloud systems. EDUCATIONBurkina Faso Community CollegeBachelor Degree in Mass Media CommunicationAustin Community CollegeAssociate of Applied Science, Local Area Network Systems -LAN Security Administration - 2019 - May 2022.Austin Community CollegeBachelor Degree in Cybersecurity - Still attending References: Available Upon Request |
