| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name (Credence/CDC)EMAIL AVAILABLE PHONE NUMBER AVAILABLEActive Secret ClearanceExperience SummaryQualifications SummaryOver10 years of cybersecurity and federal experienceOver 3.5 years with CDCCISM certifiedCEH certifiedSpecific skillsets include:Audit readiness and remediationKnowledge of EMASS & CSAMSpecialized in Cybersecurity Risk Management, IT audits, vendor risk assessments using industry recognized standards and frameworks. practical experience with technical guidance issued by organizations such as the Center for Internet Security (CIS), the Defense Information Systems Agency (DISA) NIST 800-5300, NIST-CSF, and FedRAMP. Advanced level skill set in completing activities related to Third Party/ Vendor Risk Assessments as well as the NIST Risk Management Framework (RMF), Cyber Security policies, postures and compliance in accordance with FISMA, NIST, FedRAMP, and OMB directives, guidance and processes.Recent and Relevant ExperienceInformation Systems Auditor-Senior, CDC/Credence- June 2021-September 2024Provided senior-level expertise in Cybersecurity Governance, Risk, and Compliance (GRC), supporting CDC programs and partners in navigating complex GRC requirements.Developed, communicate, and maintain cybersecurity policies, standards, and procedures, ensuring alignment with federal mandates such as FISMA.Facilitated the annual review of cybersecurity policies and oversee the distribution and training on updated procedures.Interpreted regulations and create decision papers to guide CDC's cybersecurity initiatives and ensured compliance across various operational levels.Engaged with stakeholders to respond to Requests for Information (RFIs), Requests for Comments, and data calls pertinent to cybersecurity guidance.Leased with CSPO staff and CDC Program stakeholders to coordinate the documentation, planning, assessment, and mitigation requirements necessary to complete the system Security Assessment and Authorization (SA&A) process, for approximately 700 CDC systems, based upon FISMA requirements using required SA&A management systems and tools such as RSA Archer, Trusted Agent, SharePoint, and ExcelServed as the primary system assessor, the assessor shall design, develop, and implement an assessment and authorization validation process that tests systems and applications to validate implementation and function of security controls for CDC Infrastructure, Platform and Software implementations.Reviewed and update CDC IT system security control assessments and plans (SAP) to reflect accurate system information as part of the System Assessment and Authorization (SA&A) process as well as for required system annual assessments.Conducted reviews and assessments in accordance with the assessment procedures defined in the security assessment plan (SAP)Conducted manual and automated testing on existing and new CDC IT systems to identify system weaknesses and design flaws requiring remediation to reduce potential attack vectors as part of the System Assessment and Authorization (SA&A) process as well as during system annual assessments.Documented the assessment and authorization validation process that tests systems and applications to validate implementation and function of security controls at the infrastructure, platform, and software levels.Documented CDC IT system findings using designated GRC tool(s) such as RSA Archer, Trusted Agent and shall generate, review and update Security Assessment Reports (SAR) and submit reports to the SA&A Team LeadMonitored all CDC IT system compliance and support activities submitted to CSPO SA&A mailboxes, MS SharePoint solutions, or the OCIO Tracking Tool and Enterprise Reporting (OTTER) system for SA&A, Self-Assessments, and Contingency Plan correspondence, ensuring appropriate actions are initiated and recorded based on established timeframes and much more.Reviewed Authorization to Operate (ATO) packages (i.e., SSP, RA, CMP, ISCP, DRP, IRPand PIA) for seven systems and facilities using NIST publications.Worked closely with system owners to oversee the preparation of Comprehensive and Executive Certification & Accreditation (C&A) packages for approval of an Authorization to Operate (ATO); generate, review and update System Security Plans (SSP) against NIST 800-18 and NIST 800-53 requirements.Cybersecurity Analyst, Vectrus Afghanistan- March 2015- March 2020Provided key government US TAAC SOUTH MILITARY) personnel with policy coordination and interpretation support, general information security support, and assisting with the development and implementation of a defensive security program that protects Information systems and documents.Drafted POA&Ms and tracked theses POA&Ms to make sure vulnerabilities were remediated, and the POA&M was closed.Determined how the Taac South Military systems will be impacted if security controls were not implemented.Assisted with defining security objectives and system-level performance requirements.Researched and stayed abreast with tools, techniques, countermeasures, and trends in computer network vulnerabilities.Developed and conducted ST&E (Security Test and Evaluation) per NIST SP 800-53A and perform on-site security testing using vulnerability scanning tools such as Nessus, after which an assessment report is created.Education and CertificationsThe Wayne State University Bachelor of Science Computer ScienceCertified Information Security Manager (CISM)CompTIA Advanced Security Practitioner (CAPS)Certified Ethical Hacker (CEH)CompTIA Security Plus (SEC +)Certified Network Defense Architect (CNDA)CompTIA Server+ |
