* * * *

e

Roberta P. Odige

PROFESSIONAL SUMMARY

***** ***** ****** *****,

Silver Spring, MD 20906

(P): 202-***-****

Email: ad1umq@r.postjobfree.com

* ***** **********, *** *******-driven Information Security Analyst with expertise in risk management framework (RMF), FISMA compliance, FEDRAMP for cloud systems, systems development life cycle (SDLC), and security controls Assessment, risk management, and vulnerabilities management of a wide range of vulnerabilities and threats. Well-versed in direct and remote analysis with strong critical thinking communication and people skills. Able to Thrive in fast-paced and challenging environments where accuracy and efficiency matters.

EDUCATION AND CERTIFICATION

University of Maryland Global

Campus:

Bachelors of Cybersecurity in

progress

Obtained Certificate in CompTIA

Security + Secret Clearance

Obtained & Active Able to obtain

Top Secret Clearance

PROFESSIONAL EXPERIENCE

BCPS

Security Control Assessor

November 2018– June 2023

Apply appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53, FIPS 199, FIPS 200, and NIST SP 800-53A R4 Assess security controls and develop security assessment report (SAR) Support A&A activities (Categorize, Selection, Implement, Assessment, Authorize, Monitor) according to the A&A project plan.

Facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities Review authorization documentation for completeness and accuracy for compliance.

Facilitate Security Control Assessment (SCA) and monitor activities.

Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4.

Conduct Kick-Off Meetings with appropriate stakeholders for New upcoming systems.

Ensure cyber security policies are adhered to and that required controls are implemented.

Validated information system security plans to ensure NIST control requirements are met.

Assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements.

Review security logs to ensure compliance with policies and procedures and identifies potential anomalies.

Update and review A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, and POA&M.

Conduct IT risk assessment to identify system threats, vulnerabilities and risk, and generate reports. Maintain, review and update information security system documentations, including System Security Plan

(SSP), Plan of Action & Milestone (POA&M), Risk Assessment (RA), policies and procedures, security control baselines in accordance with NIST guideline and security practices. 2 P a g

e

Collect Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless.

Upload supporting documentations into the SharePoint, Google Docs, and CSAM

Manage & review vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network.

Reviewing, maintaining, and ensuring all assessment and authorization (A&A) documentation is included in the system security package.

DHS

Security Analyst November 2015– November 2018

• Ensure proper system categorization using NIST 800-60 and FIPS 199; implement appropriate security controls for information system based on NIST 800-53 rev 4 and FIPS 200.

• Conduct security assessment interviews to determine the Security posture of the System and to

• Perform kick Off Meetings

• Apply appropriate information security control for Federal Information system based on NIST 800-37 Rev1.

• Facilitate Security Control Assessment (SCA) and monitor activities. Develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company Authorization to Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.

• Reviewing, maintaining, and ensuring all assessment and authorization (A&A) documentation is included in the system security package.

• Perform information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements.

• Work with system owners to develop, test, and train on contingency plans and incident response plans.

• Tests, assess, and document security control effectiveness. Collect evidence, interview personnel, and examine records to evaluate effectiveness of controls.

• Review and update remediation on plan of action and milestones (POA&Ms), in organization’s IACS. Work with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M. COMPUTER & SOFTWARE PROFICIENCIES

Microsoft Office Suite

CSAM

eMASS

Adobe

Qualified Typist (70wpm)

MS Project

FEDRAMP

RMF

Window XP, 7,8, 8.1, 10

References available upon request

Contact this candidate