MARIAMA HAMA

***** * **** ****** ** Clarksburg Maryland,20871 ·

Telephone: 215-***-****

Email: adhdme@r.postjobfree.com

OBJECTIVES

Seeking an Information System Auditor or Information Assurance position in a growth-oriented organization with focus on FISMA, Sarbanes-Oxley 404, system security monitoring and auditing; risk assessments; audit engagements, testing information technology controls and developing security policies, procedures and guidelines

SUMMARY OF QUALIFICATIONS

I have over (7) years of experience in information security IT audit industry.

I am specialized in areas such as Cyber security, Information Assurance (IA), Certification and Accreditation (C&A), Risk Management, Authentication & Access Control, System Monitoring, Regulatory Compliance, Physical and environmental security, ISO-27001 Shared Assessment, PCIDSS, HIPAA HITECH HITRUST. I also possess a strong interpersonal skill, excellent in relation building and developing strategic partnership. I am an expert in compliance and Security policy development, procedures, and guidelines. I am highly adaptive and have superior analytical and organizational skills as well as familiar with a wide variety of operating systems and network devices. I am a fast learner, ability to multi-task, can also work independently and as a contributing team member. I have a strong verbal/written communication skills and Technical Writing skills.

STANDARDS

NIST 800-53, FIPS, STIG, FISMA, FISCAM, COSO/COBIT, Sarbanes-Oxley Act, SAS-70/SSAE 16, ITIL, ISO 27001, Privacy Act of 1974,Gramm–Leach–Bliley Act (GLB),Certification and Accreditation, Change Management, OMB Circular A-130 Appendix III,

Competent Skills

Risk Assessment

System Monitoring & Regulations Compliance

IT Auditing

Network & System Security

Authentication and Access Control

Teamwork

Platform/Artifacts: FIPS 199, SORN, E-Authentication, PTA, PIA, RA, SSP, CP, ST&E, SAR, POA&M, ATO

Software: Windows Platform & MS Office Suite (Ex.: PowerPoint, SharePoint, Excel, etc.)

EXPERIENCE

IT Security Analyst Cyber Elites Technologies-Washington-DC (2017 -present)

Conducted a kick-off meeting to categorize systems according to NIST requirements of Low, Moderate or High system

Developed a security baseline controls and test plan that was used to assess implemented security controls

Conducted a security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented. A Security Assessment Report (SAR) was developed detailing the results of the assessment along with plan of action and milestones (POA&M)

Assisted in the development of rules of engagement documentation to facilitate the scanning of agency network, applications, and databases for vulnerabilities

Developed a risk assessment report. This report identified threats and vulnerabilities applicable to the system. In addition

Assisted in the development of an Information Security Continuous Monitoring Strategy to help agency in maintaining an ongoing awareness of information security (Ensure continued effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions

Led in the development of Privacy Threshold Analysis (PTA), and Privacy Impact Analysis (PIA) by working closely with the Information System Security Officers (ISSOs), the System Owner, the Information Owners, and the Privacy Act Officer

Developed an E-Authentication report to provide technical guidance in the implementation of electronic authentication (e-authentication)

Developed a system security plan to provide an overview of federal information system security requirements and describe the controls in place or planned by agencies to meet those requirements

InfoSec Compliance Analyst, M3USA (Contract) Fort Washington, Philadelphia PA (Feb, 2016-Dec, 2016)

Assist in Regulatory Security Risk Assessments.

Performed risk assessments, security requirements analysis, and security testing.

Develop Risk Assessment Reports that identifies threats and vulnerabilities and evaluate the likelihood that the vulnerabilities can be exploited. I assessed the impact associated with these threats and vulnerabilities and identified the overall risk.

Conducted Walkthroughs, Test plans, Test results and develop remediation plans for each area of testing.

Worked with the IT team to gather evidence, develop Test Plans, Testing Procedures, and document test results.

Performed Third Party Risk Assessment to assess the effectiveness of vendor’s controls against the HIPAA, HITECH, ISO 27001 and meaningfully used requirements through the use of GRC tool.

Created assessment reports and track remediation activities.

Monitored all in-place security solutions for efficient and appropriate operations.

Assisted with the documentation of policies, standards, and operational processes.

Kept up-to-date on related regulations and industry best practices.

Jr. Information Security Analyst: (2013- 2015)-Emirates Airlines- (DUBAI- UAE)

Worked closely with a team to analyze and assess cyber security vulnerabilities across the network

Coordinated, evaluated, and summarized security incidents as they unfold

Proposed, implemented, and managed IT security policies and procedures

Investigated and recommend tools and countermeasures for ongoing and evolving cyber security threats

Monitored computer networks for security issues and respond accordingly, including

Install security measures and recommend software to protect systems and information infrastructure, including firewalls and data encryption programs

Identify and fix detected vulnerabilities to maintain a high-security standard

Developed best practices for Cyber-security

Took corrective actions to stop and mitigate the impact of the threats.

Researched security enhancements and made recommendations to management for improvement

Took part in any security-oriented projects or critical initiatives

Detected security threats and continuously improved them

Identified and mitigate network vulnerabilities and explained how to avoid them

Call Center Representative (IT support) (2006-2012)-Emirates Airlines- (DUBAI- UAE)

Responded to requests for technical assistance in person, via phone, or electronically in a timely manner.

Diagnosed and resolved technical software issues assigned to them.

Researched solutions using available information resources.

Advised user on appropriate action, sometimes education of user is required

Logged all service desk interactions and document issue resolution using the ITSM system.

Identified and effectively prioritized situations requiring urgent attention.

Tracked and routed problems and requests and document resolutions.

Stay current with system information, changes, and updates.

Maintained excellent communication with all end users and other members of the technology department.

Installed and supported user applications.

CERTIFICATIONS

Actively working to become Certified Authorization Professional (CAP)

Actively working to become CompTIA Security+

EDUCATION

Bachelor of Science: Business Administration

University of the People (Pasadena, California. (United States of America) 2018-2022)

Higher National Diploma Science Laboratory Technology

Accra Polytechnic. 1996-1999.

References to be provided upon request

Contact this candidate