MARIAMA HAMA
***** * **** ****** ** Clarksburg Maryland,20871 ·
Telephone: 215-***-****
Email: adhdme@r.postjobfree.com
OBJECTIVES
Seeking an Information System Auditor or Information Assurance position in a growth-oriented organization with focus on FISMA, Sarbanes-Oxley 404, system security monitoring and auditing; risk assessments; audit engagements, testing information technology controls and developing security policies, procedures and guidelines
SUMMARY OF QUALIFICATIONS
I have over (7) years of experience in information security IT audit industry.
I am specialized in areas such as Cyber security, Information Assurance (IA), Certification and Accreditation (C&A), Risk Management, Authentication & Access Control, System Monitoring, Regulatory Compliance, Physical and environmental security, ISO-27001 Shared Assessment, PCIDSS, HIPAA HITECH HITRUST. I also possess a strong interpersonal skill, excellent in relation building and developing strategic partnership. I am an expert in compliance and Security policy development, procedures, and guidelines. I am highly adaptive and have superior analytical and organizational skills as well as familiar with a wide variety of operating systems and network devices. I am a fast learner, ability to multi-task, can also work independently and as a contributing team member. I have a strong verbal/written communication skills and Technical Writing skills.
STANDARDS
NIST 800-53, FIPS, STIG, FISMA, FISCAM, COSO/COBIT, Sarbanes-Oxley Act, SAS-70/SSAE 16, ITIL, ISO 27001, Privacy Act of 1974,Gramm–Leach–Bliley Act (GLB),Certification and Accreditation, Change Management, OMB Circular A-130 Appendix III,
Competent Skills
Risk Assessment
System Monitoring & Regulations Compliance
IT Auditing
Network & System Security
Authentication and Access Control
Teamwork
Platform/Artifacts: FIPS 199, SORN, E-Authentication, PTA, PIA, RA, SSP, CP, ST&E, SAR, POA&M, ATO
Software: Windows Platform & MS Office Suite (Ex.: PowerPoint, SharePoint, Excel, etc.)
EXPERIENCE
IT Security Analyst Cyber Elites Technologies-Washington-DC (2017 -present)
Conducted a kick-off meeting to categorize systems according to NIST requirements of Low, Moderate or High system
Developed a security baseline controls and test plan that was used to assess implemented security controls
Conducted a security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented. A Security Assessment Report (SAR) was developed detailing the results of the assessment along with plan of action and milestones (POA&M)
Assisted in the development of rules of engagement documentation to facilitate the scanning of agency network, applications, and databases for vulnerabilities
Developed a risk assessment report. This report identified threats and vulnerabilities applicable to the system. In addition
Assisted in the development of an Information Security Continuous Monitoring Strategy to help agency in maintaining an ongoing awareness of information security (Ensure continued effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions
Led in the development of Privacy Threshold Analysis (PTA), and Privacy Impact Analysis (PIA) by working closely with the Information System Security Officers (ISSOs), the System Owner, the Information Owners, and the Privacy Act Officer
Developed an E-Authentication report to provide technical guidance in the implementation of electronic authentication (e-authentication)
Developed a system security plan to provide an overview of federal information system security requirements and describe the controls in place or planned by agencies to meet those requirements
InfoSec Compliance Analyst, M3USA (Contract) Fort Washington, Philadelphia PA (Feb, 2016-Dec, 2016)
Assist in Regulatory Security Risk Assessments.
Performed risk assessments, security requirements analysis, and security testing.
Develop Risk Assessment Reports that identifies threats and vulnerabilities and evaluate the likelihood that the vulnerabilities can be exploited. I assessed the impact associated with these threats and vulnerabilities and identified the overall risk.
Conducted Walkthroughs, Test plans, Test results and develop remediation plans for each area of testing.
Worked with the IT team to gather evidence, develop Test Plans, Testing Procedures, and document test results.
Performed Third Party Risk Assessment to assess the effectiveness of vendor’s controls against the HIPAA, HITECH, ISO 27001 and meaningfully used requirements through the use of GRC tool.
Created assessment reports and track remediation activities.
Monitored all in-place security solutions for efficient and appropriate operations.
Assisted with the documentation of policies, standards, and operational processes.
Kept up-to-date on related regulations and industry best practices.
Jr. Information Security Analyst: (2013- 2015)-Emirates Airlines- (DUBAI- UAE)
Worked closely with a team to analyze and assess cyber security vulnerabilities across the network
Coordinated, evaluated, and summarized security incidents as they unfold
Proposed, implemented, and managed IT security policies and procedures
Investigated and recommend tools and countermeasures for ongoing and evolving cyber security threats
Monitored computer networks for security issues and respond accordingly, including
Install security measures and recommend software to protect systems and information infrastructure, including firewalls and data encryption programs
Identify and fix detected vulnerabilities to maintain a high-security standard
Developed best practices for Cyber-security
Took corrective actions to stop and mitigate the impact of the threats.
Researched security enhancements and made recommendations to management for improvement
Took part in any security-oriented projects or critical initiatives
Detected security threats and continuously improved them
Identified and mitigate network vulnerabilities and explained how to avoid them
Call Center Representative (IT support) (2006-2012)-Emirates Airlines- (DUBAI- UAE)
Responded to requests for technical assistance in person, via phone, or electronically in a timely manner.
Diagnosed and resolved technical software issues assigned to them.
Researched solutions using available information resources.
Advised user on appropriate action, sometimes education of user is required
Logged all service desk interactions and document issue resolution using the ITSM system.
Identified and effectively prioritized situations requiring urgent attention.
Tracked and routed problems and requests and document resolutions.
Stay current with system information, changes, and updates.
Maintained excellent communication with all end users and other members of the technology department.
Installed and supported user applications.
CERTIFICATIONS
Actively working to become Certified Authorization Professional (CAP)
Actively working to become CompTIA Security+
EDUCATION
Bachelor of Science: Business Administration
University of the People (Pasadena, California. (United States of America) 2018-2022)
Higher National Diploma Science Laboratory Technology
Accra Polytechnic. 1996-1999.
References to be provided upon request