Security Analyst Staff Attorney
Resume:
CAROLINE AMALANGA
SECURITY CONTROL ASSESSOR
SEC+, CISSP (IN PROGRESS)
Washington DC Metro Area
E-mail: adqqmy@r.postjobfree.com, Phone: 202-***-****
SUMMARY
Exceptionally talented, knowledgeable, and resourceful professional with more than 5 years of experience in Information Security, cloud computing security, IT Risk management, Security Framework, and project and team management. Experience with NIST, ISO and CIS guidelines, as well as FISMA compliance. An IT professional continuously challenging herself to advance in knowledge and in her career. Ability to work independently, as a contributing team member or team leader in a diverse setting. Capable of multi-tasking while excelling and meeting deadlines. Motivated female professional with extensive legal and compliance background.
SKILLS
SAP, SAR, PTA, PIA, FIPS 199, BIA, SSP, SSPP
Risk Management Framework (RMF)
FEDRAMP
Risk assessment and control assessment
POA&M Management & Oversight
CSAM compliance tool
Implementation & assessment of Security Controls
NIST & FISMA Risk Compliance
Contingency Planning & testing
Active Directory GPO’s, OU’s, users, and computers
Nessus
GRC tools
Splunk
Project planning and completion
FISMA
Awareness & training
WORK HISTORY
Security Control Assessor 02/2019 - Present
DeltaaTech Consulting College Park-Maryland
Schedule kick off meetings with system owners to help define assessment scope, system boundary, information system's categorization and obtain POC’s for gathering artifacts needed in conducting the assessment.
Develop Security Assessment Plan (SAP) and Conduct assessment of targeted security control on various Moderate impact level systems to ensure compliance with NIST SP 800-53A Rev 4.
Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide.
Conduct security control interview meeting and artifact gathering meeting with various stakeholders using assessment methods of interview, examination and testing.
Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and uncovered vulnerabilities.
Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT). Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool such as CSAM.
Request scans and later review scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.
Information Security Analyst 12/2017-02/2019
DeltaaTech Consulting College Park-Maryland
Assisted in implementation of the Risk Management Framework (RMF) in accordance with NIST SP 800-37.
Reviewed security categorization of systems using FIPS 199 & NIST SP 800-60 for technical, operational and management control families, with additional guidance from NIST 800-53 Rev 4 and FIPS 200 to complete control selection.
Reviewed and updated the System Security Plan ( SSP) implementation statements of the respective applicable control to assigned systems to reflect changes in the operating environment by using NIST 800-18.
Assisted in putting together a variety of Security Authorization deliverables including; System Security Plan, Security Assessment Reports, Risk Assessment Plan and POA&M’s.
Assisted in creation and update of Authorization to Operate (ATO) packages. Drafted, finalized, and submitted Privacy Threshold Assessment (PTA), Privacy Impact Analyze (PIA), E-Authentication Assessment, System of Record Notice (SORN) for annual review and recertification.
Continuously monitored security controls effectiveness using NIST SP 800-137 as a guide.
Vendor Risk Analyst 03/2016-10/2017
AXA-INSURANCE Paris-France
Maintained, tracked and reported on third party risks to appropriate organization’s stakeholders.
Conducted periodic audits/assessment for potential and existing suppliers through questionnaires, site visits, and review of other documentation and provided assessment reports to management identifying control gaps and risks.
Acted as remediation analyst to work with vendors and contractors in remediating findings discovered during the onsite/virtual assessment using ISO guidelines.
Performed Vendor risk assessments to identify emerging key risks and reassess current risk profile.
Assessed completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security measures. -
Communicated vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
Validated evidence from vendors before remediation plans are closed. Planned and executed onsite security/risk re-assessments for third party vendors.
Ensured all risk controls were documented in a Vendor Risk Scorecard in accordance with Third Party Risk Management (TPRM) Policy and the Risk Assessment Matrix. Assessed outsourced products and services for risk and criticality.
Staff Attorney 03/2014– 01/2016
Ministry of Public Health Yaoundé-Cameroon
Staff attorney in the Law and Judicial Affairs Division of the Ministry of Public Health.
Represented government and public ministry in court proceedings.
Reviewed, researched, and managed public-interest lawsuits brought forth by the Ministry of Public Health.
Interpreted laws, rulings, and regulations in briefings for government higher management.
Litigated and successfully defended public interest in about 20 cases.
Performed administrative and management functions related to the practice of law.
Assessed the meaning, implications, and interpretations of language in new laws related to the medical field and offered commentary as requested.
Reviewed law proposals initiated by various government ministries to be approved by the National Assembly.
EDUCATION
Master’s in International Business Law 08/2004
University of Yaoundé II Yaoundé-Cameroon
CERTIFICATION
CompTIA Security + (Credential ID: COMP001021856092)
Contact this candidate