Information assurance Specialist/ cyber security Analyst
Resume:
Jones Bongham.
**** ******* **** ***** ******* MD.20712
Tell :240-***-****
Cyber Security Analyst
Objectives
A motivational Information Security Analyst with vast experience in Managing and Protecting Enterprise Information Systems, Network Systems, and Operational processes through Information Assurance Controls, Compliance Verifications, Risk Assessment, and Vulnerability Assessment in accordance with NIST, FISMA, OMB and industry best. Security practices and also open to learning new skills
A U.S Citizen.
Work Experience
Cyber Security Analyst/ Information assurance specialist
Crest Consulting Group.
August 2015 to Present
• Conducts kick-off meetings to collect systems information and categorize systems based on NIST SP 800-60.
• Develops security control baseline and tests plan used to assess and implement security controls.
• Creates and updates the following Security Assessment and Authorization (A&A) artifacts; FIPS
199, Risk Assessments Report (RAR), Privacy Threshold Analysis (PTA), Privacy Impact Analysis
(PIA), Contingency Plan, Security Test and Evaluations (ST&Es), E-Authentication, Plan of Action and Milestones (POA&Ms).
• Meets with the system team to collect evidence, develops test plans and procedures and documents test results.
• Designs and Conducts walkthroughs, formulates test plans, tests results and develops remediation plans for each area of the testing.
• Conducts FISMA complaint security control assessments to ascertain the adequacy of management, operational, and technical privacy controls.
• Examines events logs for irregularities, identified irregularities are then reported as incidents. The incident response is then initiated to mitigate these irregularities.
• Involves in security incident management to mitigate or resolve events that have the potential to impact the confidentiality, availability, or integrity of information technology resources.
• Creates and maintains security metrics to help senior management to make decisions.
• Provides support to internal and external audit teams in gathering evidence to validate controls
• Interviews System Owners and reviews existing system documentations to make an objective assessment if the system complied with established standards.
Cyber Security Analyst
Smart Link LLC
July 2013 to August 2015
• Assisted with development Contingency plans, Disaster Recovery Plans, and Incidence Response plan for Information Systems using NIST SP 800-34.
• Reviewed and tested the NIST SP 800-53 security controls on a variety of systems and performed Gap analysis.
• Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Analysis (PIA), System Security Test and Evaluation (ST&E), and the Plan of Action and Milestones (POA&M).
• Reviewed and updated System Security Plan (NIST SP 800-18), Risk Assessment (NIST SP 800-30), and Security Assessment Report (NIST SP 800-53A).
• Coordinated with ISSO's and Application Developer to create remediation plan to TRACK POA&Ms.
• Conducted Security Assessment on the Technical Controls to ensure Compliance.
• Analyzed and updated System Security Plan (SSP), Security Assessments Report (SAR), and Plan of Action and Milestones (POA&M) activities.
• Evaluated and assessed Security Assessment Plans, Cyber Security Strategy, Program Protection Plan, Security Assessment Reports, RMF Plan of Action and Milestones, Security Authorization Package and Authorization Decision.
• Reviewed and analyzed Vulnerabilities scan report to write Security Assessment Report (SAR).
• Gave recommendations associated with findings to improve customer's security posture in accordance with NIST controls.
• Collaborated with Information System Security Officer (ISSO) in performing key role of NIST Certification and Accreditation (C&A) and Documentation and Continuous monitoring.
• Conducted annual assessment, updated existing Artifacts and worked with ISSO to secure information systems.
• Created, reviewed, and updated System Security Plan (SSP) and Security Assessment Report (SAR).
• Experienced in developing the ATO package for accreditation decision to be made.
Education
Bachelor of Science in Business Administration
Paul’s Computer Engineering Academy.
August 2005
University of Yaounde 1
May 2009.
Contact this candidate