Post Job Free
Sign in

Security Customer Service

Location:
Fredericksburg, VA
Posted:
March 02, 2019

Contact this candidate

Resume:

OBJECTIVE:

Highly motivated information security professional, who is able to work independently with little to no supervision. Seeking to use an expand on current assessment and authorization experience using NIST 800-53r4.

SUMMARY OF SKILLS:

Understanding of FISMA, NIST RMF, NIST Special Publication including NIST SP 800-53 and other security standards. Proficient in Microsoft Suite (MS Word, Excel, and PowerPoint). Excellent customer service skills in dealing with people of various levels within an organization.

EDUCATION

Bachelor of Information Technology, University of Mary Washington, Fredericksburg (Expected May 2019)

Associate in Information Technology, St. Joseph College of Education, Bechem, Ghana

CERTIFICATION

CompTIA Security+ (Candidate)

PROFESSIONAL EXPERIENCE

Security Control Assessor

Gavant Technologies, Fairfax VA September 2017 - Present

Conduct security control assessments and perform a risk analysis of security controls using NIST 800-53 methodology

Validate information system security plans to ensure NIST control requirements are met

Conduct site walk-throughs to assess implemented physical and environmental controls

Review of organizational documents including contingency plans, configuration management plans, incident response plans to ensure that they are compliant with NIST requirements

Review and evaluate System Security Plans (SSPs) to ensure that security controls are appropriately documented

Assess security controls to ensure that they are appropriately implemented, documented, and operating as intended.

Document assessment findings in the Security Assessment Report and assist system personnel in developing plans of actions and milestones (POA&Ms)

Create assessment and authorization documents to include kick-off slide decks, test cases, Security Assessment Plans (SAPs), and Security Assessment Reports (SARs)

Assist system personnel, as appropriate, to document control weaknesses in the Plan of Action and Milestones (POA&Ms)

Information System Security Analyst

Fairfax County Public Schools, (FCPS) Fairfax, VA May 2014 – September 2017

Performed systems certifications and accreditations for FISMA regulations and NIST requirement.

Performed daily ongoing (A&A) Assessment and Authorization projects in support of client security systems and ensuring quality control of the A&A documents.

Reviewed and updated of the System Security Plan (SSP) using NIST SP 88-18 guidelines.

Involved with reviewing, maintaining, and ensuring all Assessments and Authorizations (A&A) documentation are included in system security package.

Ensured the Implementation of appropriate security control for Information System based on NIST Special Publication 800-53 rev 4, FIPS 200, and System Categorization using NIST 800-60, and FIPS 199.

Reviewed and update remediation on (POAMs), work with system administrators to resolve POAMs, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M.

Worked with stakeholders and system application teams to conduct testing, interviews, and collection of artifacts relevant to assessment of security control

Information Assurance Specialist

Vodaphone, Ghana December 2008 - May 2014

Created and maintained Vodaphone’s security documents (policies, standards, baselines, guidelines, and procedures).

Perform Security Control Assessment

Work closely with representatives from other business units to request information, provide clarification, and validate findings, and evidence.

Ensure the security policies and processes are followed. Work with management as necessary to enforce any end-user-related security policies and processes.

Perform Privacy Threshold Analysis (PTA) and Privacy Impact Analysis (PIA) with business owners, privacy team and selected stakeholders

Review and continuously monitor implemented security controls

Perform Certification and Accreditation (C&A) documentation in compliance with company standards

Conduct walkthroughs and document vulnerabilities in the system by randomly testing security controls

Apply current Information Assurance (IA) requirements to the analysis, design, development, evaluation, and integration of computer/communication systems and networks to maintain an acceptable system security posture throughout the life cycle of multiple national level mission system

REFERENCES

Available Upon Request



Contact this candidate