Cellenia Dickson

IT Security Assessor Administrator

Paramount, CA 90723

E: ad0g6t@r.postjobfree.com C: 323-***-****

An IT Security Assessor and NIST 800-53 Control assessor with many years of combined experience in Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standards and Technology (NIST), Risk Management Framework (RMF) processes, Risk Assessment (RA), System Development Life Cycle (SDLC), as well as Contingency planning. Thorough understanding of NIST 800-53 Rev 4 and 5 security controls. Audit projects including Security Audit, RMF, COBIT, PCI DSS, HIPAA, SAS 70 SSAE 16/SOC and SSAE18. Knowledge of the process to obtain a system ATO and requirements to maintain the ATO. An IT professional with experience in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, as well as risk assessment. Understanding of information technology concepts, cloud computing models (PaaS, SaaS, IaaS). Work Experience

Information System Security Officer

Metro Consulting

December 2019 to Present

● Document observations for existing IT control processes and identified issues in assessment questionnaires during disaster recovery planning exercises.

● Conducts assessment of the security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary.

● Perform vulnerability/risk assessment analysis to support A&A activities.

● Develop solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP).

● Perform assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.

● Maintains and manages Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, SAR, and other relevant security documentations for the system.

● Performs risk assessments, develops, and recommends mitigating controls, and remains abreast of advancements that address emerging business and environmental factors impacting assurance levels.

● Analyzes and updates System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E).

● Provide security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis – analyzing current threats to information security and systems.

● Better understanding of NIST 800-53 security controls and documentation for assessment results.

● Performing ongoing continuous monitoring (ISCM) using NIST 800-137 Rev 1 as a guide.

● Analyzed financial information and developed solutions to new credit requests.

● Analyzes and updates System Security Plan (SSP), Risk Assessment (RA), & Privacy Impact Assessment

Third Party Vendor Risk Manager

West Los Angeles College Dental Hygiene

January 2015 to December 2019

• Documented and kept track of risks and recommendations based on vendor’s lack of control.

•Coordinated and performed vendor reviews.

• Studied the legislation of the government and advised vendors or companies on compliance under current legislations.

• Managed third-party risk management program.

• Identified and measured risk associated with vendor security controls.

• Worked with cross-sectional teams, including IT, human resources, contracts, and security to address potential compliance issues and achieve data privacy program initiatives while providing as-needed support to other programs within Ethics & Compliance.

• Ensured compliance and provided input to security policies, standards, and procedures.

• Conducted all tasks in accordance with the requirement to comply with security controls.

• Presented ideas via reports, presentations and made suggestions or recommendations for improvement and or enhancements based on research or findings.

• Tracked, monitored and reported on vendor compliance with information security standards.

• Examined the areas that posed threats to financial assets of the vendor and or organization, while also recommending solutions to minimize risks.

• Conducted information security reviews of key vendors and all externally hosted and developed websites.

• Supported internal and external audits (including penetration tests and vulnerability management initiatives) – tracked audit measures, resolution tasks, and reviewed evidence of compliance.

• Assisted with implementation of supplier management tools and processed in coordination with the Procurement, Accounting and Legal departments to optimize the vendor review process.

• Collaborated with teams, stakeholders, and business partners to understand and implement improvement opportunities.

• Reviewed and red lined vendor agreements for compliance to information security standards.

• Performed focused risks assessments of existing or new services and technologies.

• Developed and tracked Plans of Action and Milestones (POA&Ms) to ensure remediation closure.

Compliance Manager

J & G International

January 2010 to December 2014

• Provided analysis and recommendations for identified security exceptions; participated in defining remediation efforts.

• Ensured documentation of all vendor relationships and contracts related to vendors that provide outsourced services and uploaded the information into the system.

• Performed 3rd Party Vendor Risk Assessments & assisted in the reporting of vendor risk management activities. • Identified opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessed the residual risks.

• Contributed to the Cyber Assessment Metrics and GRC reported to senior management to influence risk-based results.

• Reviewed and validated vulnerability findings.

• Identified weaknesses and vulnerabilities within the system and proposed countermeasures.

• Maintained strong working relationships with individuals and groups involved in managing information risks across the organization.

• Assisted in remediating penetration tests, application & vulnerability assessment findings.

• Performed internal risk assessments.

• Performed focused risks assessments of existing or new services and technologies.

• Worked with cross-functional teams, including IT, human resources, contracts, and security to address potential compliance issues and achieve data privacy program initiatives and provide as-needed support to other programs within Ethics & Compliance.

• Executed on day-to-day deliverables that supported the ongoing compliance needs related to, PCI, IT policy, compliance, and risk, as well as any new regulatory requirements. Education

Bachelor's degree in Community Health

Cal State Long Beach - Long Beach, CA

Skills

• HIPAA & PRIVACY ACT training. • ISO 27001 • Network Vulnerability Scanning • SharePoint • Nessus Vulnerability Scanner • PIA • Microsoft Office • SP 800-53A • FIPS • ACAS • SAR • Assessment and Authorization (A&A) • Splunk • PCI DSS • SP 800-37 • Microsoft Office. • HBSS

• LAN • CP • Linux • System Risk Assessment• ISA, MOU/A • SAP • ATO • IDS • NIST SP 800-171

• Vulnerability Assessment • Certification and Accreditation (C&A) • SCAP •FedRAMP • Risk Management Framework (RMF) • Archer • Nexpose • IT Security Compliance • FIPS-199 • Information Assurance • NISPOM. • IPS • System Development Life Cycle • POA&M • Windows

• EPIC • NIST SP 800-53 • WAN • SSP • PTA • NIST Guidelines Publications • FISMA Certifications and Licenses

CompTIA Security+

March 2023 to March 2026

Certified Information System Manager (CISM)

In Progress

Contact this candidate