Post Job Free
Sign in

Information Security Risk Management

Location:
Woodbridge, VA
Posted:
December 07, 2023

Contact this candidate

Resume:

GERTTY FREMAH

Woodbridge, VA

571-***-****

EMAIL: ******.******@*******.***

US CITIZEN.

A motivated, mission-oriented Cybersecurity professional with a unique combination of passion for information security, project development and management. Proficient in the Risk Management Framework (RMF) steps and experienced in managing and protecting organizational systems, data, and processes. Innovative, team-oriented, with effective communication skills at all levels of an enterprise and seeking to work in an environment where I can grow and develop my skills in the cybersecurity industry, whilst supporting a company or effort that is equally invested in the workforce development.

STANDARDS/CONTROLS/ ARTIFACTS/ FRAMEWORKS AWARENESS Confidentiality, integrity, availability, access control, audit and accountability, Security Assessment and Authorization, Compliance Testing, Vulnerability Scans, Risk Assessment, Change management, Configuration Management, Contingency Planning, Incident Response, Media Protection, PIA, PTA, SORN, POA&M, SAR, SAP, MOU, NIST 800-53, NIST 800-53A, FIPS 199, FISMA, FedRAMP, NIST 800-37. Education:

• BSc in Computer Science

Certification

• CompTIA (SEC+) Security Plus, Active

• (CAP) Certified Authorization Professional in Progress PROFESSIONAL EXPERIENCES

ELECTROSOFT: US DEPT OF COMMERCE 05/2020 - Present INFORMATION ASSURANCE SECURITY SPECIALIST

• Prepared security authorization (C&A) documentation including system security plan (SSP), Security Control Test and Evaluation (SCT&E), Security Assessment Report (SAR), Contingency Plan (CP) and other artifacts required for the ATO package, referencing SP 800-18, SP 800-30, SP 800-34 respectively.

• Executed reviews of RMF Security Controls to ensure FISMA and NIST compliance

• Supported leadership to identify capability gaps in vulnerability management services by analyzing Plan of Action and Milestones (POA&Ms) associated with the facility or system

• Conduct analysis and aggregations of security Control and POA&M evidence from various sources.

• Maintained Knowledge of current RMF security trends and be able to clearly communicate them to the client’s environment.

• Employed knowledge of established Federal standards such as the Federal Risk and Authorization Management Program (FedRAMP), to ensure the confidentiality, integrity and availability (CIA) triad is implemented and operating as intended for each assigned information system

• Participated in security team meetings and rendered other support to IT Security office, which included ensuring appropriate steps are taken to implement information security requirements for all IT systems.

• Prepare and reviewed C&A package for information systems

• Request and reviewed vulnerability scans

• Facilitate and conduct continuous monitoring and periodic self-inspections of facility and computer systems to ensure compliance with C&A documentation package for approved systems and proactively reported results to management; make recommendations for and implement improvements as needed.

• Supports the identification and impact classification for new vulnerabilities identified in the client’s environment. FOXHOUND PARTNERS: US DEPT OF LABOR 07/2016 - 04/2020 INFORMATION SECURITY ANALYST

• Conducted FISMA-based security risk assessments for information systems – including interviews, tests and examine; produced assessment reports and recommendations following NIST 800 processes and controls.

• Mitigated security deficiencies identified during security testing and recommended risk acceptance for the appropriate authorized representative.

• Identified the common causes of defects, prioritized them, and worked with different vendors to systematically remove them so they do not reoccur in further development work.

• Ensured all information systems are operated, maintained, and disposed in accordance with internal security policies and practices as well as ensuring configuration management is appropriate for all software and hardware, including that change control requirements are documented and tracked.

• Managed, implemented and guided end users to implement appropriate software solutions to assist in completing their responsibilities to the institutions.

• Collaborated with various IT teams to implement projects and to solve cross-departmental technical challenges.

• Assisted with ensuring the availability of applications, configuring new implementations, and developing processes and procedures for ongoing system functionality.



Contact this candidate