Risk Management Information Security

Amari Joseph

Atlanta, GA, *****, US • 404-***-**** • ad2d3h@r.postjobfree.com

Skilled IT Security Analyst with over six years of experience in Information Security. In-depth knowledge and experience in Federal Information System Management Act (FISMA) and the Risk Management Framework (RMF). Comprehensive understanding of the Federal Risk and Authorization Management Process (FEDRAMP) for securing federal information systemsin a cloud environment, ensuring FISMA compliance.

Lead system security assessments within cloud-based environments in accordance with FedRAMP, FISMA, NIST SP 800-53, 800-37, OMB, and other authoritative IT security guidance

Conducted client assessments to determine their ability to meet FedRAMP requirements. Proficient in risk management, with a focus on evaluating system compliance with NIST 800-53A security controls for new systems undergoing initial risk management assessments and Authority to Operate (ATO) certification. Hands-on experience with GRC tools, specifically Xacta and CSAM. Adjudicated Plan of Action & Milestones (POA&M) effectively. Possess exceptional communication skills, able to interface effectively with senior management, staff, peers, and users. Demonstrated strong attention to detail, analytical skills, and the ability to work both independently and as part of a team both onsite and remotely Information security

Excellent Communication

Risk Management Framework (RMF)

IT auditing

ATO Support

FISMA

A&A Packaging

Adaptability

NIST Standards

HIPAA

Mass Media Arts - Bachelor of Arts

Clark Atlanta University - Atlanta, GA

RELATED COURSEWORK

SKILLS

EDUCATION

WORK HISTORY

Security Control Assessor - Ma rc h, 2018 t o P res ent Gridiron IT - Falls Church, VA

Provide input t o the Ris k Manage me nt F ramew ork p rocess activities an d related d ocume ntation (e. g., s ystem life -cycle suppor t plans, co ncept of operation s, operatio nal proce dures, and main tenance training materials) Perform a key role in defining and executing strategic capability uplift programs for clients, utilizing exceptional leadership skills to prioritize and

implement

programs

that

improve

overall

security

posture.

Ensured that plans of actions an d m ilesto nes or remedi ation pla ns are in p lace for vuln erabilities iden tified d uring risk a sse ssments, a u dits, inspectio ns, etc.

Verified and updated secu rity docu mentat ion reflectin g the applica tio n/sy stem sec urity design fe atu res and As sessed t he effec tiveness of s ecurity controls.

Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy Contribute to successful project outcomes by assisting with risk identification, assessment, and response on security matters, utilizing a thorough understanding of industry best practices and regulatory requirements. Demonstrated exceptional interpersonal and communication skills while providing a positive and collaborative demeanor as a team player and self-starter. Exhibited a proactive approach, taking initiative and working effectively with a diverse range of staff and management, both internally and externally.

Develop, review, and refine reporting of the execution of critical cybersecurity initiatives and priorities, performance metrics, risks and threats, remediation activities and associated risk

Conducted thorough Security Control Assessments, Security Control Testing, and developed comprehensive Security Assessment Plans (SAP) in accordance with industry standards.

Performed in-depth reviews, evaluations, and the creation of System Security Plans (SSP), as well as the development of Plan of Action and Milestones (POA&M) to address identified security gaps. Conducted comprehensive Risk Analyses, Risk Assessments, and produced detailed Security Assessment Reports (SAR) to inform decision- making processes.

Expertly planned and performed security control assessments for customer systems in accordance with NIST SP 800-53, 800-137, and NIST SP 800-53A, supporting the customer's Authority to Operate (ATO) process or annual assessment through control assessment techniques such as Interview & Examination, physical security walkthroughs, and technical vulnerability testing. Communicating in an organized and knowledgeable manner in written and verbal formats including delivering clear requests for information and communicating potential conflicts

1. CompTIA Security+ certification.

ISSA - Information Systems Security Association

CERTIFICATIONS

AFFILIATIONS

Security Control Assessor - October, 2017 to February 2018 Copious Technology- Alexandria, VA

Contact this candidate