Amari Joseph
Atlanta, GA, *****, US • 404-***-**** • ad2d3h@r.postjobfree.com
Skilled IT Security Analyst with over six years of experience in Information Security. In-depth knowledge and experience in Federal Information System Management Act (FISMA) and the Risk Management Framework (RMF). Comprehensive understanding of the Federal Risk and Authorization Management Process (FEDRAMP) for securing federal information systemsin a cloud environment, ensuring FISMA compliance.
Lead system security assessments within cloud-based environments in accordance with FedRAMP, FISMA, NIST SP 800-53, 800-37, OMB, and other authoritative IT security guidance
Conducted client assessments to determine their ability to meet FedRAMP requirements. Proficient in risk management, with a focus on evaluating system compliance with NIST 800-53A security controls for new systems undergoing initial risk management assessments and Authority to Operate (ATO) certification. Hands-on experience with GRC tools, specifically Xacta and CSAM. Adjudicated Plan of Action & Milestones (POA&M) effectively. Possess exceptional communication skills, able to interface effectively with senior management, staff, peers, and users. Demonstrated strong attention to detail, analytical skills, and the ability to work both independently and as part of a team both onsite and remotely Information security
Excellent Communication
Risk Management Framework (RMF)
IT auditing
ATO Support
FISMA
A&A Packaging
Adaptability
NIST Standards
HIPAA
Mass Media Arts - Bachelor of Arts
Clark Atlanta University - Atlanta, GA
RELATED COURSEWORK
SKILLS
EDUCATION
WORK HISTORY
Security Control Assessor - Ma rc h, 2018 t o P res ent Gridiron IT - Falls Church, VA
Provide input t o the Ris k Manage me nt F ramew ork p rocess activities an d related d ocume ntation (e. g., s ystem life -cycle suppor t plans, co ncept of operation s, operatio nal proce dures, and main tenance training materials) Perform a key role in defining and executing strategic capability uplift programs for clients, utilizing exceptional leadership skills to prioritize and
implement
programs
that
improve
overall
security
posture.
Ensured that plans of actions an d m ilesto nes or remedi ation pla ns are in p lace for vuln erabilities iden tified d uring risk a sse ssments, a u dits, inspectio ns, etc.
Verified and updated secu rity docu mentat ion reflectin g the applica tio n/sy stem sec urity design fe atu res and As sessed t he effec tiveness of s ecurity controls.
Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy Contribute to successful project outcomes by assisting with risk identification, assessment, and response on security matters, utilizing a thorough understanding of industry best practices and regulatory requirements. Demonstrated exceptional interpersonal and communication skills while providing a positive and collaborative demeanor as a team player and self-starter. Exhibited a proactive approach, taking initiative and working effectively with a diverse range of staff and management, both internally and externally.
Develop, review, and refine reporting of the execution of critical cybersecurity initiatives and priorities, performance metrics, risks and threats, remediation activities and associated risk
Conducted thorough Security Control Assessments, Security Control Testing, and developed comprehensive Security Assessment Plans (SAP) in accordance with industry standards.
Performed in-depth reviews, evaluations, and the creation of System Security Plans (SSP), as well as the development of Plan of Action and Milestones (POA&M) to address identified security gaps. Conducted comprehensive Risk Analyses, Risk Assessments, and produced detailed Security Assessment Reports (SAR) to inform decision- making processes.
Expertly planned and performed security control assessments for customer systems in accordance with NIST SP 800-53, 800-137, and NIST SP 800-53A, supporting the customer's Authority to Operate (ATO) process or annual assessment through control assessment techniques such as Interview & Examination, physical security walkthroughs, and technical vulnerability testing. Communicating in an organized and knowledgeable manner in written and verbal formats including delivering clear requests for information and communicating potential conflicts
1. CompTIA Security+ certification.
ISSA - Information Systems Security Association
CERTIFICATIONS
AFFILIATIONS
Security Control Assessor - October, 2017 to February 2018 Copious Technology- Alexandria, VA