CHARLOTTE BERCHIE

ad39t3@r.postjobfree.com

C 410-***-****

OBJECTIVE

Skilled and detail-oriented Information System Security Manager, seeking an opportunity with a dynamic organizational skill which focus on Cyber Security and information System Security Governance, Risk and Compliance (GRC), Privacy Risk and Security, Vulnerability Scanning/Analysis, Reporting and Remediation strategies, Continuous Monitoring, and IT audit log management, with the focus on Strengthening the security posture of Information Technology Systems, process, and Stakeholder’s confidence. Skillful implementation of FISMA-NIST 800-39, 800-37, 800-171, 800-60, 800-53R4/5, 800-53A, ISO 27001, Knowledge of most NIST SP 800 series, FIPS 140-2, CIS compliance and associated levels. Knowledge of FEDRAMP solutions, with great Soft Skills.

TECHNICAL SKILLS

Microsoft Office Suite (Word, Excel, PowerPoint, Outlook, Google Docs) Proficient using Windows 10,11, XML, xlsx.

Security tools: SIEM (Splunk), Qualys Was, OVMS, Security Risk Compliance (SRA) Archer Dashboard, Tenable Nessus, CSAM, eMASS, ACAS, Burp Suite

Data classification and protection.

EDUCATION

MA. - Theology, Life Christian University, Tempa, FL

A.S - New York University, Respiratory Therapy, New York, NY

Graduated FISMA RMF/ DIACAP - DOD Training Center, Columbia, MD – Graduated

SECURITY+ / DOD 8570 – Training Center, Columbia, MD – Graduated

CERTIFICATIONS

CompTIA Security+

Certified Information System Manager (CISM)

Certified Information System Auditor (CISA) – in progress

Professional Experience

ICF- Consulting Jan 2022 - Present

Cyber Security Management Specialist

Identifying Threats, Vulnerabilities, and compliance through Testing/examination /interviews

Analyze Risk and Identifying Recommended corrective Actions

Documenting, developing, and updating Reports and Artifacts

Developing and updating Security Assessment and vulnerability risk finding templates

Password policies, Active Directory, and user account management.

Compliance Analysis – Selection of STIGs, Verification & Validation to improve scorecards.

Managing Ongoing system Assessment/authorization process in EMASS

Control Tailoring, establishing baseline, to be reviewed and approved.

Using the Risk Management Framework to Identify, Protect, Detect, Respond and Recover

Developing Policy, Procedure and S.O.P in compliance with FISMA Risk Management Framework.

Analyzed Vulnerability Scan reports and recommended to management on remediation actions.

Create, monitor and update the status of POA&Ms to ensure weaknesses discovered are resolved by deadline.

Revision and Analysis of eMASS generated SSP and other Artifacts used for supporting evidence.

Managed Federal Information Process with precise, threat hunt and recommendations.

Ace Info Consulting Solutions June 2020 – Jan 2022

(Information Security Audit)

Supply Chain Risk Assessment, Mapping, and compliance

Identified and implemented SCRM Best Practices to Agency mission/ Objectives

Supply Chain Risk Management Control Selection and Tailoring

System Registration, setting up Package approval chain, and Overlays.

Support the Privacy Officer to identified Systems with non-compliant PTA, PIA and SORN

Support Privacy Office for analysis of Privacy impact, updated PTAs, PIAs and SORNs

Managed EMASS Package Approval Chain /Control Approval Chain

ConMon and managing EMASS Reports, workflows and RMF processes

Managed user account storage and windows group policies, and security account manager

ATO Packet Preparation, assessment, validation, managing security controls, develop implementation Plan.

Managed the personnel user assignment/ administrative function of the System

Prioritizing, Evaluating, Implementation and recommendation of risk within the enterprise.

Information Security Continuous Monitoring and ongoing control assessments

Scanning, Troubleshooting, Analysis, Timely Reporting and Events and management strategies

Alutiiq Information Management LLC (Fed /Civilian Contracts) Nov 2018 - April 2020 (Cybersecurity Analyst/ Technical Writer )

Identification, Protection, Detection, Responding to Threats in SDLC with recommendation

CISO/ ISSM Support with Audit recommendation and Remediation strategies.

Lead Configuration Management process, Lead Vulnerability Management process.

Supported Configuration management team in establishing and managing acceptable Configuration Baselines

Software Asset management, Hardware Asset Management Team support

Collaboration with Booze Allen and DHS for CDM project.

Reviewed, Updated and Developed POAM Artifacts

Analyzing and evaluating the design and operating effectiveness of Information technology and security controls that are in place.

Support oversight of required corrective action plans relating to security compliance issues.

Support the identification, implementation, and maintenance of automated technical security controls required by various technical regulatory compliance frameworks.

Research threats, performed IT vulnerability assessments, and monitored remediation and report metrics to ensure management makes the final decisions.

Review and validate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for each managed IT System prior to authorizing closure.

Ensure that data classifications are protected and managed accordingly.

Supported presidential directives for strengthening Security infrastructure, processes, and distribution

Apply Logic Consulting Group, McLean, Virginia. (Fed Contract) June- 2017 – Nov 2018

(POAM and ATO management)

Supported Project - 2020 Census

Developing and updating Security Assessment Reports

Developing, Reviewing, and updating A&A packages for OA

Created System Security Plans, Security Assessment Plans, POAMS

Developed, Updated and Reviewed ATO packages

Using the Risk Management Framework to Identify, Protect, Detect, Respond and Recover

Reviewing, Developing, and updating System Security Plans

Developing Policy, Procedure and S.O.P in compliance with FISMA Risk Management Framework.

Perform Privacy Impact Assessment (PIA), Privacy Threshold Analysis of Systems with PIIs

Analyzed Vulnerability Scan reports and recommended to management on remediation actions.

Create, monitor and update the status of POA&Ms to ensure weaknesses discovered are resolved in accordance to the scheduled completion dates, and report to upper management.

Performed continuous monitoring, ongoing Risk determination and acceptance

Snr Information Assurance Analyst, Smartthink Solutions March 2012 – June 2017

Security Control Assessor

Ensures proper system categorization using NIST 800-60 and FIPS 199, FIPS 200, SP 800-37, 800-39

Implements appropriate security controls for information systems. NIST 800-53A, 800 -53 Rev 4.

Removed Complex information system policies and false positives by Testing, Interviewing and reporting

Review and Develop Risk Assessment Report, Security impact Analysis to define threats, vulnerability, Impact and Likelihood.

Supported ISSOs and Stakeholders through the ATO process, using various Frameworks and methodologies

Performed security control assessment using NIST guidance and best practices as part of ISCM strategy.

Developing, updating, Reviewing artifacts for Assessment & Authorization including System Security Plan (SSP), POAM SAP, SAR,

Control Assessments, System Security test and Evaluation (ST&E), Security Assessment Plan

Conducted Contingency Plan Testing or functional methods at least annually and updating plan.

Strategic planning to certify and Authorize assigned Information systems.

Ensures Configuration Management processes are secured, Documented and Reported

Created Waivers or Risk Acceptance Memos to assist in the effective management of systems risk.

Security Privacy/ HIPAA Specialist (Medstar Health) Jan 2008 - Feb 2012

Conducted systems risk assessment through Risk analysis, identify all possible vulnerabilities within systems.

Designed and Conduct walkthroughs, formulated test plans, Physical and Environmental testing and risk remediation.

Worked closely with business and technology audit colleagues to ensure that key risks are identified and assessed in the program of audit coverage.

HIPAA / Privacy Security governance and compliance

Monitored and took appropriate actions on compliance-related issues including Investigating, controlling, and monitoring audit logs to block suspicious activities.

Contact this candidate