Information System Cyber Security
Resume:
CHARLOTTE BERCHIE
************@*****.***
OBJECTIVE
Skilled and detail-oriented Information System Security Manager, seeking an opportunity with a dynamic organizational skill which focus on Cyber Security and information System Security Governance, Risk and Compliance (GRC), Privacy Risk and Security, Vulnerability Scanning/Analysis, Reporting and Remediation strategies, Continuous Monitoring, and IT audit log management, with the focus on Strengthening the security posture of Information Technology Systems, process, and Stakeholder’s confidence. Skillful implementation of FISMA-NIST 800-39, 800-37, 800-171, 800-60, 800-53R4/5, 800-53A, ISO 27001, Knowledge of most NIST SP 800 series, FIPS 140-2, CIS compliance and associated levels. Knowledge of FEDRAMP solutions, with great Soft Skills.
TECHNICAL SKILLS
Microsoft Office Suite (Word, Excel, PowerPoint, Outlook, Google Docs) Proficient using Windows 10,11, XML, xlsx.
Security tools: SIEM (Splunk), Qualys Was, OVMS, Security Risk Compliance (SRA) Archer Dashboard, Tenable Nessus, CSAM, eMASS, ACAS, Burp Suite
Data classification and protection.
EDUCATION
MA. - Theology, Life Christian University, Tempa, FL
A.S - New York University, Respiratory Therapy, New York, NY
Graduated FISMA RMF/ DIACAP - DOD Training Center, Columbia, MD – Graduated
SECURITY+ / DOD 8570 – Training Center, Columbia, MD – Graduated
CERTIFICATIONS
CompTIA Security+
Certified Information System Manager (CISM)
Certified Information System Auditor (CISA) – in progress
Professional Experience
ICF- Consulting Jan 2022 - Present
Cyber Security Management Specialist
Identifying Threats, Vulnerabilities, and compliance through Testing/examination /interviews
Analyze Risk and Identifying Recommended corrective Actions
Documenting, developing, and updating Reports and Artifacts
Developing and updating Security Assessment and vulnerability risk finding templates
Password policies, Active Directory, and user account management.
Compliance Analysis – Selection of STIGs, Verification & Validation to improve scorecards.
Managing Ongoing system Assessment/authorization process in EMASS
Control Tailoring, establishing baseline, to be reviewed and approved.
Using the Risk Management Framework to Identify, Protect, Detect, Respond and Recover
Developing Policy, Procedure and S.O.P in compliance with FISMA Risk Management Framework.
Analyzed Vulnerability Scan reports and recommended to management on remediation actions.
Create, monitor and update the status of POA&Ms to ensure weaknesses discovered are resolved by deadline.
Revision and Analysis of eMASS generated SSP and other Artifacts used for supporting evidence.
Managed Federal Information Process with precise, threat hunt and recommendations.
Ace Info Consulting Solutions June 2020 – Jan 2022
(Information Security Audit)
Supply Chain Risk Assessment, Mapping, and compliance
Identified and implemented SCRM Best Practices to Agency mission/ Objectives
Supply Chain Risk Management Control Selection and Tailoring
System Registration, setting up Package approval chain, and Overlays.
Support the Privacy Officer to identified Systems with non-compliant PTA, PIA and SORN
Support Privacy Office for analysis of Privacy impact, updated PTAs, PIAs and SORNs
Managed EMASS Package Approval Chain /Control Approval Chain
ConMon and managing EMASS Reports, workflows and RMF processes
Managed user account storage and windows group policies, and security account manager
ATO Packet Preparation, assessment, validation, managing security controls, develop implementation Plan.
Managed the personnel user assignment/ administrative function of the System
Prioritizing, Evaluating, Implementation and recommendation of risk within the enterprise.
Information Security Continuous Monitoring and ongoing control assessments
Scanning, Troubleshooting, Analysis, Timely Reporting and Events and management strategies
Alutiiq Information Management LLC (Fed /Civilian Contracts) Nov 2018 - April 2020 (Cybersecurity Analyst/ Technical Writer )
Identification, Protection, Detection, Responding to Threats in SDLC with recommendation
CISO/ ISSM Support with Audit recommendation and Remediation strategies.
Lead Configuration Management process, Lead Vulnerability Management process.
Supported Configuration management team in establishing and managing acceptable Configuration Baselines
Software Asset management, Hardware Asset Management Team support
Collaboration with Booze Allen and DHS for CDM project.
Reviewed, Updated and Developed POAM Artifacts
Analyzing and evaluating the design and operating effectiveness of Information technology and security controls that are in place.
Support oversight of required corrective action plans relating to security compliance issues.
Support the identification, implementation, and maintenance of automated technical security controls required by various technical regulatory compliance frameworks.
Research threats, performed IT vulnerability assessments, and monitored remediation and report metrics to ensure management makes the final decisions.
Review and validate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for each managed IT System prior to authorizing closure.
Ensure that data classifications are protected and managed accordingly.
Supported presidential directives for strengthening Security infrastructure, processes, and distribution
Apply Logic Consulting Group, McLean, Virginia. (Fed Contract) June- 2017 – Nov 2018
(POAM and ATO management)
Supported Project - 2020 Census
Developing and updating Security Assessment Reports
Developing, Reviewing, and updating A&A packages for OA
Created System Security Plans, Security Assessment Plans, POAMS
Developed, Updated and Reviewed ATO packages
Using the Risk Management Framework to Identify, Protect, Detect, Respond and Recover
Reviewing, Developing, and updating System Security Plans
Developing Policy, Procedure and S.O.P in compliance with FISMA Risk Management Framework.
Perform Privacy Impact Assessment (PIA), Privacy Threshold Analysis of Systems with PIIs
Analyzed Vulnerability Scan reports and recommended to management on remediation actions.
Create, monitor and update the status of POA&Ms to ensure weaknesses discovered are resolved in accordance to the scheduled completion dates, and report to upper management.
Performed continuous monitoring, ongoing Risk determination and acceptance
Snr Information Assurance Analyst, Smartthink Solutions March 2012 – June 2017
Security Control Assessor
Ensures proper system categorization using NIST 800-60 and FIPS 199, FIPS 200, SP 800-37, 800-39
Implements appropriate security controls for information systems. NIST 800-53A, 800 -53 Rev 4.
Removed Complex information system policies and false positives by Testing, Interviewing and reporting
Review and Develop Risk Assessment Report, Security impact Analysis to define threats, vulnerability, Impact and Likelihood.
Supported ISSOs and Stakeholders through the ATO process, using various Frameworks and methodologies
Performed security control assessment using NIST guidance and best practices as part of ISCM strategy.
Developing, updating, Reviewing artifacts for Assessment & Authorization including System Security Plan (SSP), POAM SAP, SAR,
Control Assessments, System Security test and Evaluation (ST&E), Security Assessment Plan
Conducted Contingency Plan Testing or functional methods at least annually and updating plan.
Strategic planning to certify and Authorize assigned Information systems.
Ensures Configuration Management processes are secured, Documented and Reported
Created Waivers or Risk Acceptance Memos to assist in the effective management of systems risk.
Security Privacy/ HIPAA Specialist (Medstar Health) Jan 2008 - Feb 2012
Conducted systems risk assessment through Risk analysis, identify all possible vulnerabilities within systems.
Designed and Conduct walkthroughs, formulated test plans, Physical and Environmental testing and risk remediation.
Worked closely with business and technology audit colleagues to ensure that key risks are identified and assessed in the program of audit coverage.
HIPAA / Privacy Security governance and compliance
Monitored and took appropriate actions on compliance-related issues including Investigating, controlling, and monitoring audit logs to block suspicious activities.
Contact this candidate