Information System Security Officer

Joyce Nicholson

Objective

Highly motivated information system security professional with over 9 years extensive experience in Risk Management Framework (RMF), System Development Life cycle (SDLC) and Vulnerabilities Management using Federal Information Security Management Act (FISMA), and NIST SP 800 Series

Raytheon Missile and Defense 2021-current

Principal Specialist cyber-Security controls

Partner with IT system administrators to assess unclassified information systems to assure compliance with applicable IT security policies, including but not limited to compliance with (NIST) Special Publication (SP) 800-171 and 800-53.

Supports risk assessments and assist with selection of IT controls to achieve compliance.

Conducted annual security reviews of FISMA assessment in accordance with company policy and procedures of all assigned IS.

Conducting assessments of Information Systems (ISs) seeking an Authority To Operate (ATO), assisting with the development of remediation plans and making recommendations to grant ATO for an IS to the Chief Information Security Officer (CISO).

Create, consult on, and ensure the completion of Security Assessment Packages (SAPs) for RMD managed systems as part of the Information Risk Assessment and Management Process (IRAMP).

Request export control review for systems that process Export Controlled information.

Assist IT system admins to complete and maintain SAPs for an IS, ensuring the SAP is kept current throughout the lifecycle of the IS.

Monitor the operational security posture for ISs to which they are assigned and ensure the ISs operate in accordance with their SAP and have a current ATO.

Conduct reviews and analysis of waiver requests for their assigned IS. Ensure that if the request is approved, the SAP Plan of Action and Milestones (POA&M) documents the residual risk(s) associated with the waiver.

Educate users/colleagues on information security topics such as policies, standards, guidelines, and best practices.

Wake county Health and Human services 2016-2021

Information Security compliance analyst

Supported the execution of risk management activities including assessments and exception process according to FISMA guidelines.

Coordinated and track IT and security related customer audits and support the closure of audit findings. Contribute to internal compliance assessments, including assessing controls, making recommendations, and tracking issues.

Supported execution of third-party risk mgmt. activities including monitoring of third-party security risk, prioritization of third parties, and conducting appropriate third part security assessments

Supported security governance related activities including maintenance of policies and standards as well as development and reporting of key metrics.

Assist in the development and maintenance of enterprise security policies and procedures

Work with information security team to develop strategies and plans to enforce security requirements and address identified risks

Ensure compliance by regularly leading internal audits and perform gap assessments to track compliance readiness.

Track changes in compliance requirements, proactively implement processes and procedures to address the changes

Oversee the development and implementation of correction action plans as well as monitor results for success

American Recross/Wake-Med Hospital.

Healthcare Compliance Specialist 2012 – 2016

Ensured that practices within the organization were within the appropriate level of compliance with HIPAA and PII

Audited, monitored, and tracked compliance with state, federal and other regulatory requirements resulting in a significant reduction of compliance risks

Prepared documentations for intake of privacy issues and assisted CCO in conducting investigations and preparing privacy and compliance reports.

Prepared educational materials and presentations for privacy and compliance for training as needed.

Stayed abreast with the US Healthcare Compliance laws, regulations, and enforcement

environment resulting in a deeper understanding of how they impacted the organization.

Education

- Florida International University- Master of science

- James Madison University - Bachelor of science

Skills

- Risk Management,

SAP documentation

- (ATO) Process

-Cloud Computing and FedRAMP

-DFARS

-Vulnerabilities Assessment and management

-NIST publications SP 800- 171, SP 800-53,

Certification

- CompTIA Security +

- CISA

GRC Tools/ Platform - Archer, CSAM, Xacta, SharePoint, OneTrust, ServiceNow, Nessus, Splunk

Verdant

Contact

Joyce Nicholson

919-***-****

ad3i1q@r.postjobfree.com

Contact this candidate