Information System Security Officer
Joyce Nicholson
Objective
Highly motivated information system security professional with over 9 years extensive experience in Risk Management Framework (RMF), System Development Life cycle (SDLC) and Vulnerabilities Management using Federal Information Security Management Act (FISMA), and NIST SP 800 Series
Raytheon Missile and Defense 2021-current
Principal Specialist cyber-Security controls
Partner with IT system administrators to assess unclassified information systems to assure compliance with applicable IT security policies, including but not limited to compliance with (NIST) Special Publication (SP) 800-171 and 800-53.
Supports risk assessments and assist with selection of IT controls to achieve compliance.
Conducted annual security reviews of FISMA assessment in accordance with company policy and procedures of all assigned IS.
Conducting assessments of Information Systems (ISs) seeking an Authority To Operate (ATO), assisting with the development of remediation plans and making recommendations to grant ATO for an IS to the Chief Information Security Officer (CISO).
Create, consult on, and ensure the completion of Security Assessment Packages (SAPs) for RMD managed systems as part of the Information Risk Assessment and Management Process (IRAMP).
Request export control review for systems that process Export Controlled information.
Assist IT system admins to complete and maintain SAPs for an IS, ensuring the SAP is kept current throughout the lifecycle of the IS.
Monitor the operational security posture for ISs to which they are assigned and ensure the ISs operate in accordance with their SAP and have a current ATO.
Conduct reviews and analysis of waiver requests for their assigned IS. Ensure that if the request is approved, the SAP Plan of Action and Milestones (POA&M) documents the residual risk(s) associated with the waiver.
Educate users/colleagues on information security topics such as policies, standards, guidelines, and best practices.
Wake county Health and Human services 2016-2021
Information Security compliance analyst
Supported the execution of risk management activities including assessments and exception process according to FISMA guidelines.
Coordinated and track IT and security related customer audits and support the closure of audit findings. Contribute to internal compliance assessments, including assessing controls, making recommendations, and tracking issues.
Supported execution of third-party risk mgmt. activities including monitoring of third-party security risk, prioritization of third parties, and conducting appropriate third part security assessments
Supported security governance related activities including maintenance of policies and standards as well as development and reporting of key metrics.
Assist in the development and maintenance of enterprise security policies and procedures
Work with information security team to develop strategies and plans to enforce security requirements and address identified risks
Ensure compliance by regularly leading internal audits and perform gap assessments to track compliance readiness.
Track changes in compliance requirements, proactively implement processes and procedures to address the changes
Oversee the development and implementation of correction action plans as well as monitor results for success
American Recross/Wake-Med Hospital.
Healthcare Compliance Specialist 2012 – 2016
Ensured that practices within the organization were within the appropriate level of compliance with HIPAA and PII
Audited, monitored, and tracked compliance with state, federal and other regulatory requirements resulting in a significant reduction of compliance risks
Prepared documentations for intake of privacy issues and assisted CCO in conducting investigations and preparing privacy and compliance reports.
Prepared educational materials and presentations for privacy and compliance for training as needed.
Stayed abreast with the US Healthcare Compliance laws, regulations, and enforcement
environment resulting in a deeper understanding of how they impacted the organization.
Education
- Florida International University- Master of science
- James Madison University - Bachelor of science
Skills
- Risk Management,
SAP documentation
- (ATO) Process
-Cloud Computing and FedRAMP
-DFARS
-Vulnerabilities Assessment and management
-NIST publications SP 800- 171, SP 800-53,
Certification
- CompTIA Security +
- CISA
GRC Tools/ Platform - Archer, CSAM, Xacta, SharePoint, OneTrust, ServiceNow, Nessus, Splunk
Verdant
Contact
Joyce Nicholson
ad3i1q@r.postjobfree.com