Cyber Security Risk Management
Resume:
Prince Edu
Woodbridge, VA ***** UNITED STATES 801-***-****
DETAILS
SKILLS
• Security + Certified
• CISM- Certified
• Knowledge of Compliance Frameworks (FISMA, HIPPA, SOC FIPS, NIST SP
• Experience with System Development Life Cycle
• Vulnerability scanning tools like Nessus, Splunk, Web Inspect, Azure, Tripwire
• Project Management, IT Audit and Controls, IT Governance and compliance, IT Risk Management,
Quality Assurance and Testing, Regulatory Compliance
• Customer service, analytic, problem solving,
writing/documentation, time management and interpersonal skills
ad3zo7@r.postjobfree.com
PROFILE
Cyber Security Professional with experience in planning, analyzing and implementation of solutions in support of security objectives, IT Audit and Compliance. Proven ability to plan, deploy, and maintain information systems and network infrastructures. Compliance with regulatory and industry requirements, Information Security Program Development and Management, PCI DSS, Fed RAMP,, NIST Cybersecurity Framework.
EMPLOYMENT HISTORY
Cyber Security Analyst/Information Assurance Analyst ASM Research
Fairfax, VA.
March 2018 — Present
·Conduct FISMA-based security risk assessments for various government contracting organizations and application systems - including interviews, tests, and inspections; produced assessment reports and recommendations; conducted out-briefings. Assessments conducted following NIST 800 processes and controls.
·Experience in operating in cloud-based environments (AWS/Virtual Systems), Vulnerability Management, security IT infrastructure, Risk Analysis and patching.
·Operates configuration management tools to support configuration identification, control, reporting, and auditing.
· Experience in AWS Identity and Access Management (IAM) Roles, Policies, Service Control Policies and IAM Boundaries, AWS Web Application Firewall (WAF) Security, AWS Config, AWS Trusted Advisor, AWS Key Management Service (KMS), AWS Certificate Management Services (CMS).
·Strong knowledge of NIST 800-53 Revision 3/4, NIST 800-37, FISMA, Risk Management Framework
·(RMF), FedRAMP and additional cyber security standards and policies.
·Support security authorization activities in compliance with Risk Management Framework process.
·Perform ISSO responsibilities, which include acting as a point of contact for matters of cyber security relating to assigned systems, reviewing audit trail logs and scans, and ensuring systems are maintained per security policies and procedures, and maintaining compliance and ongoing reporting to management.
·Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the activities for the system.
·Perform data gathering techniques (e.g., interviews and document reviews) in preparation for assembling C&A/A&A packages to review and update A&A Packages.
·Prepare and review SSP, Risk Assessment reports, PII, PTA, PIA, SORN, Access Control policies, SOPs, to identify gaps between documentation and IT Security Policy and Governance with NIST SP and other industry standards.
·Prepare and update the Plan of Action and Milestone (POA&M’s), and writes Security Assessment Reports (SAR)
·Collaborate with the SOC engineers to request the scanning of systems using tools like Nessus and WebInspect.
Information Security Analyst US Dept. Of Census Bureau, Suitland, MD
August 2014 — February 2018
·Developed, implemented and monitored a comprehensive information security and technology risk management program to ensure the integrity, confidentiality and availability of information
·Ensured proper access controls are implemented for both system access and physical access to data processing facilities.
·Ensure configuration management is appropriate for all Information Systems (IS) software and hardware, including documentation and tracking of change control actions
·Managed/Performed mandatory Information System (IS) patching, updating, and scanning based on vulnerabilities and threats or regulatory compliance
·Created System Security Plans, Privacy Threshold Analysis, Privacy Impact Assessment, e-Authentication, FIPS-199, Business Impact Analysis for assigned information systems
·Facilitated and lead the definition of the project scope, project management/SDLC approach, milestones, tasks, deliverables, and resource requirements of A&A activities.
·Validated system requirements, security policies and procedures, contingency plans, incident response plans, personnel security, access control mechanisms and identification and authentication mechanisms.
·Ensured all information system and applications are certified and accredited and that RMF packages were processed, reported, and coordinated in a timely fashion with the organization.
JR INFORMATION SECURITY ANALYST Dept. of Treasury, DC February 2012 – July 2014
·Provide services as control assessor (SCA) and perform as an integral part of the Assessment and Authorization process to include A&A, documentation, reporting, reviewing and analysis requirements.
·As a team, we determined Categorizations using the FIPS 199/NIST 800-60 as a guide, reviewed, update and develop Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), and initiated SSP.
·Worked with ISSO, system Owner and team to access controls selected, and assess the weakness and all findings reported in our SAR report.
·Assisted subordinate IAMs to create RMF artifacts and Plans of Actions and Milestones (POA&Ms).
·Ensured POA&M mitigations and timelines were adhered to and documented any changes that occurred.
·Review and document contingency plans (CP), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various agencies.
·Review and update of the SSP using NIST SP 800-18 guidelines.
·Specialize in the entire Risk Management Framework (RMF), and system control assessment processes using NIST SP 800-60, NIST SP 800-53A, preparing and reporting SSP, SAP, PTA, PIA, E-Authentication, POA&M.
·Develop and conduct ST&E according to NIST SP 800-53A and perform on-site testing and reviewing vulnerability scan results, Preparing and reporting SSP, SAP, PTA, PIA, E-Authentication, POA&Ms.
EDUCATION
BSC, George Mason University - VA
May 2017
Contact this candidate