Hawa Weller

SNR. SECURITY CONTROL ASSESSOR

Details

Alexandria, VA 22304, United States

571-***-****

ad4bbl@r.postjobfree.com

Profile

Dedicated and results-driven Security Control Assessor (SCA) with 10+ years of experience in evaluating and enhancing security controls to safeguard critical systems and data. Adept at conducting comprehensive assessments, identifying vulnerabilities, and implementing risk mitigation strategies to ensure compliance with industry standards and regulations. Proven expertise in specific security frameworks, such as NIST SP 800-53 or ISO 27001. Strong analytical, communication, and problem-solving skills, coupled with a passion for maintaining the highest levels of cybersecurity. Committed to helping organizations maintain a robust security posture in an ever-evolving threat landscape.

Skills

Risk Management: Risk assessment and risk mitigation analysis, Information Assurance & Privacy, RMF, System / Network vulnerability analysis, Testing IS Controls, Cloud Cybersecurity (NIST SP 800-Series, FIPS 199, FIPS 200).

Regulatory Compliance: HIPAA, FedRAMP, NIST SPs, PCI-DSS, ISO 27001, CMMC, Contingency planning.

Policy and Compliance Review: SOPs, ISAs, MOUs, test results, firewall policy, Ports & Protocols, Plug-ins.

Networking: Public and Private IP addressing.

Security Tools: Nessus Scan [Tenable io], Web Inspect, STIG.

Software: Microsoft Office Suite 2016: Word, Outlook, Excel, Visio, PowerPoint, Teams, Virtualization, Windows and Linux Operating Systems, SharePoint, Risk Vision, Splunk.

Server: Windows Server 2016.

GRC Tools: RSA Archer, eMASS, CSAM, ServiceNow.

Soft skills: Strong oral and technical writing skills, team player, detail-oriented, ability to work independently, strong leadership and organizational skills.

Employment History

Snr. Security Control Assessor at Global Scalable Technologies LLC, Calverton, MD

APRIL 2021 — PRESENT

●Created post assessment reports and recommendations for relevant security findings.

●Conducted security control testing, analyzed Body of Evidence (BoE) documentation and test results, documented risk and recommended countermeasures.

●Provided an assessment of the severity of weakness or deficiencies discovered in the information system and its environment of operation and recommended corrective actions to address identified vulnerabilities.

●Executed vulnerability/compliance assessment tools and evaluated results for systems undergoing security assessment.

●Provided documentation to the customer which describes all identified system risks, planned test procedures taken and test results.

●Provided enhancement capabilities and SOPs to assessment operations for execution and implementation.

Security Control Assessor at Cerner Technologies, Kansas City, MO

JANUARY 2014 — MARCH 2017

●Identified potential problems in the organization's implementation of the Risk Management Framework.

●Developed a security assessment report (SAR) in accordance with the scope and schedule defined in the SAP.

●Created post assessment reports and recommendations for relevant security findings.

●Entered assessment data in Cyber Security Assessment and Management (CSAM) database used by the federal customer.

●Experienced in writing information system security documentation (System Security Plans (SSP), Plan of Action and Milestones (POA&Ms), PTAs, PIAs, CMPs, CPs, and IRPs).

●Executed vulnerability/compliance assessment tools and evaluated results for systems undergoing security assessment.

System Analyst at Quadrint, Inc., Herndon, VA

MAY 2012 — DECEMBER 2014

●Performed network asset management, including maintenance of network component inventory and related documentation and technical specifications information.

●Supported and designed department project assignments and small system implementation.

●Provided input to solution development efforts.

●Maintained schedules and completed assignments as directed.

●Tracked information system resources for assigned projects.

●Reported on project time-lines and documented performance.

●Developed work products, documented operational and business objectives, best technology capabilities and task level resource requirements.

●Maintained project task plans, documentation and communications.

Education

BSc. Information Systems & Operations Management & Entrepreneurship, George Mason University, Fairfax, VA

Dean's List: Spring 2018

ASSOCIATE OF SCIENCE: Business Administration, Northern Virginia Community College, Annandale, VA

Dean's List: Spring 2015

Certifications

CompTIA Security + CE - Active

AWS Cloud Architect - Associate (SAA) - Active

Certified Information Security Auditor (CISA) - Active

Certified Information Security Manager (CISM) - Active

Clearance Level

Eligible for Secret

Eligible for Public Trust

Work Status

US Citizen

Contact this candidate