HELDRINE TCHANTCHO

Information Security Analyst

202-***-**** ad4g4s@r.postjobfree.com Bowie, MD Location Summary

A dedicated and experienced Information Security Analyst with over five (5) years of experience in providing deliverables as part of the Risk Management Framework (RMF) lifecycle, Continuous Monitoring Efforts, Security Control Assessment (SCA), and Vulnerability Management. Experienced in establishing Authority to Operate (ATO) and Security Assessment Package (SAP) documentations such as System Security and Privacy Plan (SSPP), Plan of Action & Milestones (POA&M), Security Assessment Report (SAR), and Risk Assessment Report (RAR). Expert in implementing security controls in accordance with National Institutes of Standards and Technology (NIST) Publications and Federal Information Security Management Act (FISMA) guidelines and standards. A highly motivated professional with a team player mindset and background in implementing an Agile Safe environment; Keen attention to detail and in delivering results to meet deadlines. Courses & Certificates

CompTIA Security +

ISACA Certified Authorization Professional (CAP)

SAFe 5.0 Agility

Certified Scrum Master (CSM)

Experience

Netvision Chantilly, VA

Senior Information Security Analyst 11/2021 - Present IT Solutions

Generate, review, and updated SSPP against NIST 800-18 and NIST 800-53 requirements. Provide continuous monitoring support for systems in accordance to FISMA guidelines. Perform validation of security documents such as FIPS 199, Contingency Plan (CP), Privacy Impact Assessments (PIA) and Privacy Threshold Analysis (PTA).

Document and conduct Security Testing and Evaluation according to NIST 800-53A. Oversee the preparation of SAP package for submission for an ATO. Perform evaluation of policies, procedures security scan results, and system settings in order to address controls that were deemed insufficient during the SCA.

Develop and maintain POA&Ms for all identified risks and findings from the SCA. Perform comprehensive SCA and prepare SAR on management, operational and tehcnical controls assessed during the SCA. Conduct risk assessment as part of continuous monitoring and in accordance with the risk profile or systems following NIST 800-30 and NIST 800-37.

Develop, maintain, and communicate consolidated risk management activities and deliverables. Analyze scans to determine which vulnerabilities have not been remediated and create POA&Ms. Conduct monthly vulnerability scan analysis to assist ISSO. U.S. Bank McLean, Virginia

Risk Managament Framework (RMF) Analyst 05/2019 - 10/2021 IT Services

Assisted ISSO in maintaining CSAM for their designated systems. Conducted monthly review and update of implementation statements for controls with ISSO guidance. Created POA&Ms in the POA&M tracking tool for ISSO/ISSM approval. Conducted POA&M Management (Monthly review and meetings with POCs to discuss remediation efforts). Developed and maintained POA&Ms of all findings and accepted risks upon completion of the SCA. Scheduled and attended weekly meetings for audits, POA&M findings and after action review. Reviewed CSAM for expired documentations and recommended updates to ISSO and SO. Conducted pre-assessment activities such as documentation update and SSP review and update. www.enhancv.com Powered by

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

Experience

T-Mobile Washington D.C.

Scrum Master 03/2017 - 04/2019

Telecommunications

Using the SAFe framework, I collaborated with other scrum teams, i.e Attend Scrum of Scrums to coordinate dependencies across other scrum teams in Agile Release train, work with Release Train Engineer, System Architects, and system Teams for Infrastructure requirements to support integration testing.

Facilitated working sessions in which stakeholders/team members define epics, features, acceptance criteria, and communicate the goals and vision to the development team, leading to a significant increase in team productivity. Provided proactive coaching to the team and recommend continuous improvement of processes and tools to optimize team productivity, quality and time-to-market.

Tracked and communicated team velocity during sprint/release planning using Jira and confluence for metrics, requirements, and documentation. Worked with my product owner and end users to prioritize feature development and enhancements based on critical paths and business needs. Communicated and reported team progress and accomplishments thus encouraging transparency. Communicated and radiated information to all stakeholders, keeping them informed about the project status reports, milestones, and issues. Motivated team members with excellent business, analytical, communication, presentation and management, technical and written skills. Elites Care LLC Hyattsville, Maryland

Data Entry Specialist 07/2016 - 02/2017

Healthcare Services

Retrieved data from the database or electronic files as requested. Sorted and organized paperwork after entering data to ensure it is not lost. Typed in data provided directly from customers.

Transferred data from paper formats into computer files or database systems using keyboards, data recorders or optical scanners. Created spreadsheets with large numbers of figures without mistakes. Updated existing data.

Education

Western Governor University

Master's in Cybersecurity & Information Assurance 2022 - 2024 University of Yaounde II (SOA), Centre Region - Cameroon Master's 1 in Common Law 2015 - 2016

Univeristy of Buea, Southwest Region - Cameroon

Bachelor's Degree in Common Law 2013 - 2015

Skills

WebInspect Tenable CSAM Rally ServiceNow NIST FISMA BigFix Microsoft 365 Jira Xacta SSP RMF POA&M SDLC Scrum Confluence Agile

www.enhancv.com Powered by

•

•

•

•

•

•

•

•

•

•

•

•

•

•

Contact this candidate