Post Job Free
Sign in

Risk Management Security Analyst

Location:
Philadelphia, PA
Posted:
May 19, 2024

Contact this candidate

Resume:

IT SECURITY ANALYST

Knowledge of FISMA Compliance under NIST 800-53, NIST SP 800-66, NIST SP 800-171 for Controlled Unclassified Information (CUI), CMMC frameworks, FedRAMP, CIS, and HIPAA.

Experience working and documenting Risk Management Framework processing with end results achieving an Authority to Operate (ATO).

Solid experience with NIST Risk Management Framework (RMF) process, risk assessment, and continuous monitoring.

Experience in performing vulnerability and risk analyses of applications during all phases of the system development life cycle.

Areas of Expertise

Policies & Procedures

Business Requirements

NIST 800 guidelines

Cloud Computing

HIPAA

FISMA

FedRAMP

Risk Management

Vulnerability Assessments

BOD 18-01

FIPS 199,200

Information Assurance

SDLC

Compliance & Remediation

POA&M Management

Professional Experience

ProSec Solutions, Washington, DC

ISSO Mar. 2019 – Present

Review and conduct self-assessment on Premise and Cloud environments.

Prepare Assessment and Authorization packages for IT systems, and ensure management, operational and technical security controls adhere to well-established security requirements authorized by NIST SP 800-53.

Support the full life cycle of the assessment and authorization (A&A) process by updating the following documents: System Security Plan (SSP), Plan of Action & Milestones (POA&M), Disaster Recovery Plan, Contingency Plan, Incident Response Plans, Business Impact Analysis, Configuration Management Plans, Risk Assessment, and E-authentication.

Participate in the development of the Contingency Plan and Tabletop exercises.

Review Vulnerability scan results and ensure that risks are assessed and evaluated.

Work with System Owner to assign risk impact ratings for systems in accordance with Federal Information Processing Standards (FIPS) 199.

Provide continuous monitoring support for control systems in accordance with FISMA guidelines and conduct FISMA-based security risk assessments.

Coordinate continuous audits between stakeholders and external auditors to ensure that audit findings are remediated accordingly, and corrective actions implemented per SOPs and regulations.

Ensure appropriate system changes are implemented and complete the System Impact Analysis form.

Responsible for the development, assessment and documentation of the security controls documented in the Systems Security Plan (SSP) per NIST 800-53.

Provide continuous security monitoring of assigned systems.

Develop and maintain the Plan of Action and Milestones and support remediation activities.

Ensure IT systems have all security controls in place and function properly in accordance with NIST 800-53A publications.

ProSec Solutions, Washington, DC

Business Analyst May. 2018 – Mar. 2019

Assisted the business team with software development changes to enhance eligibility and benefits applications.

Provided program management, requirements gathering, process diagramming, operational concepts, usability, and testing.

Created and delivered high quality solutions for the software systems to ensure that the implemented software code and processes met the requirements of the business programs, and conformed to all applicable Federal and state laws and meets the needs of customers.

Supported internal product teams by providing recommendations for product enhancements.

Assisted in the creation and maintenance of documentation related to testing procedures, business requirements, and project deliverables.

PHAM, Lancaster, PA

Program Coordinator May. 2016 – May. 2018

Responsible for maintaining up-to-date policies and procedures, applicable laws and regulations.

Coordinated daily operations and activities related to compliance, in collaboration with Compliance Case Manager and supervisors.

Tracked the timely review of compliance policies, procedures and standards of conduct.

Identified instances of non-compliance, conducted investigations, formulated reports, provided recommendations, and ensured monitoring of corrective actions' implementation, updating the compliance database accordingly.

Education

-Bachelor’s degree in psychology – Temple University, Philadelphia, PA

Certifications

-Security+, AWS Cloud Practitioner, Certified Authorization Professional (in progress)

Technical Tools

Archer, OneTrust, CSAM, Nessus Tenable, WebInspect, Nmap, Invicti, StackRox, Rapid7, Remedy, JIRA, ServiceNow, SharePoint



Contact this candidate