Cyber Security Process Improvement
Resume:
Jewell Jackson, CISM
202-***-**** t ad5ufr@r.postjobfree.com
Washington, DC
Cybersecurity Professional
6C Public Trust Clearance
Cyber Security Professional with experience in Security Auditing, Security Project Assessment Management, Regulatory Compliance & Guidance (NIST, FISMA, HIPAA, SSAE18), Security Engineering in the federal, state, commercial and private sectors.
CORE COMPETENCIES
Cyber Security Management t Compliance t Cyber Security Auditing t Operational Security Assessments
t Risk Assessments t Security Control Management t Data Analysis t Governance Risk Compliance
EXPERIENCES AND ACHIEVEMENTS
S&J Technology, LLC
Senior Cyber Security Consultant March 2022 – Present
Manage and oversee cyber security audit and compliance, from defining policies and procedures, performing assessments, and tracking remediation activities to closing risk findings.
Drive projects based on defined priorities; ensure the scope of deliverables and timelines.
Oversee internal and external compliance audits, reviews, assessments, and data calls.
Facilitate and lead annual security reviews per FISMA reporting and reviewing security requirements, recommending mitigation strategies for deficiencies, and forging relationships working cross-functionally with stakeholders, ISSOs, the SOC, the POAM, and Splunk engineering teams.
Draft security policies and procedures and agency specific policies in accordance with NIST requirements.
Influence updates to policies, standards, and control descriptions to enhance process improvement for all audit and compliance activities.
Identify ways to improve and streamline risk identification, assessment, and mitigation processes.
Proactively engage team members, project leads, and stakeholders to ensure system changes or enhancements relating to security audits, compliance controls, and IT standards before implementation.
Conduct quarterly gap analysis of internal audit related processes and procedures for process improvement.
Assist with implementing a NIST-compliant continuous monitoring process across High-Value Asset (HVA) information systems to provide audit readiness and compliance checks on a subset of security controls.
Utilize Splunk, CSAM, Service Now, SharePoint for various OIG, FISMA audits, data calls and Provided by Clients (PBC) requests and evidence reviews, POAM tracking and submissions and other compliance tasks.
Create and present reports and metrics relating to audit and compliance to key stakeholders and leadership.
Meet professional obligations through efficient work habits such as meeting deadlines, honoring schedules, coordinating resources and meetings effectively and on time, and demonstrating respect for others.
Jacobs, Audit & FISMA Team Lead September 2017 – March 2022
Manager of the audit readiness and FISMA analysts providing program management, governance, compliance, IT security support.
Structured the team to deliver ongoing tasks effectively and efficiently for BOD reporting, FISMA Metrics, RAFS, SOP documents, Risk Acceptance processes, data calls and audit reporting and compliance.
Provided audit readiness support as well as Provided by Clients (PBC) requested by OCIO, GAO, FISMA,
A-123, FSA OIG third party auditors (KPMG, Deloitte) via the Federal government manager.
Facilitated and supported audit and compliance activities based on NIST SP 800137, NIST SP 80053 Rev. 4, NIST SP 80053A Rev. 4, and NIST 80037 Rev.1, for over fifty Title IV Federal Information Systems.
Utilized software tools (CSAM, Excel, SharePoint, Titan) to manage POAMS, and other audit related actions.
Documented Plans of Action and Milestones for corrective action in response to identified vulnerabilities.
Provided audit readiness support to the SOC, ISSO, Vulnerability, POA&M, SCA, Engineering Teams on audit findings, outstanding CVSS vulnerabilities, ATO packages and vulnerability management.
Oversaw the FISMA Metrics for Federal Student Aid internal and external systems.
including high value assets utilizing the NIST CSF (Cybersecurity Framework) quarterly reporting to the
CIO/CISO.
Responsible for contract task area weekly and semi-annually reporting to the COR, CISO and other stakeholders.
Jacobs - Senior Security Consultant
PIV PAM (Privilege Access Management) Project Lead April 2017 - September 2017
Managed and performed risk assessment analysis for elevated, global, privileged users and users with access to sensitive data sources. Worked cross functionally, as the liaison between various teams and business units.
Jacobs - Senior Security Consultant August 2016 – April 2017
Performed Security Control Assessing, POA&M remediation, IV&V assessing support to the Department of Education (FSA). Technically assessing both application and general support system security configurations and implementation. Interfaced with federal employees and contractors to perform the security assessment activities such as vulnerability scanning, analyzing results from vulnerability scanning tools such as Nessus, Nipper, WebInspect, AppDetective and generated risk scores on all assessment findings based upon NIST 800-30.
S&J Technology, LLC Senior Consultant January 2016 – August 2016
Provided Vulnerability Management, POA&M remediation, Security Advising & Web application & network scanning, and ISSO & Security Office Management support to varies companies & the Census Bureau
Lynx Technologies, Senior Security Engineer September 2014 – January 2016
Lead and oversee Operational Security Assessments for the Department of Agriculture. Take full responsibility and accountability in the accurate validation and assessment of security events, including intrusion detection, malicious software detection, SIEM tool events, vulnerability scans, penetration tests, and audit findings.
CNSI
Senior Security & Privacy Manager October 2012 - August 2014
Oversaw accuracy and completion of corporate, state, and federal compliance projects (HIPAA/HITECH, NIST, SSAE16).
MANTECH
Senior Security C&A Analyst - Short Term Contract April 2012 - October 2012
Ensured SME Certification & Accreditation/RMF through collaboration with the Library of Congress Copyright Office. Effectively assessed NIST security controls and resolved vulnerability concerns. Conducted thorough NIST security control testing, audit interviews, and RMF(C&A) technical testing using GRC (Trusted Agent) tool.
MINDSEEKER
Cyber Security Analyst - Short Term Contract January 2012 - April 2012
Supervised security C&A support for all RMF efforts at the (FCC) Federal Communications Commission, including assessing web applications within the GSS, conducting vulnerability assessments, and assisting IT operations to mitigate security risks. Managed POA&M’s, risk reporting and major application inventory tracking using the Xacta IA Manager tool.
MANTECH
C&A Analyst/Principal Security Engineer February 2011 – January 2012
Led Certification & Accreditation and ST&E assessments within the Library of Congress. Developed new and innovative System Security Plans and conducted thorough risk audit assessments.
WALA TECHNOLOGIES
Senior IT Project Manager - Short Term Contract August 2010 – February 2011
Led and implemented Network Discovery and Mapping contract at the Department of Education, supervising a team of Senior Computer Security Consultants and Enterprise Architects. Created accurate and complete contract deliverables, including PMP (Project Management Plan), ROE (Rules of Engagement), weekly status reports, Project Plan/WBS, invoicing, and contract modification for the Program Management Team.
S&J Technology, LLC
C&A Production Team Lead Security Consultant - Short Term Contract August 2009 – August 2010
Spearheaded execution of activities for Bank of America C&A efforts in support of Ginnie Mae Systems. Oversaw phase I, II and III C&A activities according to NIST Governance.
PEROT SYSTEMS GOVERNMENT SERVICES, Washington, D.C. February 2009 – August 2009
Certification & Accreditation Audit Security Consultant - Short Term Contract
Developed and ensured maintenance of ongoing SME support at the Department of Education. Created boundary System Security Plans, including tracking and close out of POA&M’s. Created Corrective Action Plans for the Government Management Team and assessed and evaluated FISMA findings and remediation planning. Effectively collaborated with team members and Government staff to obtain ATO’s (Authorizations to Operate) for Major Applications and General Support Systems.
EDUCATION
Bachelor of Science, Computer Science
Bennett College, Greensboro, NC
Master of Business Administration, Business Finance & Management Certificate
University of Virginia Darden School of Business, Charlottesville, VA
Training & Certifications
ISACA – CISM
CompTIA - Security+
PMP (Project Management Professional)
Certified in the Governance of Enterprise IT (CGEIT)
Information Technology Infrastructure Library (ITIL)
Splunk Admin 9.0.X
Linux Administration
Contact this candidate