Post Job Free
Sign in

System Security Controls

Location:
Hagerstown, MD, 21740
Posted:
August 06, 2024

Contact this candidate

Resume:

Gerhardt Halm-Lutterodt

Hagerstown MD, *****

973-***-****)

***********@*****.***

Hagerstown MD, 21740

PROFESSIONAL SUMMARY

I am a Cybersecurity Professional with 5+ years of experience with a comprehensive knowledge in FISMA, Compliance, SOX 404 compliance, Security Assessment & Authorization (SA&A), Risk Management, Developing and Reviewing Assessment Report as well as IT Security Policies, Procedures and Guidelines. I am fluent in English, Possess strong written and verbal communication skills, Managerial skills and the ability to effectively work in a diverse and multicultural environment with the desire to make an impact in a motivational environment.

SUMMARY OF QUALIFICATIONS

●Develop Certification and Accreditation documentation in compliance with NIST and organizational standards.

●Develop, review, and evaluate System Security Plans (SSP) and Information System Contingency Plans (ISCP) based on NIST Special Publications.

●Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems.

●Develop and conduct Security Test and Evaluation (ST&E) according to NIST SP 800-53ACompile data to complete Residual Risk Report and to insert contents into the POA&M.

●Ability to multi-task, work independently and as part of a team.

●Strong analytical and quantitative skills.

●Effective interpersonal and verbal/written communication skills.

●Identify deficiencies in accordance with OMB Circular A-123, Appendix A.

CERTIFICATIONS

●Certified Diploma in completion of Cybersecurity CompTIA+

●Srum Master Certification

●Certified Diploma in completion of CAP – In progress

EDUCATION

Bachelor of Science in Nursing

PROFESSIONAL EXPERIENCE

Advancing Opportunity Inc. April 2018-Present

Security Controls Assessor

●Planned and conducted security control assessments (full and annual) to validate and identify control weakness.

●Assisted in preparing and reviewing security documents to include System Security Plans (SSPs), Risk Assessment Reports (RAR), and other Assessment & Authorization (A&A) artifacts.

●Lead in researching and addressing information security issues as required, and developed and maintained the Plan of Action and Milestones (POA&M) and support remediation activities

●Conducted pre-assessment preparation

●Selected and identified security control inheritabilities (common, hydrate, system specific).

●Performed continuous monitoring of security controls to ensure control adequacy and results.

●Advised system owners on matters related to privacy and IT security.

●Conduct IT control risk assessment to identify system threats, vulnerabilities, and risk, generate reports.

●Develop and conduct Security Test and Evaluation (ST&E) according to NIST SP 800-53A.

●Develop a security baseline controls and test plan that was used to assess implemented security controls.

●Develop System Security Plan (SSP) to provide an overview of the system security requirements and describe the controls in place.

●Develop Security Assessment Report (SAR) detailing the results of the assessment along with the Plan of Action and Milestone (POA&M).

●Create standard templates for required security assessment and authorization documents; Risk Assessment (RA), system Security Plan (SSP), Contingency Plan (CP), and Security Plan (SP).

●Involve in third party contract evaluation, Review information security accreditation request.

●Conduct periodic IT Risk Assessment and Reviewed IA controls for any deficiencies and reported to the ISSO appropriate mitigation actions.

●Conduct Business Impact Analysis (BIA) to identify high risk area where audit effort will be allocated to.

MercuryGate International January 2016-April 2018

Information Security Analyst

●Conduct kick off meetings to categorize systems in accordance with NIST requirements of a Low, Moderate or High system using FIPS 199 and SP 800-60.

●Conduct IT risk assessment to identify threats and vulnerabilities.

●Assist System Owners and ISSO in preparing Certification and Accreditation package in accordance with FISMA and FedRAMP compliance.

●Draft and review Privacy Threshold (PTA) and Privacy Impact Analysis (PIA) of systems and applications collecting and processing Personal Identifiable Information (PII).

●Develop review and evaluate the System Security Plan (SSP), Security Assessment Report (SAR) and the POA&Ms based on organizational policy and NIST special publications.

●Conduct Annual Assessments to determine security controls adequacy (NIST SP 800-53A).

●Created standard templates for required security assessment and authorization documents, including risk assessment. Security Plans, Security Assessment Reports, Contingency Plans, and Security Authorization Packages.

●Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Analysis (PIA), System Security test and Evaluation (ST&E) and the Plan of Action and Milestones (POA&M).

●Work with multiple Cloud Service Providers (CSP) and System Owners to determine the right CSP and Service Models (IaaS, PaaS, SaaS) adequate and tailorable to an IT environment.



Contact this candidate