Information Systems Security Controls

Richmond P Sam

Providence, RI

-Email me at: *************@*****.***

A detailed Cybersecurity Analyst with over 5 years experience in Information Systems Technology and over with 3 years of experience and expertise in Cybersecurity, implementing all phases in the Risk Management Framework

(RMF) from the Categorization through Continuous Monitoring phases, security engineering, vulnerability scans, security evaluations, risk analysis, and security controls assessments with systems ranging from small networks to wide enterprise systems. Additionally, also preparing and implementing Information Security policies, System Security Plan (SSP), Plan of Actions and Milestones (POA&M). Experience in Management and Operations, Certification and Accreditation (A&A), NIST 800-53 Rev4 and NIST SP 800-37 rev 2, 800-18, 800-53 Rev4,800-34, FIPS, NIST Family of Security Controls, Incident Response and Contingency Planning. Highly knowledgeable in the performance of Security Control Assessment (SCA), operational and technical security controls for audited applications and information systems. Dedicated professional with an excellent work ethic. Experienced in a range of technologies with the ability to learn quickly and adapt to new environments.

Work Experience

Information Systems Security Officer (ISSO)

Micdenlak IT Consult LLC, Virginia, USA

May 2023 – Present

Risk Management Framework (RMF) assessments and Continuous Monitoring. Performed RMF assessment on several different environments

Assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.

Experienced with developing and updating system categorization levels using FIPS 199/NIST 800-60, selecting the controls using NIST 800-53/FIPS 200, implementing controls and developing SSP and other key deliverable documents.

Utilize processes within the Security Assessment and Authorization environment such as system security categorization, development of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring.

Conduct ISSO responsibilities to include the approval of change request, review of audit logs, review of system accounts, and analysis of vulnerability scans

Communicate with management of new security, regulations, or policies and monitor NIST guidance for upgrades that may affect ongoing system management.

Provide input to management on appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major applications.

Support the execution of the development of program required security documentation, including items such as security plans, contingency plans, and security tests plans and procedures in compliance with policy

Document and review System Security Plan (SSP), Security Assessment Report (SAR) and Plan of Action and Milestones (POA&M)

Update and track the remediation of security weaknesses and vulnerabilities as documented in the POA&M.

Worked with team to tailor security controls following NIST guidelines and company policies

Updated SSP with implementation details, as part of continuous monitoring and in preparation for ATO.

Performed data gathering techniques (e.g. Questionnaires, interviews and document reviews) in preparation for assembling C&A/A&A packages and ATO.

Support the Security Assessment and Authorization (SA&A), FISMA compliance, NIST requirements and continuous monitoring for Security Controls

Support the development and documentation of Contingency Plans (CP), Disaster Recover (DR) Plans and Continuity of Operations (COOP) Plans

Serve as the IT security POC for assigned systems to ensure information systems comply with applicable policies.

Develop, maintain, and communicate consolidated risk management activities and deliverables calendar.

Security Control Assessor

MetLife, Inc.

March 2022 – May 2023

Prepare artifact request lists to collect artifacts to validate control implementation

Review ATO package documents like SSP and POAMS prior to assessment for compliance, completeness, and accuracy and to recommend remediation of any preliminary findings.

Prepare Security Assessment Plan (SAP) to document controls to be assessed, the assessment schedule, assessment methodologies and other assessment details and requirements.

Facilitate kick-off meetings with system stakeholders to get more information about the system, discuss the assessment plan, and give clarifications on the assessment process.

Review control implementation, control inheritance, tailored controls, and organizationally defined parameters using NIST 800-53 A rev 4 and policy documents as a guide.

Validate information system security plans to ensure NIST security control requirements are met.

Collect and document artifacts and evidence to support security control implementation and the effectiveness of these controls with respect to securing the information systems.

Collect and Upload supporting assessment documentation on a share point site

Assess and evaluate system compliance with Departmental policies and NIST guidelines by reviewing policies and the security controls documented in the System Security Plan (SSP).

Document initial assessment findings in test plans and final assessment results in Security Assessment Report (SAR)

Analyze weaknesses or deficiencies discovered during assessments and develop security assessment reports (SAR) to document the results of the security control assessment and recommendations for correcting any weaknesses or deficiencies in the control implementation

Conduct final review meetings with system stakeholders to discuss the draft SAR and ensure stakeholders understand the required remediation or the weaknesses uncovered during the assessment

Track, update team schedule and send reminders to team members about dates for key deliverables

Participate in weekly team meetings to obtain updates and present status reports on ongoing projects

Work with teams to review remediation and closure of POAMs Internal Auditor

MetLife, Inc., 700 Quaker Lane, Warwick RI

March 2018 – March 2022

Support the planning, testing, and reporting of internal controls to the company’s quarterly and annual plan on the effectiveness of internal controls over financial reporting

Perform audit assignments to ensure that all business risks are anticipated, identified, recognized and appropriately managed in alignment with the departmental audit plan and initiative

Execute testing of controls as defined by the test program to verify, analyze and validate information

Develop process workflows to identify risk and control points through process mapping of business processes

Create clear and accurate documentation of workpapers based on control soundness in testing results and exceptions to validate adequacy and compliance

Assist in the support of SOX deliverables and conduct external audit direct- assisted work

Communicate timely and appropriately with audit team and identified stakeholders through audit lifecycle

Accounts Payable Accountant/Coordinator

CVS Health, 700 Quaker Lane, Warwick RI

May 2017 – March 2018

Researching, analyzing and resolving supplier merchandise disputes related to payment variances, chargebacks and inventory discrepancies for resale

Resolving supplier payment issues as well as processing of open invoices

Matching of invoices and credits to payments and deductions in vendor open balance

Handling high volume workload while maintaining accuracy in working closely with suppliers in addressing additional accounts payable requests

Working independently and in a team environment with others internal to Accounts Payable and outside of AP

Communicating with different departments in relation with merchandise returns, warehouse delivery, and prioritizing accounts paying in shorter time intervals with larger sums

Education

Bachelor of Science in Business Administration, University of Rhode Island, Kingston, RI - May 2016

Major: Accounting Minor: Writing

Skills

Computer Networking

Internal Control Planning and Execution

Risk Analysis and Management

Process Workflow Development

System Security

Plan of Action and Monitoring (POA&M) Management

Control Compliance and Execution

System Security Plans

Security Control Assessment

Information Security

Enterprise Software

NIST Standards

Risk Management

Technical writing

Cybersecurity

Vulnerability Assessment

Certificates and Licenses

Certified Information Security Manager (CISM)

Contact this candidate