Information Systems System Security

Rita Danso

Tel : 917-***-**** Email : ****.********@*****.***

OBJECTIVE

A dynamic and detail-oriented Security Assessment and Authorization professional with a strong problem solving and project management skills. Knowledgeable in Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), Security Life Cycle and Vulnerability Management, using FISMA and applicable NIST standards.

CONTROLS & FRAMEWORKS

NIST RMF (FISMA), Confidentiality, Integrity, Availability, NIST SP 800-53, 800-53A, 800-60, 800-18, 80037, 800-30, 800-137, HIPAA, Confidentiality, Integrity, Availability, Access Control, Audit and Accountability. Certification and Accreditation, Application Control, Contingency Planning, Policies and Procedures, and Incident Response.

SOFTWARE AND PLATFORM

RSA Archer, CSAM, eMASS, ServiceNow, Microsoft Suite, Google Suite, Tenable Security Center (Nessus Scan), Windows.

CERTIFICATIONS

Certified CompTIA Security Practitioner(CASP+) - Active Certified CompTIA Security+ - Active

EDUCATION

University Maryland Global Campus

Information Systems Management

EXPERIENCE

Information System Security Officer (DHS) 11/02/2020 - Present KBR – Charleston S. Carolina

• Analyzes and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment

(PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).

• Assists System Owners and ISSO in preparing Security Assessment and Authorization (SA&A) packages for assigned Information Systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53.

• Designates systems and categorizes its C.I.A using FIPS 199 and NIST SP 800-60.

• Conducts Self-Annual Assessment (NIST SP 800-53A), in preparation for Independent Security Control Assessments (SCA).

• Performs Vulnerability Assessments. Makes sure that risks are assessed, evaluated and proper actions are taken to limit their impact on the Information and Information Systems.

• Creates standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.

• Conduct risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy, and compliance with the requirements of the NIST RMF

• Reviewed A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, E-authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool (CSAM).

• Requested scans and later review the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.

•

Cyber Security Analyst (Dept. VA) 08/15/2017- 10/30/2020 e- Team- Washington, DC

• Performed third party risk assessments and Vendor due diligence.

• Monitored 3rd party operational risk trends and provided analysis of data and other operational risk metrics using Security Scorecard.

• Tracked exceptions to IT policies and procedures and followed up with management approval for implementation.

• Conducted application assessment and track issues identified during the assessment with supporting mitigations measures.

• Performed IT & Risk Security Risk & Control Assessments for new products/initiatives.

• Reviewed services provided by vendor and defined scope of assessment.

• Reviewed assessments performed by 3rd party and provided feedback. Defined appropriate risk levels and corrective actions for issues identified.

• Presented issues to 3rd parties and obtained corrective action plans.

• Updated procedure documentation to incorporate process changes to SOPs.

• Conducted third-party risk assessments, applying established criteria; Information gathering, questionnaire administration, receive vendor response, risk assessment, reporting and monitoring.

• Supported assessment team with quality assurance reviews over work product and reporting.

• Collaborated with internal partners and third parties to mitigate and otherwise resolve third-party cyber risks.

• Consistently delivered on commitments, deadlines and objectives while remaining in scope and leveraging appropriate tools, methods, frameworks, and professional standards.

• Demonstrated consistent credibility with business partners and leadership while recommending initiatives, identifying gaps and potential issues.

• Worked independently while representing the services of the department with the highest level of professionalism.

• Appropriately influence business decisions, and the professional judgment for selecting the appropriate methods and techniques to do so.

• Updated procedure documentation to incorporate process changes. Cybersecurity Analyst 04/2016 – 07/2018

AFS, Chantilly, VA

• Performed FISMA-based security control assessments for various assigned information systems, by conducting interviews (System Owner), testing, and examinations of implemented security controls to ensure controls are implemented correctly and performing assigned functions.

• Conduct pre-assessment meetings with clients to discuss assessment scope, rules of engagement (ROE), and the timeline for the assessment.

• Performed rigorous assessments of IT controls using industry-standard guidance and leading practices

(e.g., FISMA, NIST SP 800 series, OMB Circular A-123, RMF, etc.)

• Performed walkthrough interviews and maintained communication with a variety of client stakeholders, including system personnel such as system and database administrators

• Provided Plan of Action and Milestones (POA&M) support to ensure mitigations are completed or the teams are working to mitigate all vulnerabilities in a timely fashion and within customer policy timelines.

• Reviewed security artifacts such as System Security Plans, inventories, screenshots of technical files, Scan data, requirement traceability matrices, control allocation tables, and security assessment reports

• Assisted ISSO's to create and manage POA&Ms for identified system vulnerabilities and track findings to ensure that they are remediated and closed.

• Developed and upload ATO Package (SAR, SSP, POAM) as well as ST&E into GRC tool CSAM. Transportation Inc., 09/2014-07/2016

Help Desk Support (Tier 1)

• Assigned ticket severity, prioritized work accordingly, and collaborated with other staff and vendor support resources to resolve issues.

• Coordinated with contractors and vendors to repair office equipment’s such as printers, fax, copier and workstations.

• Provided customer service support and end-user training via phone and email.

• Maintained an inventory and database of IT related assets, including hardware, software, peripherals.

• Provided office equipment to office staff as requested through Remedy ticketing systems.

• Able to offer versatile office management

REFERENCES

References will be furnished upon request.

Contact this candidate