Security Officer
Resume:
Charlotte Berchie
410-***-**** adcxps@r.postjobfree.com
Clearance – Public Trust
(US CITIZEN)
Security / Risk Assessor, POA&M manager, System Auditor
EXECUTIVE SUMMARY
Skilled and detail-oriented Security Control Assessor, POA&M Oversight, IT Auditor with 8yrs experience in all steps of the Risk management Framework including Privacy Risk and Security. Experience in applying NIST Special Publications 800 Series and FIPS series, for the System Development Life Cycle and System Authorization Life Cycle’s Best practice .
Involved in the Federal IT Modernization Support, Continuous Diagnostic Mitigation (CDM ), Supports Information System Security Officer ( ISSO), Chief Information Security Officer (CISO), and stake holders with development, updating, reviewing Documents,Tracking Audit findings,Testing, monitoring and Validating Security Controls. A good team player, has strong ability to work efficiently, independently, with teams and under pressure.
FUNCTIONAL SKILLS
Hands-on experience assessing, developing, and/or updating security documents /artifacts including but not limited to System Security Plans (SSP), Configuration Management Plans (CMP), Information System Contingency Plans (ISCP), Incident Respond Plans (IRP), Business Impact Analysis (BIA), e-Authentication Risk Assessment, Security Assessment Plans (SAP), Security Assessment Reports (SAR), Verification and Validation Process, Federal regulations/guidelines, Technical writing and implementation of Best practices.
Experienced with Information Security Governance, Monitoring, Reviewing, Analysis, Tracking and defining requirements and posture for Defense in Depth (DiD) using the following Guides; SP 800-30, SP 800-37, SP 800-53 Rev 4, SP 800-53A, SP 800-60, SP 800-137, 800-18, 800-171, FIPS 199, FIPS 200, OMB Circular A-123, and OMB Circular A-130.
Assessment and POA&M tracking tools (Cyber Security Assessment Management (CSAM)
Experienced developing, tracking, and oversight of Plan of Action and Milestones (POA&M) process as part of Continuous Diagnostic Mitigation and Assessment
Microsoft Office Suite (Word, Excel, PowerPoint, Visio, Outlook)
Proficient using Windows 7, 8,10, and XP
Proficient using Remedy, Nessus Tenable Vulnerability Assessment.
Expertise with Telecommunications Fundamentals System Forensics, FISMA, FIPS Publications
ST&E, Risk Management Framework 800-37, SSP, Risk Assessment, IT Security Controls, DISA, STIG’s compliance, Sarbanes-Oxley Compliance (SOX 404), HITRUST, Contingency Planning, Change Management, Security Gap Analysis, Configuration Management, HIPAA, SDLC, C&A, System Monitoring & Regulatory Compliance,
In depth knowledge of Commercial Frameworks such as COSO, COBIT, ISO, SSAE 16, PCI-DSS and HIPAA frameworks.
SECURITY AUDIT TOOLS:
SIEM ( security Information & Event Management), Audit Logs Review,
GRC (Governance Risk and Compliance tools), SRC ( Security Risk Compliance ), Archer Dashboard
Other TOOLS:
Retina • Tenable Nessus • CSAM, Carbon Black, ALM, ForeScout, BigFix
EDUCATION AND CERTIFICATIONS
B. A. Theology, Life Christian University, Lutz FL – Graduated June, 2012
A.A. New York University, Respiratory Therapy, New York, NY- Graduated June, 1991
FISMA RMF/ DIACAP - DOD Training Center, Columbia, MD – Graduated
SECURITY+ / DOD 8570 – Training Center, Columbia, MD - Graduated
CompTIA Security+ Certification - CERTIFIED
SPLUNK Trained . Archer Dashboard Trained, ForeScout Trained, BigFix Trained.
Certified Information System Manager, (CISM ) In progress.
Certified Authorization Professional (CAP) in progress.
PROFESSIONAL EXPERIENCE
Alutiiq, 737 Volvo Parkway, Chesapeake, VA
November 2018– Feb 2020 ( Cybersecurity Auditor / Technical Writer)
Support SOC (Security Operations Center) to Identify, Protect, Detect, Respond and Recover
OCIO Support for identifying Gaps, Vulnerabilities and Remediation
Federal /Agency Dashboard, CDM / Timely Audit Procedure
Identification, Protection, Detection, Responding and Recovery
CISO Support with Audit remediation Documents
Configuration Management process
Vulnerability Management process.
Configuration Management Team Support
Software Asset management, Hardware Asset Management
Collaboration with Booze Allen and DHS for CDM project
Continuous Diagnosis Mitigation (CDM ) Support .
ATO Packages
Security control tailoring
Governance – Integrated Project Team Contributor
,
Apply Logic Consulting Group, McLean, Virginia. (Fed Contract)
June 2017 – OCT 2018 ( POAM and ATO management)
Supported Project - 2020 Census
POA&M management / oversight working with Project managers.
Reviewing and updating Security Assessment Reports
Developing, Reviewing,Updating ATO packages
Creating System Security Plans
Using the Risk Management Framework to Identify, Protect, Detect, Respond and Recover
Reviewing and Assessing Security Controls
Using NIST SP 800-53, NIST 800-53A, NIST 800-39, 800-37, 800-30
Developing Policy, Procedure and S.O.P in compliance with Risk Management Framework.
Snr Information Assurance Analyst, Smartthink LLC, Berwyn Heights MD
March 2012 – June 2017 ( Security Authorization and Audit ) Federal / T-Rowe Price
Ensures proper system categorization using NIST 800-60 and FIPS 199
Implements appropriate security controls for information systems. NIST 800-53 Rev 4 .
Developed, Updated or Reviewed System Security Plans (SSPs)
Reviews and updates remediation on Plan of Action and Milestones (POA&Ms) Using CSAM
Enterprise Mission Assurance Support (eMASS) – RMF/ ATO Packages
Supports System Owners and system teams through the ATO process, using NIST 800-37.
Creates, modifies, and reviews Security Assessment Report (SAR), Contingency Plan (CP)
Continuously Monitoring Controls, Applications, Hardware and user activities
Develops a variety of Assessments & Authorization deliverables including; System Security Plan (SSP), FIPS 199 Categorization, PIA, ST&E, SAP, SAR, DRP, IRP, CMP.
Analyzes and updates System Security Plan (SSP), Risk Assessment Reports (RAR), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)
Coordinates with the Agency’s Privacy Records, and Governance Divisions in regards to policy and procedure.
Applied COBIT, COSO, ISO 27000, 22000 frameworks to systems and processes
Conducted Contingency Plan Testing or functional methods at least annually to update plan.
Supported Configuration Management Team and procedure to ensure that changes are monitored
Responds to emerging requirements or policies as set by legislation, regulation or policy
Supports annual assessments in accordance with Organizational policies .
Created Waivers or Risk Acceptance Memos to assist in the effective management of system risks
Security Analyst, JMAT Systems, Greenbelt MD
January 2010 – February 2012 : Continuous Monitoring / Audit (Federal and Civilian Contracts ).
Conducted systems risk assessment through Risk analysis, identify all possible vulnerabilities within systems and implementing Mitigation Strategies .
Assessed security controls in accordance with the assessment procedures defined in the security assessment plan (SAP) through examination, interviews, and testing.
Conducted initial remediation actions on security controls based on the findings and recommendations of the security assessment report and re-assesses remediated control(s), as appropriate.
Conducted security assessments by reviewing System Security Plans (SSP) Security Assessment Plans (SAP), Test Plans and Security Controls Testing .
Uploaded Plan of Action and Milestones (POA&Ms) into CSAM, validate artifacts provided to remediate POA&Ms
Drafted Security Assessment Reports (SAR) to provide Findings and Recommendations
Participate in the SOX testing of the General Computer Controls,
Used COBIT, SOC-1, SOC-2 Frameworks
Reviewed POA&Ms and enforced timely remediation of audit issues
Reviewed Tenable Nessus vulnerability and compliance scans and Web-Inspect, application scans as part of Vulnerability Oversight and Remediations as needed.
Performed FISMA continuous monitoring-related activities
Network/ NOC Support : Jmat Systems Inc, Greenbelt, MD
January 2008 - December 2010 (NOC support )
Experience with TCP/IP & OSI network technologies/Models
Initiate service calls with client/users and resolve network issues
Solid NOC Support experience(24x7x365)
LAN/WAN monitoring and troubleshooting using Netcool and HP Openview
Prepare & submit regular equipment failure report & maintaining logs of service interruptions.
Experience with Remedy for Ticketing & Change Management System.
Maintain documents of Daily Task and projects
Contact this candidate