*+ YEARS INFOSEC SKILLS SUMMARY

Highly motivated and dedicated cyber security professional with over 5 years of experience and exposure in Federal Information Security Management Act (FISMA), NIST Cyber Security Risk Management Framework (RMF), System Security Monitoring and Auditing, Risk Assessments, Security Control Assessment (SCA) and developing security policies and procedures according to NIST and FIPS standards and guidelines.

Ability to work with multiple and diverse groups to successfully deliver security compliance and I.T. deliverables. Capable of defining, deploying, and monitoring risk management, security control assessment, compliance, and information security programs while functioning as an information security consultant.

PROFESSIONAL EXPERIENCES

Cyber Security Analyst - ISSO

DelTaah-Tech Consulting Washington D.C. January 2018 - Present

Performs system categorization and selects security controls using FIPS 199/200 and NIST SP 800-60/ NIST SP 800-53 for clients Systems.

Conducts full scope, independent Security Control Assessments in accordance with NIST SP 800-53, 800-53A, and the Risk Management Framework (RMF) described in NIST SP 800-37.

Creates ATO package documents; System Security Plan (SSP), Risk Assessment (RA), Security Assessment Report (SAR), Plan of Action and Milestones (POA&Ms) reports.

Test, assess, and document clients’ IT systems for Assessment and Authorization (A&A) in accordance with NIST Special Publication 800-53A.

Obtains assessment evidence by interviewing personnel, reviewing artifacts, and executing test procedures.

Works with the team that Implemented appropriate security controls to mitigate threats, risks and vulnerabilities in the system.

Gathers data to complete Security Test & Evaluation (ST&E) required managing risks and threats in systems.

Assess the security controls and provide continuous monitoring for client information and information systems.

Conducts risk assessment and review controls for any deficiencies, and report to the ISSO to perform mitigation actions.

Providing assistance to "Meeting Management" duties; coordinating meetings to include the reservation of meeting spaces, preparation of reports, agenda items, presentations, minutes and action items.

Develop, initiate, maintain and revise policies and procedures for the application compliance programs.

Prepares and delivers documentation, reports and proposals to senior level personnel

IT Security Analyst - ISSO

Ambit Group Washington DC February 2015 – December 2017

Implemented Risk Management Framework (RMF) in accordance with NIST SP 800-37

Developed a variety of Assessment & Authorization deliverables including; System Security Plan (SSP), Security Assessment Report (SAR), and POA&M for review and approval for Authorization Official.

Monitored and conducted Security Control Assessment to ensure all controls meet security requirements as stipulated in the SSP and NIST SP 800-53 Rev4.

Advised Information System Owner (ISO) of security impact levels for Confidentiality, Integrity and Availability (CIA) in accordance with FIPS 199 & NIST SP 800-60.

Conducted meetings with IT team to gather documentation and requirements about the control environment.

Reviewed, analyzed and updated security plans (SSP) using NIST SP 800-18 guidelines.

Reviewed POAM and enforced timely remediation of audit issues.

Used and applied knowledge of Security Assessment & Authorization (SA&A) policies, guidelines, and regulations in the assessment of IT systems and the documentation and preparation of related documents.

Conducted the IT Risk Assessment and documented the controls.

Conducted security control and risk assessment on the organization and information systems based on security policy and security best practices and guidelines.

Responsible for implementing the RMF steps in legacy and new systems and development of SSP, SAR and POAM for Authorization to Operate (ATO).

EDUCATION

Master of Arts, Banking and Finance, 2007

Sheffield Hallam University, United Kingdom.

CERTIFICATION AND TRAINING

1.Security Plus (Active)

2.CAP - (Active)

3.CISM - (Active)

Contact this candidate