Resume

Sign in

Information Security Officer

Location:
Rockville, MD
Posted:
September 16, 2020

Contact this candidate

Resume:

SHELLA NSEMANYU

New Market, MD · 240-***-****

adf5t8@r.postjobfree.com

Competent IT Security Specialist with over 6 years of experience in Information Security with focus on FISMA, Risk Management Framework (RMF), System categorization, security control selection, implementation, authorization and Monitoring security controls respectively; to mitigate risk and vulnerability of the system. Well-versed in direct and remote analysis with strong critical thinking communication and people skills. Able to thrive in fast-paced and challenging environments where accuracy and efficiency matter. Skilled in managing internal vulnerability management program and identifying and executing action plans for vulnerability remediation as well as taking lead roles in threat monitoring, incident investigation and response.

Authorized to work in the U.S. for any employer

EXPERIENCE

JUNE 2018 – PRESENT

INFORMATION SYSTEMS SECURITY OFFICER (ISSO)

STEAMPUNK (SE SOLUTIONS), TYSONS CORNER, VA

Support the creation, monitoring, and updating the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates

Support the creation of Waivers or Risk Acceptance Memos to assist in the effective management of system risks

Support annual assessments in accordance with guidance in the Information Security Performance Plan

Support the review and update security authorization documents as needed, but at least annually

Help coordinate with the customer’s Privacy, Records, and Information Governance Divisions related to compliance documentation and other requirements

Support Contingency Plan tests at least annually and updating the plan

Support system self-assessments as part of an Ongoing Authorization program

Monitor and respond to Information Security Vulnerability Management (ISVM)/Patch Management

Maintain knowledge of inventory in accreditation boundary

Support the planning of certifying and accrediting their assigned information system or information systems

Ensure CM processes are followed to ensure that any changes do not introduce new security risks

Support the management system Information Security Vulnerability Management (ISVM) Compliance

Respond to emerging requirements or policies as set by legislation, regulation or policy

SEPTEMBER 2016 – JUNE 2018

INFORMATION SYSTEMS SECURITY OFFICER (ISSO)

KELLY SERVICES, VA

●Performs six steps of risk management framework (RMF) – NIST 800-37 to make sure that systems are FISMA Compliant

●Selects security controls for system with the guidance of NIST SP 800-53, FIPS 200

●Categorizes information Systems using FIPS 199 as a guide and NIST SP 800-60

●Works in collaboration with system owners to develop System Security Plan (SSP) and write implementation statements for system operation.

●Remediates/updates Plans of Action and Milestones (POA&Ms)

●Develops solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR

●Works with SOC team to monitor network (NIST SP 800-137) and provides incident response/management to intrusion detection and prevention systems (IDS/IPS)

●Handles internal communications within Office of Information Security and external communications with several different divisions on a day to day basis.

●Maintains excellent working relationships with both internal and external customers using communication skills.

JANUARY 2015 – SEPTEMBER 2016

ASSESSOR / INFORMATION SYSTEM SECURITY OFFICER

FTI CONSULTING, WASHINGTON, DC

●Performed updates to System Security Plans (SSP) using NIST 800-18

●Created and made changes to Risk Assessments, and Incident Response Plans (created/change control procedures, draft & review) using NIST SP 800-53A

●Identified trends and root causes of system failures or vulnerabilities using NESSUS Vulnerability Scanner, Nmap to scan ports, weak configuration and missing patches.

●Conducted assessment meeting kickoff and security Control meeting with ISSO and System Owner

●Reviewed documentation to include System Security Plan NIST 800-18 as a guide, Authorization to Operate (ATO),Security Assessment report(SAR) using NIST800-30 as a guide, FIPPS 199 System Categorization using NIST 800-60 Vol1/Vol2 based on confidentiality, integrity and availability (CIA), policy and procedures, e-authentication, privacy threshold analysis (PTA), privacy impact analysis (PIA), contingency plan (CP) and interconnection security agreement as per NIST 800-47, certification and accreditation (C&A) packages and system standard operating procedures.

NOVEMBER 2013 – JANUARY 2015

ASSESSOR

INFOLINK SOLUTIONS, ROCKVILLE, MD

●Performed RMF assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO)

●Analyzed current threats to information security and systems. Analyze security findings and data. Published reports and keeps metrics for client systems.

●Providing guidance of evidence needed for security controls, and documenting findings of assessment.

●Worked with ISSO and Security team to Access Security Controls selected, updated SAP, ROE where Vulnerability scanning and penetration testing procedures were included in the assessment, conducted assessment meeting kickoff and security Control meeting with ISSO and System Owner.

●Ensured assessment finding results were reflected on the (RTM) or Test case and all weakness were noted and reported in the SAR report.

●Gained knowledge of SAN-20 and ISO 27001 Security controls and Mapping with NIST.

EDUCATION

MAY 2013

BACHELOR’S DEGREE: MAJOR: MATHEMATICS

MINOR: COMPUTER SCIENCE

UNIVERSITY OF BUEA – BUEA, CAMEROON

CERTIFICATIONS

●C EH

●CCSP in Progress

SKILLS

●Operating Systems: Linux, Windows XP, Windows servers 2003, 2008, 2012, Red Hat 6/7 and Centos 6/7

●Other Technology: XACTA, CSAM and CFACTS, NESSUS, Splunk

●Security Expertise: Privacy and Data Security Management & operations, Vulnerability scanning, Certification and Accreditation (A&A), POA&M, Incident and Contingency Planning, FISMA Security Content Automation Protocol, knowledgeable in NIST SP, and FIPS

●Assessment Expertise: NIST 800 – 37 Risk Management Framework, Vulnerability scanning and penetration testing



Contact this candidate