Security Information
Resume:
Emmoline
410-***-**** ********@*****.***
Professional Summary
Certified IT technology professional with years of solid experience providing IT security analysis across multiple security platforms. I have experience in supporting both commercial and federal clients in cyber security environments. Strong knowledge of the NIST’s risk management framework (RMF) for assessing security controls, Information Assurance (IA), and Continuous Monitoring. Subject matter expert in the development of ATO packages for federal agencies. Knowledgeable in HIPAA and FedRamp, Systems Development Life Cycle (SDLC), Vulnerability Management skills, using FISMA and applicable NIST standards Publication. Adept at working independently or with a team to ensure the confidentiality, integrity, and availability of information systems.
Software and Tools
Windows MSOffice and Linux
GRC and vulnerability Tools: CSAM, TAF, XACT, and Nessus,
Work Experience
Smartthink™ LLC July 2017 – Present
Security Assessor
Assist the System Owners and ISSO in preparing the Accreditation and Authorization packages (A&A) for their IT systems.
Lead kick-off meetings with system owners to identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.
Review and update test plans, tested procedures, and evidence to validate the effectiveness of controls based on NIST SP 800-53A Rev4 and in accordance with the client policies and procedures.
Analyzed, and update the System Security Plans (SSP) in accordance with NIST, FISMA, and OMB CIRCULAR A-130.
Interview security personnel to evaluate the adequacy of internal controls and compliance with company policies and procedures
Review methods and test procedures; access and evaluated in-place security controls, and report security assessment results (ST&E).
Document assessment findings in a Security Assessment Report (SAR) and produce a plan of action and milestones (POA&M) for all controls having weaknesses or deficiencies.
Review IT security policies and procedures updated by the ISSO to validate FISMA compliancy.
Monitor security controls post-authorization to ensure continuous compliance with security requirements.
Audit information systems according to NIST SP 800-37 and 800-53, 800-171 and NISPOM frameworks
Perform risk analysis and reporting on NIST RMF and NISPOM compliance.
Perform complex analysis of risk of security exceptions through the data security plan process
Recommend and develop mitigations to facilitate continued research despite exceptions from traditional security controls
Assess security risks of cutting-edge technology and support vulnerability management operations through documentation and reporting of findings to lab leadership
Support incident response and remediation efforts
Inscope International August 2016 – June 2017
FISMA/C&A Analyst
Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)
Assisted System Owners and ISSO in preparing certification and Accreditation package for companies’ IT systems, making sure that management, operational and technical security
Designate systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60
Conduct IT controls risk assessments that include reviewing organizational policies, standards, procedures, and NIST guidelines.
Performed evaluation of policies, procedures, security scan results, and system settings to address controls that are insufficient during conducting the A&A and Risk management Framework efforts
Analyzed controls and conducting compliance / validation Document and Review system security plans (SSP)
Created Security Assessment Report, and Security assessment Plan, and other documents per NIST 800 guidelines Participated in client status meetings, and submit weekly / monthly status reports
Participated in conducting security scans or review of security materials
Created Plan of Action and Milestones (POA&M) for vulnerabilities identified through the assessment and security scans (RMF).
Evaluated Authorization packages and make authorization recommendations.
Education: Training & Certifications:
COMPTIA Security + - pending November 2020
Oracle Certified Associate (OCA) - 2019
Oracle Autonomous Database Cloud - 2020 Certified Specialist
Oracle Cloud Infrastructure Foundations - 2020 Certified Associate
Bachelor of Science Degree in Public Health Management
Contact this candidate