Security Analyst It Information
Resume:
Sarah Yankson
Information Security Analyst
Easthampton, MA 01027
******************@*****.***
I am a detailed-oriented, creative, and self- motivated IT Information and Quality Assurance professional. With over 10 years of IT experience, I have developed and utilized skills that concisely and clearly facilitate my communication of complex technical and operational information. I possess in-depth understanding of security policy implementation and enforcement. Security Assessment and Authorization packages (ie SSP, SAR, POAM, RA, CMP, ISCP, DRP, IRP, Test Plans MOU/ISA and PTA/ PIA) for over 98 systems and facilities, Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), Security Life Cycle and Vulnerability Management using FISMA standards are some of the areas I obtained extensive training and skill in. I am proficient in data analysis, reporting and system security threat identification. I have enhanced my ability to multi-task, work independently and/or share workloads in a team role to meet organizational deadlines. Work Experience
Information Assurance Specialist
Security Plans, Security Assessment Plans
February 2018 to Present
• Perform evaluation and assessment of Security Plans, Security Assessment Plans, Cybersecurity Strategy, Program Protection Plan, Security Assessment Reports, RMF Plan of Action and Milestones, Security Authorization Package and Authorization Decision Conduct Self-Annual Assessment (NIST SP 800-53A)
• Prepare and review Authorization to Operate (ATO) packages (i.e. SSP, SAR, POAM, RA, CMP, ISCP, DRP, IRP, MOU/ISA and PTA/PIA) for over 198 systems and facilities.
• Develop, review and update Interconnection Security Agreement (ISA) and Memorandum of Understanding (MOU) for the client.
• Use FIPS 200 as a guide for minimum security requirements for federal and localized information systems
• Maintain and monitor Plan of Action & Milestones (POA&M) items through completion with CSAM
• Update POA&M and Risk Assessment based on findings assessed through monthly updates
• Analyze and update System Security Plan (SSP), Risk Assessment Report and Privacy Impact Assessment (PIA)
• Assist System Owners and ISSO in preparing Certification and Accreditation package for companies' IT systems, ensuring management, operational and technical security controls adhere to a formal and well- established security requirement authorized by NIST SP 800-53 R4
• Create standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
• Perform Vulnerability Assessment and communicating the remedial to be taken to limit their impact on the Information and Information Systems.
• Update, retrieve and upload all necessary authorization related documentation into Cyber Security Assessment Management (CSAM) using approved templates and procedures.
• Conduct RMF first step kick off meeting, initial risk assessment and categorization of information security system into Low, Moderate and High based on Confidentiality, Integrity and Availability (CIA) of the information type referencing FIPS-199 and NIST 800-60.
• Perform other job-related and assigned tasks to include assurance of vulnerability mitigation, training on C&A tools, supporting System Test and Evaluation (ST&E) efforts and other support to the IT Security Office.
IT Support Specialist (Compliance)
Square One - Springfield, MA
January 2015 to March 2016
• Collected and evaluated assessment artifacts system attributes in Cyber Security Assessment Management (CSAM)
• Conducted security control assessments in accordance with the company’s Handbook, policies and procedures for implementation of the Risk Management Framework, including development of security assessment plans and assessment reports compliant with NIST SP 800-53 rev 4, NIST SP 800-53A and NIST SP 800-37, and FIPS 199.
• Evaluated the Recommendation Completion Form (RCF) and Progress Status Report (PSR) narratives and evidence and provide recommendations for improvements prior to submission.
• Contributed to Annual IT AUDIT presentations and participated in audit finding debriefs to represent OIT interests
• Provided IT Audit readiness support and performed remediation activities for high priority findings
• Established and delivered workshop sessions to educate impacted stakeholders on the contents of their audit readiness packages
• Developed and reviewed program data protocols, user rights, system access, file system and external Web integrity scans to monitor compliance
• Provided ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA
• Implemented and reported performance indicators that adhere to state and federal regulations and best practices
• Provided team leadership and strengthened communication with project managers and operational staff
• Utilized analytical and logical reasoning to gather and review data that contributes to improved program quality and minimize errors within Health Information System
• Reviewed scan results and documented findings in POA&M
• Supported C&A activities, including conducting ongoing Continuous Monitoring on compliance with required IA controls
• Monitored vulnerabilities and ensured the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies and HIPAA protocols
• Performed other audit readiness activities, including reviewing and evaluating Annual IT AUDIT findings and making recommendations for OIT audit readiness. IT Assessor- Network Support Team
Ghana Education Service - Takoradi
September 2007 to July 2013
September 2007- July 2013.
Ghana Education Service, Takoradi - Ghana.
• Developed configuration standards for: firewalls, wireless, VPNs, servers, applications, databases, and other infrastructure components that are assets of Network Operations
• Initiated continuous vulnerability assessments and audits of network and communication devices
• Assisted in IT policy planning, implementation and monitoring of networks, systems and data accessibility
• Developed and maintained new security policies, procedures, and/or guidelines that allowed greater standardization and more effective management of information security measures
• Acted as Team lead to purchase, install, configure and recommend diagnostic tools to be employed to enhance network and organizational capabilities
• Coordinated and implemented required security measures to ensure integrity of consolidated hardware, software, network and data assets
• Maintained contact with ISSO and Education Administrators to review security protocols and reported system compromises.
• Implemented IT protocols to enhance and regulate user privileges to protect educational information
• Prepared and utilized excel spreadsheets, word formats and PowerPoint presentation to train team members on system threats and compliance
• Documented all cases in call tracking software and escalated any issues to the appropriate queue
• Assumed ownership of project-related tasks as needed or assigned
• Performed weekly virus and diagnostic scans on organization wide computers to check for vulnerabilities and other unauthorized access
• Prepared monthly systems and internal capability report
• Monitored the performance of newly installed computers, software, and other diagnostic tools in meeting business needs
• Performed daily review of network and system protocols
• Troubleshoot software and hardware issue via phone
• Trained end users in the use of equipment and software Software / Platform / Artifacts
Confidentiality, Integrity, Availability, Access Control, Audit and Accountability, Security Assessment and Authorization, Compliance Testing, Vulnerability Scans, Risk Assessment, Change Management, Configuration Management, Contingency Planning; Policies and Procedures, Implementation; Intrusion Detection Systems, Incident Response, Media Protection, Physical Security, Computer operations, Environmental Security, Network Security, System Security, Personnel Security, SSP, E-Authorization, PIA, PTA, SORN, POA&M, SAR, SAP, CMP, MOU, ISA, OMB Circular A-123 Appendix A, NIST 800-53, NIST 800 53A, FIPS 199, FISMA, FedRAMP, ISO/IEC 27002:2015(Information Security Management), Education
BSC in Management
University of Education
November 2011
Skills
• FISMA
• SDLC
• RMF
• NIST 800-Series
• Security Assessment & Authorization
• Assessment & Authorization Security Documentations
• Security Planning
• Risk Assessments
• Vulnerability Management
• Incident Response
• Policy and Process Development
• Business Analysis and Quality Assurance
• Microsoft Office Suite and SPSS
• Team Work
• Information Security
• Reliability
• Cybersecurity
• Problem-solving
• Flexibility
Certifications and Licenses
CompTIA Security+
Contact this candidate