Information Security Compliance Analyst
Resume:
Sika Jocelyne Dzidzonu
Baltimore, Maryland ************@*****.*** 410-***-****
OBJECTIVE
Senior Cybersecurity Analyst with experience using various information Security frameworks and guidelines to manage systems’ information security risks. Seeking an information security compliance role within a dynamic team requiring similar skillsets and background where my experience and abilities will assist in improving the security posture of the organization.
EXPERIENCE
Morgan Stanley, Baltimore, MD January 2017-Present
Information Security Compliance Analyst
Duties include:
•Develop, maintain, and review existing security documents supporting the Risk Management Framework (RMF) using NIST SP-800 37 Rev1 to obtain ATO (Authorization to operate)
•Draft the System Security Plan (SSP), Contingency Plan (CP), Contingency Plan Testing (CPT), Incident Response Testing (IRT) Incident Response (IR), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA)
•Create and monitored Plan of Actions and Milestones (POA&Ms) requirements for on-time remediation of security findings
•Review and submitted security artifacts upon request during security audits and security controls assessments
•Analyze Tenable Nessus vulnerability scan reports
•Leverage MS Azure and Amazon AWS FedRAMP ATO packages for cloud-based systems to prepare security artifacts for information system to obtain ATO
•Perform Security Impact Analysis (SIA) for change and configuration managements
•Resolve ServiceNow A&A incident tickets
•Conduct security controls assessment for information systems using NIST SP 800-53A Rev 4
•Draft Security Assessment Plan (SAP), Security Assessment Report (SAR)
•Lead and participate in scrum security meetings to provide updates on ongoing security projects
•Advise the Information System Owner on the overall security risk baseline of the information system and select applicable common, system specific, and hybrid controls
•Adopted ISO 27001 framework, PCI DSS and the RMF to ensure compliance with federal information security regulations in the banking industry
ASD Cybersecurity Solutions, Washington DC December 2015 – January 2017
Cybersecurity Analyst
Duties included:
•Used the NIST SP 800-37 Rev 1 to perform the Risk Management Framework (RMF) tasks
•Drafted, documented, reviewed, and updated ATO security documents/artifacts (FIPS 199, PTA, PIA, SSP, IRP, IRT, CP, CPT, DRP), for both on-premises systems and MS Azure and AWS Amazon cloud-based systems to obtain ATO
•Reviewed and analyzed Tenable Nessus vulnerability Scan Reports
•Reviewed Security Controls Assessment artifacts such as the Security Assessment Plan (SAP), the security requirement traceability matrix (SRTM), and the Security Assessment Report (SAR)
•Provided required security artifacts (SSP, PTA, PIA, FIPS 199, CP, IR, etc.) during security controls assessment, annual assessment, and OIG audits
•Performed Security Impact Analysis (SIA) of the security risks associated with potential deployment of new technologies
•Managed assigned information systems’ security documentation, and stored on the organization’s SharePoint repository
Advised System Owners on selecting security controls (common controls, hybrid, and system specific controls) for their information systems based on the FIPS 199
EDUCATION:
•Morgan State University (MSU) Baltimore, MD Bachelor of Sciences Actuarial Science Dec 2016
•Montgomery College Takoma Park, MD Associate of Applied Sciences Mathematics June 2014
CERTIFICATIONS
•CompTIA Security+
•Certified Scrum Master (CSM)
TECHNICAL SKILLS AND ABILITIES:
Cybersecurity Framework, Risk Assessment and Management (RMF) FISMA NIST 800-series FedRAMP Tenable Nessus PCI DSS ISO27001 ServiceNow Microsoft Office (Word, Excel, PowerPoint, Access, Outlook) Analytical Critical thinking Interpersonal Skills Team Player Ability to multi-task Excellent oral and written communications
Contact this candidate