Post Job Free
Sign in

Security Analyst Anaheim Ca

Location:
Conyers, GA
Posted:
March 14, 2022

Contact this candidate

Resume:

OBJECTIVE

Seeking an Information System Auditor or Information Assurance position in a growth-oriented organization with focus on IT Security and Risk, system security monitoring and auditing; risk assessments; audit engagements, and testing information technology controls.

STANDARDS

Confidentiality, Integrity, Availability, Access Control, Audit and Accountability, ISO 27001, PCI-DSS, Certification and Accreditation, General Computer Controls, Inventory Asssessment,Application control, Compliance Testing, Risk Assessment, Change Management, Security Maintenance, Contingency Planning; Policies and Procedures, NIST 800 series, FIPS, FISMA,

SOFTWARE/PLATFORM/ARTIFACTS

MS office suite, Power Point, Visio, SharePoint, excel, access, Windows, Fips199, SORN, E-Authentication, PTA, PIA, RA, SSP, CP, IR, ST&E, SAR, POA&M, ATO, 800-53A, ISA, MOU, RFP.

PROFESSIONAL EXPERIENCE

Collabera, Tx (April 2019 -Present)

Duties: GRC Consultant

Developed a system security plan (SSP) to provide an overview of federal information

Developed and maintained RMF packages, including maintaining the system and program artifacts

Conducted a business Assessment workstream

Validated assigned security controls, including executing the system security plan (SSP)

Assisted in the development of Privacy Threshold Analysis (PTA), and Privacy Impact Analysis (PIA) by working closely with the Information System Security Officer (ISSO) and the System Owner.

Performed Security Assessment and Authorization documents in compliance with FISMA/NIST

Create standard templates for required security assessment and authorization documents; Risk Assessment (RA), System Security Plan (SSP) as per NIST 800-18, Contingency Plan (CP) as per

NIST 800-34

Perform risk-based analysis on proposed projects, vendors, and issue resolution implementations

Test implemented controls and perform risk assessments based on established frameworks and internal policies

Assist in IT audits and govern/report on findings, track status, and ensure corrective actions are complete and sustainable

Responded to client security risk assessment questionnaires by gathering information from across the organization as necessary

Promoted security education and awareness.

IT Futuristic, CA (March 2016– April 2019)

Duties: IT Security Analyst:

Conducted IT controls risk assessments that included reviewing organizational policies, standards, procedures and guidelines.

Developed security baseline controls to select controls to be implemented.

Developed and conducted ST&E (Security Test and Evaluation) according to NIST SP 800-53A to assess the adequacy of management, operational privacy, and technical security controls implemented

Developed Security Assessment Report (SAR) detailing the results of the assessment along with plan of action and milestones (POA&M) to the Designated Approving Authority (DAA) to obtain the Authority to Operate (ATO).

Assisted in the development of an Information Security Continuous Monitoring Strategy to help IT Futuristic in maintaining an ongoing awareness of information security (Ensure continued effectiveness of all security controls), conducted vulnerability scanning and assessments with tools such as Nessus.

Performed business impact analysis using Archer Vendor Management (VM) which result in audit calculate.

Developed an E-Authentication report to provide technical guidance in the implementation of electronic authentication (e-authentication)

system security requirements and describe the controls in place.

Assisted in planning and undertaking of periodic risk analysis of systems and mitigate risks as well as ensuring the success of the Infor Enterprise Asset Management (EAM) system implementation covering all aspects of asset management, reporting, maintaining, budgeting and scheduling.

Developed health insurance portability and Accountability Act (HIPAA) artifacts and assisted in conducting HIPAA framework.

Conduct a Business Impact Analyst (BIA) to identify high-risk area where audit effort will be allocated.

Established and maintained an adequate internal control structure and procedures for financial reporting using Sarbanes-Oxley Act of 2002 (SOX)

Conducted walkthroughs, formulated test plans, documented gaps, test results, and exceptions; and developed remediation plans for each area of testing.

Wealth Management financial advisors Inc., CA (April 2014 – January 2016)

Duties: Compliance Analyst:

Conducted gap analysis for all deliverables received from system personnel before routing them to appropriate parties to acquire signatures.

Initiated the pre-assessment and post-assessment write-ups where each artifact is critically looked at for accuracy and consistency across all documents with recommendations provided to better streamline documentation processes

As POC for Nine (9) systems, I attended all ATO briefings and drafted all ATO memos to be signed by the AO

Implemented continuous monitoring strategies, by reviewing all POA&Ms drafted by system ISSO and made recommendations to the client for approval and also track milestones set forth for all POA&M items.

Reviewed closure request for all POA&Ms and made recommendations to the client for approval or denial

Assisted with Incident Response training and testing

Assisted ISSO’s throughout the A& A package and provided recommendations based on standards and requirements.

Inscope, Reston, VA (November 2012-May2013)

Duties: IT Security Analyst:

Conduct kick off meetings using the approved IT security framework, FIPS 199/NIST 800-60 to categorize information and information system.

Conduct IT Controls risk assessment to identify system threats, vulnerabilities and risk, and generate reports.

Develop and Conduct Security Assessment Plan as well as the Security Test and Evaluation (ST&E) according to NIST SP 800-53A.

Conducted periodic IT Risk Assessment and Reviewed IA controls for any deficiencies and reported

to the ISSO for appropriate mitigation actions.

Continuously monitored IS Program Management and common controls

Performed assessment base on the COSO and HIPAA Frameworks

EDUCATION

oCalifornia University of Management and Sciences, Anaheim CA 2016 MBA

oUniversity of Ghana, Accra 2012 Bachelor of Arts, Linguistics

OTHER PROFESSONAL EDUCATION AND TRAINING

FISMA Compliance training – January 2014

Security Assessment and Authorization training – October 2015

ISO 27000 series training – September 2016

Security Awareness Training April 2020

CCPA Training June 2019

HIPAA TRAINING 2020

PROFESSIONAL CERTIFICATION

Actively Pursuing to become a Certified Information System Security Professional (CISSP)

REFERENCES

Available upon request



Contact this candidate