Adams Allo
Lanham, Maryland • *********@*****.*** • 240-***-****
PROFESSIONAL SUMMARY
IT Audit, Security Assessment and Authorization professional, knowledgeable in HIPAA, Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), Vulnerabilities Management using FISMA, and applicable NIST standards. Organized, Solutions-focused, team-oriented, and work well in a team environment with in-depth knowledge and understanding of numerous software packages and operating systems. Possess good customer service, leadership, excellent communication (both oral and written), and presentation skills. Specialize in providing IT security guidance to support security audits and for (FISMA & NIST) clients.
Areas of expertise include:
•NIST 800-53 Controls
•FISMA/FedRAMP Assessment
•IT Security Compliance
•Vulnerability Assessment and Scanning
•Assessment and Authorization (A&A)
•Systems Risk Assessment
•Systems Development Life Cycle
•Cloud Security Assessment
TECHNICAL AND SPECIALIZED SKILLS
Sailpoint, ServiceNow, Nessus Vulnerability Scanner, Microsoft Office Suite, Mac, Linux, Unix Admin, VMware, CSAM, RSAM, Remedy, Splunk, Active Directory.
WORK EXPERIENCE
IT Security Analyst
May 2019 – Present
Xzentia IT & Cybersecurity Solutions
Responsibilities:
•Provide security expertise, and guidance in support of security assessments and IT audits
•Support Audit, Assessment, and Authorization activities.
•Review authorization documentation for completeness and accuracy for compliance
•Facilitate Security Control Assessment (SCA) and Continuous Monitoring Activities
•Develop and update the Security Assessment Report (SAR)
•Ensure cyber security policies are adhered to and that required controls are implemented
•Validate that information system security plans (SSP) are updated to ensure NIST control requirements are met
•Examine, interview, and test procedures in accordance with NIST 1800-53A and Inspect artifacts of Control Implementation
•Authored recommendations associated with findings on how to improve the customer’s security posture in accordance with NIST 800-53 Controls.
•Assisted team members with proper artifact collection and detail to clients’ examples of artifacts that will satisfy assessment requirements
•Review security logs to ensure compliance with policies and procedures and identify potential anomalies
•Analyze Nessus Vulnerability Scanners to detect potential risks on the enterprise network
•Review SAR post-assessment; created and completed POAMs to remediate findings and vulnerabilities.
•Independently reviewed security analysis of existing systems for compliance with security requirements.
•Monitor security controls post-authorization to ensure continuous compliance with the security requirements.
•Perform internal audits of the systems prior to third-party audits
Control Assessor / IT Security Analyst. August 2018 – April 2019
VINDs Inc.
Responsibilities:
•Developing and Maintaining Standard Operating Procedures (SOP) to create or improve SA&A process
•Performing information system assessment based on the Risk Management Framework (RMF).
•Conducting security testing and security control assessments on federal applications and general support systems to ensure compliance with the NIST SP 800-53 Rev. 4, NIST 800-37 Rev.1,
•Reviewing and updating the security control documents, and test results, including Security Assessment Reports (SARs), Security Assessment Plan (SAP), and the SSP
•Participation in the management of Plan of Action and Milestones (POA&M), providing risk acceptance recommendations and risk mitigation strategies.
•Providing Security recommendations to Technical SMEs for major applications and general support system security configurations and implementation.
•Drafting comprehensive security assessment reports outlining status, key findings, observations, impact, etc., as noted during an assessment.
•Updating security documents, including SSP, and SAR for ATO
•Supporting client Security policies and activities for networks, systems, and applications, including Vulnerability Assessment, Incident Reporting, Mitigation, and Continuous Monitoring
Education:
• Information Systems/Business Management, University of Dschang, Dschang
• CISSP in progress
• CAP in Progress
Skills:
•Ability to establish and maintain effective working relationships with clients and co-workers
•Skills in interviewing users to help analyze and resolve issues
•Strong organizational, analytical planning, and presentation skills.
•Ability to read and interpret system security policies, rules, and regulations and to communicate security and risk-related concepts to both non-technical and technical audiences