SANDRA DERBY
Beltsville, Maryland *****
**************@*****.***
PROFESSIONAL SUMMARY
An Information Security professional with 4 years of experience in the Assessment and Authorization (A&A) documentation process and Risk Management Framework (RMF) that impact the security of IT and business operations. Hands-on experience in risk management, vulnerability management, POA&M, FedRAMP, ISO 27001, Soc2, cloud computing, CMMC management, and continuous monitoring strategy.
Core SKILLS:
●Risk Management Framework (RMF)
●NIST, FEDRAMP, FISMA, ISO 2700
●Cyber Security Maturity Model Certification (CMMC)
●NIST 800-171 CUI
●Vendor Risk Management
●Continuous Security Monitoring
●Security Management
●Risk Assessment
●Security Governance/ Compliance
●Vulnerability Management
●Microsoft Suite
●Documentation
Database Management, Backup & Recovery, Performance Tuning, Configuration of Database, Tablespace administration, User management, Index management, Managing data dictionary objects.
WORK EXPERIENCE
Adom Consultants
Information Security Analyst October 2019 to Present
●Conducted technical information security and assurance concepts to non-information security individuals to improve overall security awareness for the organization.
●Making sure the organization is in compliance with security frameworks (eg FedRAMP, FISMA)
●Work with cross-functional teams, including IT, human resources, contracts, and security to address potential compliance issues and achieve data privacy program initiatives and provide as-needed support to other programs within Ethics & Compliance.
● Implement ongoing monitoring of Compliance metrics and validate compliance with various regulatory requirements.
●Reviewed, maintained, and ensured all assessment and authorization (A&A) documentation is included in the system security package. Performed information security risk assessments and assist with the internal auditing of information security processes
●IT security policy and procedure development, update and review, and response to an audit request or audit support/coordination.
●Perform IA support services to assist the Chief Information Security Officer (CISO), ISSOs, and ISSMs in maintaining an effective cybersecurity program that supports missions and adequately protects the confidentiality, integrity, and availability of information resources.
●Develop metrics and communicate the compliance posture and effectiveness to Management on a scheduled basis.
●Conduct Security Assessment and Authorization (A&A) document reviews; consisting of System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), Configuration Management Plans, Contingency Plans, Security Categorization (FIPS-199), and other documents as required ensuring that applicable requirements are identified and documented appropriately and providing a value-added recommendation as necessary
●continuously monitor and improving security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents.(SOC)
●Review the SSP, prior to initiating the security control assessment (SCAs) and ensure the plan provides a set of security controls for the information system that meet the stated security requirements
Boltos Solutions
Tech Support / Cybersecurity Analyst September 2017 to October 2019
●Prepare the Security Assessment Plan (SAP) which identifies the SCA Procedures and schedule.
●Conduct comprehensive SCAs that determine the condition of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls
●Provide an assessment on the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions and or controls to address identified vulnerabilities.
●Prepare the final Security Assessment Report (SAR) containing the results and findings from the assessment at the conclusion of each SCA activity.
●Gather data, analyze compliance, and report results on the condition and progress of the IT Cybersecurity Program, POA&Ms, A&A workflow tools data, FISMA compliance requirements, and ATO packages.
●Review and analyze metrics and security reports on a regular basis (e.g. daily, weekly, monthly, etc.).
Fedex Office September 2013 - September 2017
Tech Support:
Identifying hardware and software solutions.
Troubleshooting technical issues.
Diagnosing and repairing faults.
Resolving network issues.
Installing and configuring hardware and software.
Speaking to customers to quickly get to the root of their problem.
Providing timely and accurate customer feedback.
Talking customers through a series of actions to resolve a problem.
Following up with clients to ensure the problem is resolved.
Replacing or repairing the necessary parts.
Supporting the roll-out of new applications.
Providing support in the form of procedural documentation.
Managing multiple cases
EDUCATION:
Bachelor of Arts - University of Ghana
PROFESSIONAL TRAINING:
Database Administration Training, Oracle Corporation
Fundamentals of SQL and PL/SQL
Information System Security Training
FISMA Compliance Training
Information Awareness Training
CERTIFICATION:
●Comp TIA Security +