Cybersecurity Analyst Security

Elizabeth Nyarko, Sec+ CE

Windsor Mill City, MD 443-***-**** ******************@*****.***

PROFESSIONAL SUMMARY

A CyberSecurity Analyst with five (5) years of professional experience in Security Assessment & Authorization (A&A), System Development Life Cycle (SDLC), and System Security Monitoring. Support systems undergoing Authorization to Operate (ATO) and Information Security Continuous Monitoring (ISCM) process following the NIST Risk Management Framework (RMF). Experience in implementing all phases of the RMF process from Categorization through Continuous Monitoring process. Dedicated professional with an excellent work ethic. Experienced in a wide range of technologies with the ability to learn quickly and adapt to new environments.

CERTIFICATIONS

CompTIA Security+ CE

Working towards my Certified Authorization Professional (CAP)

EDUCATION

HOWARD COMMUNITY COLLEGE Columbia, MD

Computer Science

PROFESSIONAL EXPERIENCE

CLOUDNINE Houston, TX

Information Security Analyst April 2019 – Present

Develops Plan of Action & Milestones (POA&M) document to remedy systems vulnerabilities resulting from System Test& Evaluation (ST&E).

Develops the audit plan and performs the General Computer Controls testing of Information Security.

Formulates test plans, and documented gaps, test results, exceptions and developed remediation plans for each area with vulnerabilities.

Develops Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action &Milestones (POAM.)

Assists in the identification of risks as part of the risk management process, including business continuity and disaster recovery planning.

Performs bi-annual security policy review to ensure all information is current with the laws, directives and regulations.

Performs Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA),E-Authentication with business owners selected stakeholders.

Develops and conducts Security Test and Evaluation (ST&E) according to NIST SP 800-53A rev 3 and rev 4 Carries continuous monitoring after authorization(ATO) to ensure continuous compliance with the security requirements.

Develops Security Assessment Plan (SAP) to initiate Security Assessment for low, moderate and high control information systems.

Updates IT security policies, procedures, standards and guidelines according to department and federal requirements.

Reviews and updates some of the system categorization using FIPS 199.

Conducts Security Control Assessment on General Support Systems (GSS), Major Applications and Systems to ensure that such Information Systems are operating within strong security posture.

Develops policy and procedural controls relating to Management, Operational and Technical Controls for the Organization.

SEKON SAN ANTONIO, TX

security control Assessor May, 2017 – Jan, 2019

Performed Security Control Assessment as part of ongoing assessment using NIST SP 800-53A to assess the adequacy of management, operational privacy, and technical security controls implemented. Testing the security controls to make sure that the controls have been implemented correctly, functioning as intended, and producing the desired outcome.

Identify/Select a set of privacy controls for systems for HIPAA, PCI-DSS, FISMA, ISO 27001 information systems.

Examined organizational policies, standards and procedures and provided advice on their adequacy, accuracy, and compliance following NIST standard guidelines.

Developed, reviewed, and updated Security Assessment Plan (SAP), Security Control Test Plan, Security Control Requirement Traceability Matrix (SCRTM), and Documentation Request List (DRL) for approval prior to the start of assessment.

Reviewed security artifacts such as System Security Plan (SSP), Contingency Plan (CP), Configuration Management Plan (CMP), Incidence Response Plan (IRP), Hardware/Software inventories, screenshots of systems configurations, policies and procedures, Standard Operation Procedures (SOP) to support information assessment and control implementations.

Developed and regenerated security documentations at the conclusion of assessments such SSP, SAR, PAO&M, and ATO Letters. Update SSP to reflect current control implementation status.

Developed risk assessment reports by identifying threats and vulnerabilities applicable to the system.

Ensured artifacts are properly completed, accurately reflect the system.

SKILLS & COMPETENCIES

MS Office 365, NIST, FISMA, FedRAMP, CSAM, Nessus, ISVM, STIGs, SCAP Compliance Checker (SCC), ServiceNow, ISO 27001 Auditor, PCIDSS Shared Assessment, Enterprise Risk Management, Cloud Computing compliance.

Contact this candidate