Security Analyst Cyber

PROFILE

Over five years of experience in Cyber Security, auditing and evaluation, Assessment & Authorization. Detailed knowledge of Risk Management Framework, with special emphasis on 800-53, 800-37, and FISMA/FedRAMP Assessment best practices. I am seeking to apply my skills and expertise to help achieve Enterprise-wide information risk management goals and objectives.

Develops documentation including ATO package; SSP, SAR, POAM, Contingency Plan (CP) and Risk Assessment (RA), Incident Response Plan (IRP), Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), System of Records Notice (SORN)

Proven ability to lead, direct, solve information security risks problems professionally, and make strategic decisions in fast paced environment.

SUMMARY OF QUALIFICATIONS

Perform Certification and Accreditation documentation in compliance with Federal standards

Reviews and evaluates Vulnerability Scanning results

Perform comprehensive assessments and document results of management, operational and technical security controls for audited applications and information systems

Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A and NIST SP 800-53R4

Compile data to complete Residual Risk Report and update the SAR and POA&M

Ability to multi-task, work independently and as part of a team

Strong analytical skills

PROFESSIONAL EXPERIENCE

MULTISYS CYBER TECHNOLOGIES

Cyber Security Analyst, July 2018 – Present

Creates and maintains security metrics in order to help senior management make decisions.

Conducts kick-off meetings to collect systems information and categorize systems based on NIST SP 800-60 and FIPS 199.

Provides adequate security controls to protect information systems kept in a data center environment.

Develops plan for FedRAMP re-authorization audit and support FISMA.

Collects evidence, develops test plans and procedures and documents test results.

Ensures the implementation and maintenance of security controls in accordance with what is in the System Security Plan (SSP).

Reviews and updates the Security Assessment Plan (SAP), System Security Plan (SSP), Contingency Plan (CP) and Risk Assessment (RA), Incident Response Plan (IRP), Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), and System of Records Notice (SORN)

Conducted Annual Self-Assessment (NIST SP 800-53A)

Provides the SCA team with all evidence or artifacts that can be used to validate the implementation of security assessment questions.

Develops security control baseline and tested plan used to assess and implement security controls

PENN MEDICINE

Cyber Security Analyst, March 2017 – July 2018

Scheduled and conducted interviews with stakeholders to gather and analyze Security Controls implementation and the Information System Security posture

Developed Security Assessment Reports (SAR)

Tracked and updated Plans of Action and Milestones (POAM) regarding the mitigation and remediation status

Supported the Security Assessment and Authorization (SA&A), FISMA compliance, NIST requirements and continuous monitoring for Security Controls.

Reviewed authorization expirations for different system including General Support Systems (GSS) and Major Applications (MA)

Participated in kick-off meeting to collect systems information (information type, boundary, inventory, etc.) and categorized the systems based on NIST SP 800-60, and conducted client interviews to complete the Risk Assessment, Security Control Assessment, and Plan for Remediation Actions and Security Continuous Monitoring Plan

Updated existing authorization packages throughout the life cycle of the Major Applications and General Support Systems

Conducted security control assessments to assess the adequacy of management, operational, privacy, and technical control security implemented. Security Assessment Reports (SAR) are developed, and documented the results of the assessment along with Plan of Action and Milestones (POA&M)

Created and updated Security Assessment and Authorization (SA&A) artifacts, Security Test and Evaluations (ST&Es), Risk Assessments (RAs), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, Contingency Plan, Plan of Action and Milestones (POAMs)

Prepared Security Assessment and Authorization (SA&A) packages to ascertain that management, operational and technical Security controls adhere to NIST SP 800-53 standards

Reviewed organizational policies, standards and procedures and providing advice on their adequacy, accuracy, and compliance with industry standards

PENNYWISE LLC

Staff Accountant, Feb 2015 – Jan 2017

●Handles situations regarding Invoices with outstanding balance, or anything related to account receivables

●Enter invoices for payment

●Accounts Payable Account Reconciliations

●Monitor email and mails daily to check for any requests/ issues that need action

●Keep track of the outstanding credits that are owed by the client and follow up on those credits to ensure they are received

●Process payment to client

●Reconcile client statements

●Validate and process checks for utilities and supplies

●Performs other duties as assigned

Follow up with customers as needed

●Keep all documentation up to date as needed

●Assist in the preparation of Tax

●Perform all other duties as assigned by manager.

TECHNOLOGY SUMMARY

Security Technologies: Nessus, Service Now and Norton 360.

Operating Systems: Windows, Mac, Android.

Software: Office 365 (Word, Excel, PowerPoint, Access, Outlook)

KEY SKILLS

Cyber Security

FISMA Compliance

Risk Management

Authentication and Access Control

Vulnerability Assessment

System Monitoring & Regulatory Compliance

EDUCATION

AMERICAN PUBLIC UNIVERSITY

Bachelor of Science in Cybersecurity

CENTRAL UNIVERSITY COLLEAGE

Associate of Information Technology

CERTIFICATIONS

CompTIA Security +

CISA in progress

Contact this candidate