AQUILA YIN MAMBULIYA

Cell: 347-***-****

E-mail: adtuns@r.postjobfree.com

US CITIZEN

OBJECTIVE

An IT Security Assessor with immense years of combined experience in Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standards and Technology (NIST), Risk Management Framework (RMF) processes, Risk Assessment (RA), System Development Life Cycle (SDLC), as well as Contingency planning. Thorough understanding of NIST 800-53 Rev 4 and 5 security controls. Audit projects including Security Audit, RMF, COBIT, PCI DSS, HIPAA, SAS 70 SSAE 16/SOC and SSAE18. Knowledge of the process to obtain a system ATO and requirements to maintain the ATO. An IT professional with experience in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, as well as risk assessment. Understanding of information technology concepts, cloud computing models (PaaS, SaaS, IaaS).

SKILLS SUMMARY AND TOOLS

NIST Guidelines Publications Certification and Accreditation (C&A) Assessment and Authorization (A&A) HIPAA & PRIVACY ACT training. PCI DSS ISO 27001 IT Security Compliance Vulnerability Assessment Network Vulnerability Scanning Information Assurance System Risk Assessment System Development Life Cycle Nessus Vulnerability Scanner ACAS SCAP Splunk LAN WAN NIST SP 800-53 SP 800-53A SP 800-37 NIST SP 800-171 FIPS FISMA FedRAMP Risk Management Framework (RMF) FIPS-199 PTA PIA SSP CP SAR POA&M ATO ISA, MOU/A IDS IPS Windows Archer Linux Microsoft Office.

TRAINING & CERTIFICATIONS

CompTIA Security+ CE (Exp. Date: Aug. 2023)

Microsoft Security Operational Analyst(SC 200)

Microssoft Security Compliance and Identity Fundamentals(SC 900)

AWS Certified Developer-Associate

Scrm Master Certified(SMC)

EDUCATION

Kwame Nkrumah University of Science and Technology 08/2005 – 07/209

Bachelor Of Science, Computer science

PROFESSIONAL EXPERIENCE

Cyberrisk Beyond Solution Inc, Bronx, NY

Information System Security Analyst Oct 2019 - Current

Implement the Risk Management Framework (RMF) across multiple programs in accordance with the National Institute of Standards and Technology (NIST) and Air Force policy and directives.

Develop and/or update the Plan of Action and Milestones (POA&M) to document all known vulnerabilities to correct or mitigate risks.

Conduct security assessments by reviewing System Security Plan (SSP) to create Kick-Off presentation slides

Oversee the preparation of a comprehensive and executive Certification and Accreditation (C&A) packages for approval of an Authorization to Operate (ATO)

Conduct meetings with the IT team to gather documents and artifacts about their control environment

Develop and conduct Security Test and Evaluation (ST&E) according to NIST SP 800-53A

Review technical security controls and provide implementation responses as to if/how the systems are currently meeting the requirements

Document and finalize Security Assessment Report (SAR)

Develop and maintain Plan of Action and Milestone (POA&M) of all accepted risks upon completion of system Certification and Accreditation (C&A)

Pioneer Health Services New York

Information Assurance Analyst Nov 2016 - Oct 2019

Maintains and manages Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, SAR, and other relevant security documentations for the system

Provided subject matter expertise with the development of security policy documentation that follows Federal Information Security Management (FISMA) requirements, and National Institute of Standards and Technology (NIST)

Conducted risk assessments regularly; ensured measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37

Evaluated and uploaded Plan of Action and Milestones (POA&Ms) into Enterprise Mission Assurance Support Service (EMASS) and validate artifacts specified to remediate POA&M items

Assessed security controls in accordance with assessment procedures defined in the Security Assessment Plan (SAP) through examination, interviews, and testing

Conducted regular penetration testing on systems to determine the weakness in the infrastructure (hardware), application (software) and people to develop controls

Performed Vulnerability Assessment to make sure that risks are assessed, evaluated and proper actions been taken to limit their impact on the Information and Information Systems

JSP Health Care Services New York

Security Control Assessor Nov 2013 - Nov 2016

Developed, reviewed and updated Information Security System Policies, System Security Plans and Security baseline in accordance with NIST, FISMA, and OMB App.

Provide security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis – analyzing current threats to information security and systems

Support the development of Plans of Action and Milestones (POA&Ms), documenting corrective action plans for remediation identified security control deficiencies

Conducts assessment of the security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary.

Conducts security control assessments (SCA) self-assessments. Created dozens of system security documents such as continuous monitoring (ConMon) documentation for mission essential systems

Performed security categorization, using FIPS 199 as standard and NIST SP 800-60 as guideline and reviewed Privacy Threshold Analysis (PTA), and Business Impact Analysis (BIA)

Provided subject matter expertise with the development of security policy documentation that follows Federal Information Security Management (FISMA) requirements, and National Institute of Standards and Technology (NIST)

Collaborated closely with members of security team to accomplish mission objectives in a timely manner

Reviewed Contingency Plan (CP) and participated in Contingency Plan Text (CPT), verifying secure operational conditions within planned recovery time

Developed, maintained, and communicated a consolidated risk management activity

Determined the information security objectives of the information systems by protecting the confidentiality, integrity and availability of the systems

IT HELPDESK SUPPORT ANALYST

New York, NY

Cybervision Technologies LLC/ Dec 2010 to May 2013

Respond to customer issues via phone, email and computer chat

Install, make changes and repair computer hardware and software

Follow-up with customers to ensure issues are resolved

Managed, tracked, and coordinated problem resolution and escalation processes in order of priority for timely documentation and escalations to maintain optimum up-time

Provided information and/or technical assistance to users concerning the development and maintenance of the computer network or for resolution of special problems

Responsible for problem tracking and resolution of all trouble ticket and assigned tickets to the appropriate organization for resolution

Responded to phone calls, emails and other request for technical support

Contact this candidate