AQUILA YIN MAMBULIYA
Cell: 347-***-****
E-mail: adtuns@r.postjobfree.com
US CITIZEN
OBJECTIVE
An IT Security Assessor with immense years of combined experience in Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standards and Technology (NIST), Risk Management Framework (RMF) processes, Risk Assessment (RA), System Development Life Cycle (SDLC), as well as Contingency planning. Thorough understanding of NIST 800-53 Rev 4 and 5 security controls. Audit projects including Security Audit, RMF, COBIT, PCI DSS, HIPAA, SAS 70 SSAE 16/SOC and SSAE18. Knowledge of the process to obtain a system ATO and requirements to maintain the ATO. An IT professional with experience in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, as well as risk assessment. Understanding of information technology concepts, cloud computing models (PaaS, SaaS, IaaS).
SKILLS SUMMARY AND TOOLS
NIST Guidelines Publications Certification and Accreditation (C&A) Assessment and Authorization (A&A) HIPAA & PRIVACY ACT training. PCI DSS ISO 27001 IT Security Compliance Vulnerability Assessment Network Vulnerability Scanning Information Assurance System Risk Assessment System Development Life Cycle Nessus Vulnerability Scanner ACAS SCAP Splunk LAN WAN NIST SP 800-53 SP 800-53A SP 800-37 NIST SP 800-171 FIPS FISMA FedRAMP Risk Management Framework (RMF) FIPS-199 PTA PIA SSP CP SAR POA&M ATO ISA, MOU/A IDS IPS Windows Archer Linux Microsoft Office.
TRAINING & CERTIFICATIONS
CompTIA Security+ CE (Exp. Date: Aug. 2023)
Microsoft Security Operational Analyst(SC 200)
Microssoft Security Compliance and Identity Fundamentals(SC 900)
AWS Certified Developer-Associate
Scrm Master Certified(SMC)
EDUCATION
Kwame Nkrumah University of Science and Technology 08/2005 – 07/209
Bachelor Of Science, Computer science
PROFESSIONAL EXPERIENCE
Cyberrisk Beyond Solution Inc, Bronx, NY
Information System Security Analyst Oct 2019 - Current
Implement the Risk Management Framework (RMF) across multiple programs in accordance with the National Institute of Standards and Technology (NIST) and Air Force policy and directives.
Develop and/or update the Plan of Action and Milestones (POA&M) to document all known vulnerabilities to correct or mitigate risks.
Conduct security assessments by reviewing System Security Plan (SSP) to create Kick-Off presentation slides
Oversee the preparation of a comprehensive and executive Certification and Accreditation (C&A) packages for approval of an Authorization to Operate (ATO)
Conduct meetings with the IT team to gather documents and artifacts about their control environment
Develop and conduct Security Test and Evaluation (ST&E) according to NIST SP 800-53A
Review technical security controls and provide implementation responses as to if/how the systems are currently meeting the requirements
Document and finalize Security Assessment Report (SAR)
Develop and maintain Plan of Action and Milestone (POA&M) of all accepted risks upon completion of system Certification and Accreditation (C&A)
Pioneer Health Services New York
Information Assurance Analyst Nov 2016 - Oct 2019
Maintains and manages Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, SAR, and other relevant security documentations for the system
Provided subject matter expertise with the development of security policy documentation that follows Federal Information Security Management (FISMA) requirements, and National Institute of Standards and Technology (NIST)
Conducted risk assessments regularly; ensured measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37
Evaluated and uploaded Plan of Action and Milestones (POA&Ms) into Enterprise Mission Assurance Support Service (EMASS) and validate artifacts specified to remediate POA&M items
Assessed security controls in accordance with assessment procedures defined in the Security Assessment Plan (SAP) through examination, interviews, and testing
Conducted regular penetration testing on systems to determine the weakness in the infrastructure (hardware), application (software) and people to develop controls
Performed Vulnerability Assessment to make sure that risks are assessed, evaluated and proper actions been taken to limit their impact on the Information and Information Systems
JSP Health Care Services New York
Security Control Assessor Nov 2013 - Nov 2016
Developed, reviewed and updated Information Security System Policies, System Security Plans and Security baseline in accordance with NIST, FISMA, and OMB App.
Provide security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis – analyzing current threats to information security and systems
Support the development of Plans of Action and Milestones (POA&Ms), documenting corrective action plans for remediation identified security control deficiencies
Conducts assessment of the security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary.
Conducts security control assessments (SCA) self-assessments. Created dozens of system security documents such as continuous monitoring (ConMon) documentation for mission essential systems
Performed security categorization, using FIPS 199 as standard and NIST SP 800-60 as guideline and reviewed Privacy Threshold Analysis (PTA), and Business Impact Analysis (BIA)
Provided subject matter expertise with the development of security policy documentation that follows Federal Information Security Management (FISMA) requirements, and National Institute of Standards and Technology (NIST)
Collaborated closely with members of security team to accomplish mission objectives in a timely manner
Reviewed Contingency Plan (CP) and participated in Contingency Plan Text (CPT), verifying secure operational conditions within planned recovery time
Developed, maintained, and communicated a consolidated risk management activity
Determined the information security objectives of the information systems by protecting the confidentiality, integrity and availability of the systems
IT HELPDESK SUPPORT ANALYST
New York, NY
Cybervision Technologies LLC/ Dec 2010 to May 2013
Respond to customer issues via phone, email and computer chat
Install, make changes and repair computer hardware and software
Follow-up with customers to ensure issues are resolved
Managed, tracked, and coordinated problem resolution and escalation processes in order of priority for timely documentation and escalations to maintain optimum up-time
Provided information and/or technical assistance to users concerning the development and maintenance of the computer network or for resolution of special problems
Responsible for problem tracking and resolution of all trouble ticket and assigned tickets to the appropriate organization for resolution
Responded to phone calls, emails and other request for technical support