Security Analyst Manager

Priscilla Nkansah

**** ******* ****** **

Woodbridge, VA 22191

*********.*******@*******.***

SUMMARY:

IT Security Professional with over 4 years of experience specialized in Security Assessment & Authorization

(SA&A), Information Assurance (IA), Risk Management, System Continuous Monitoring, FISMA compliance, Vulnerability Management and Project Management. I possess strong managerial skills, expertise in FISMA, highly adaptive and superior analytical and organizational skills. Self driven with the ability to build and work collaboratively in a team environment or independently with strong written and verbal communication skills. EXPERTISE:

Security Assessment & Authorization (SA&A), NIST Publications, FIPS, FISMA, Tenable Nessus, Splunk, Asset Manager, CSAM, Xacta 360, NSAT. Word, Excel, Power Point. CERTIFICATION:

● Certified Information Security Manager (CISM)

EDUCATION:

University of Ghana (2014)

Management Studies

RELEVANT EXPERIENCE:

Soliel LLC August 2020 – Present

IT Security Analyst

● Assess system design and security posture as well as advise information security compliance with FISMA and NIST SP 800-53 rev 4 controls.

● Track findings with a Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance

● Create Security Assessment Reports (SAR) after Annual Self-Assessment is conducted to identify the results of the assessment along with Plan of

Action and Milestone (POA&M).

● Conduct meetings with system stakeholders to validate documented implementation of security control and fill in documentation

● Develops System Security Plans (SSP) to provide an overview of system security requirements and describe the controls in place or planned by information system owners to meet those requirements

● Conduct Security control assessment interviews and additional evidence gathering with system stakeholders

● Reviews and tests applicable controls for new systems or subset of applicable controls for existing systems based on CM schedule

● Conduct follow up meetings to assist ISSOs, System Owners and Authorizing Officials to close remediated POA&M items.

● Reviews FIPS 199 categorization, PIA and PTA for assigned system in RSA archer

● Reviews Audit logs and alerts from SPLUNK Dashboard on a daily/ weekly and monthly basis and report any suspicious activities to the SOC Team.

● Validates and reviews security control assessment artifacts/evidence for each security control to determine it is functioning as intended and meets control requirements in accordance with NIST 800-53 rev 4 controls

● Reviews SPLUNK to investigate suspicious events to determine if the event is a valid incident.

● Ensure all Security Authorization documentation for assigned systems remain accurate and up to date on a continuous basis, including but not limited to accurate and valid lists of assets (hardware/software), accurate boundary diagrams, accurate ports and protocols, etc. Spry Methods Inc, November 2018-June 2020

Security Control Assessor

● Led kick-off meetings and assisting System Owners, Security Staff and other Stakeholders in understanding A&A documentation and reporting requirement.

● Reviewed and edited the Business Community Plan, Disaster Recovery Plan and Cyber Incident Response Plan (CIRP), performed a gap analysis on disaster recovery plans (DRP) and cybersecurity policies

● Developed documents such as the Security Assessment Plan (SAP), Security Test and Evaluation (ST&E) Reports, Risk Traceability Matrix (RTM) and Security Assessment Report (SAR) as part of conducting assessments.

● Prepared SAP and presented information during kick off briefings and suggested addition of vital information during kickoff briefings for stakeholders

● Developed and provided all documentation necessary for performing a Security Control Assessment

● Conducted Security control assessment interviews and additional evidence gathering with system stakeholders

● Tailored, scoped in and scoped out security controls to their appropriate systems and applied overlays where necessary

● Tested, analyzed, and interpreted Security Assessment Results for all systems

● Conducted Security Control Assessments for each system as part of the Security Authorization Process.

● Led exit briefings after assessments with system stakeholders in understanding assessment findings and submission of ATO package

● Generated security assessment reports (Accepted risk and POA&M list) and delivered to the customers to show status of tested and assessed security controls.

● Assessed security and privacy controls using NIST 800-53 Rev4 publication guideline.

● Reviewed security control artifacts provided by the ISSO to ensure that they satisfy each control being assessed before satisfying or other than satisfying the control. US Security Associates September 2016 – October 2018 IT Helpdesk Support

● Served as the first point of contact for customers seeking technical assistance over the phone or email

● Performed remote troubleshooting through diagnostic techniques and pertinent questions

● Determined the best solution based on the issue and details provided by customers

● Assigned users and computers to proper groups in Active Directory. Modified configurations, utilities, software default settings

● Installation of telephone and networking equipment STRENGTHS

• Well-organized and detail-oriented, self-motivated

• Readiness to act as a team player with the ability to think and act independently at the same time

• Quick learner with outstanding written and verbal communication skills

• Analytical, problem solving and critical thinking skills; ability to make good decisions under pressure References Available Upon Request

Contact this candidate