Information Security System

Joel Ansere

***** ***** ***** ***** 410-***-****/240-***-**** ******.******@*****.***

SUMMARY

I am seeking an Information Security Assurance position in a growth-oriented organization with focus on Cyber Security activities including a solid background in supporting, securing, and analyzing Information Technology related infrastructures on System Assessment and Authorization and remediation processes.

CORE SKILLS

Experience in Security Life Cycle and Vulnerability Management, using FISMA and applicable NIST standards

Experience in developing and reviewing security Authorization and Assessment (A&A) artifacts including, but not limited to System Security Plans (SSP), Contingency Plans (CP), Incident Response Plans (IRP), Configuration Management Plans (CMP), Privacy Threshold Assessments (PTA) and Privacy Impact Assessments (PIA).

Strong background and working experience with NIST SPs such as 800-18, 800-34, 800-37, 800-53/53Arev4, 800-60, 800-137, FIPS 199 & 200, RMF, IPS/IDS, HIPAA, FISMA, OBM, PCI-DSS, HITRUST, SOX and FedRAMP.

Knowledge and experience with the Risk Management Framework (RMF), Risk Assessment, Assessment and Authorization (A&A), Authority to Operate (ATO), Security Control Assessments (SCA), Security Assessment Reports (SAR), Plan of Action and Milestones (POAM) and Vulnerability Management.

Able to write and review security policies and Standard Operating Procedures (SOP) using industry best practices and provide expertise on how the agency can ensure compliance with new security requirements.

Experience with protecting the Confidentiality, Integrity, and Availability (CIA) of sensitive and critical information systems (including systems in the cloud environment) as well as assist refining and clarifying security requirements.

Team oriented with the ability to work independently and proactively while prioritizing competing priorities, often under time constraints

Facilitate and execute the completion of Residual Risk Report and to insert contents into the POA&M

Ability to multi-task, work independently and as part of a team

Strong analytical and quantitative skills

Strong communication skills (oral and written) as well as the ability to interact with team members, external vendors, various levels of management and internal clients with assorted levels of computer experience.

EDUCATION

Lincoln Tech / cyber security management.

CERTIFICATION

Security+, CAP, CISA, CISM

PROFESSIONAL EXPERIENCE

Halvik Inc. October 2019-Present

Information Security Analyst

Conducts security control assessments to assess the adequacy of management, operational privacy, and technical security controls implemented. Security Assessment Reports (SAR) were developed detailing the results of the assessment along with the Plan of Action and Milestones (POA&M).

Develops system security plans to provide an overview of federal information system security requirements and describe the controls in place or to meet those requirements.

Creates and update the following Security Assessment and Authorization (SA&A) artifacts; FIPS 199, Security Test and Evaluations (ST&Es), Risk assessments (RAs), Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, Contingency Plan, Plan of Action, and Milestones (POAMs) and evaluated existing documents for correctness and compliance with applicable policies.

Prepares Security Assessment and Authorization (SA&A) packages to ascertain that management, operational and technical security controls adhere to NIST SP 500-53 standards.

Guide System Owners and ISSOs through the C&A process by monitoring and reviewing required documents including security testing and evaluations to ensure adherence to client’s security policy as well as FISMA and NIST requirements.

Perform comprehensive Security Controls Assessments (SCA) and wrote reviews of management, operational and technical security controls for audited applications and systems.

Develop and update the system security plans, configuration of system controls, security assessment reports and other security documentation.

Assess the impacts, helped orchestrate updates and changes in the client’s enterprise, and provided expert advice about how to most effectively sustain full operational continuity to protect critical systems.

Assist with the development and delivery of information security risk related training and awareness programs covering cross-team coordination and communication, reporting procedures, security requirements, team-specific processes, and individual responsibilities.

Perform vulnerability assessment, making sure risks are assessed and proper, actions taken to mitigate them.

Conduct IT controls risk assessments including reviewing organizational policies, standards and procedures and providing advice on their adequacy, accuracy, and compliance with the industry standards.

Develop risk assessment reports. These reports identified threats and vulnerabilities. In addition, it also evaluates the likelihood that vulnerabilities can be exploited, assess the impact associated with these threats and vulnerabilities, and identified the overall risk level.

SYSTEM HIGH

Security Analyst June 2017-2019

Oversaw auditors to identify IT related risk throughout development phases. Areas include networks, operating systems, databases, security, and disaster recovery.

Performed general controls oversight and review to verify compliance with SOX provisions and professional standards.

Ensured audit tasks are completed accurately and within established timeframes.

Identified and evaluated risks during review and analysis of the System Development Life Cycle (SDLC), including design, testing/QA, and implementation of systems and upgrades.

Worked with ISOs to prepare Assessment and Authorization (A&A) packages for reviews using the six steps of RMF and NIST SPs (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions.

Created Security Assessment Plans (SAPs) & Reports (SARs) as well as manage POA&Ms for corrective actions following assessment activities and in response to identified vulnerabilities.

Responsible for developing and maintaining System Security Plans (SSP) and all associated security artifacts in compliance with FISMA requirements.

Lead and facilitate meetings with system stakeholders and technical personnel to categorize systems, define system boundaries, and establish and maintain information security standards and procedures in compliance with information security and risk management policies, standards, and guidelines

Prepared audit scopes reported findings and presented recommendations for improving data integrity and operations.

Conducted IT controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy, and compliance with Payment Card Industry Data Security Standard.

Reference available upon request

Contact this candidate