Information Security Risk Management

PROFESSIONAL SUMMARY: Performance oriented and motivated Cyber security analyst accustomed to working in fast-paced environment. Skilled in applying the Risk Management Framework (RMF) process as well as proficient in IT security controls assessment for test of design and operating effectiveness, documentation and compliance with FISMA and NIST 800 series. Expert in identifying gaps, creating remediation plans and proposing mitigation strategies

CORE EXPERIENCE:

Ability to maintain security incident response, vulnerability management and processes.

Aid in development of system security plan (SSP), A&A packages, national institute of standard and technology (NIST) documents, federal information processing standards (FIPS), security assessment report (SAR), risk management framework (RMF), along with other security documents on quarterly compliance basic.

Ability to apply ISO/IEC, NIST and COBIT frameworks.

In-depth knowledge of security assessment/audit principles

Understanding of networking principles and data protection

Ability to identify problems, analyze data and present conclusions

Strong verbal, written and presentations skills

Knowledge of information security frameworks such as ISO 27001 /NIST CSF, PCI DSS

WORK EXPERIENCE:

Pactiv LLC, Columbus, Ohio March 2018 – Present

Information System Security Officer

Evaluates the existing information security program and make any policy, procedure and standard changes.

Develops, maintain, and enforce information policies, procedures and standards within all operational areas of the organization.

Conducts risk assessment and ensure that information security is adequately addressed in the development stage of any new technology.

Drafts, finalize and submit privacy threshold Analysis (PTA), Privacy Impact Assessment (PIA), E-authentication assessments, and System of Record Notice (SORN) for approval.

Develops solution to security vulnerabilities in the Requirement Traceable Matrix and SAR, while working on POA&M remediation and Corrective Action Plan (CAP).

Reviews documentation to include system security plan using NIST SP 800-18 as a guide, Authorization to Operate (ATO), Security Assessment Report (SAR) using NIST SP 800-30 as guide, FIPS 199 System Categorization based on confidentiality, integrity, and availability (CIA), policy and procedure, e-authentication, privacy threshold analysis (PTA), privacy impact analysis (PIA), contingency plan (CP), and interconnection security agreement as per NIST SP 800-47, certification and accreditation (C&A) packages and system standard operating procedures.

Vertis Company Limited, Columbus, OH January 2016 -March 2018

Information System Security Officer

Developed, conducted risk assessment program and ensured that information security is adequately addressed in the development stage of any new technology.

Drafted, finalized and submitted privacy threshold assessments (PTA), Privacy Impact Assessment (PIA), E-authentication assessments, and System of Record Notice (SORN).

Develop solution to security vulnerabilities in the Requirement Traceable Matrix and SAR, while working on POA&M remediation and Corrective Action Plan (CAP).

Evaluates the existing information security program and make any policy, procedure and standard changes

Work with Security Operation Analyst in making sure intrusion detection and prevention systems (IDS/IPS) such as SNORT to analyze and detect Worms, Vulnerabilities exploits attempts and IDS monitoring and management using Security Information and Event Management (SIEM).

Recommended and applied enterprise information security standards – including management, operational, and technical security risk assessment and controls frameworks like ISO 27005, NIST etc.

EDUCATION

Associate of Business June 30, 2019

TRAINING AND CERTIFICATION

Security plus

Contact this candidate