System Security Risk Management

JUDITH NONGSE NKEH

202-***-**** *************@*****.*** /https://www.linkedin.com/in/nkeh-judith-646657219

SUMMARY

Detail-oriented Cybersecurity Assessor with 6 years of experience evaluating system security, conducting risk assessments, and ensuring compliance with NIST, RMF, and FISMA standards. Proven expertise in managing Security Assessment and Authorization (SA&A) processes, developing comprehensive authorization documentation, and performing in-depth security evaluations across cloud and on-premises environments. Proficient in leveraging GRC tools, including Xacta and eMASS, to optimize assessment workflows and ensure continuous compliance. I am skilled in collaborating with diverse stakeholders to identify security gaps, mitigate risks, and maintain system accreditation

EXPERTISE

Risk Management Framework (RMF) Processes

Security Assessments & Authorization (SA&A)

Governance, Risk, and Compliance (GRC): Xacta, ArchAngel, eMASS

Vulnerability Scanning Tools: Tenable/Nessus

NIST 800-37, NIST 800-53, FISMA Compliance

Cloud Security (AWS, Azure, GovCloud)

Plan of Action and Milestones (POA&M) Management

Security Test and Evaluation (ST&E)

EXPERIENCE

Sr. Security Control Assessor (SCA)

Deltaahtech consulting (DTTC) June 2022 – Present

Conduct comprehensive assessments of cloud systems (IAAS, SAAS, PAAS) hosted on AWS, Azure, and GovCloud following NIST 800-53 controls.

Develop and update authorization documentation, including Systems Security Plans (SSPs) and Risk Assessments.

Lead the Security Test and Evaluation (ST&E) process for assigned systems, providing detailed findings and recommendations.

Use GRC tools like Xacta and ArchAngel to manage control assessments, monitor risks, and track POA&Ms.

Collaborate with stakeholders to ensure compliance with federal security policies and frameworks.

Perform system security evaluations, risk analysis, and vulnerability assessments to identify potential security weaknesses.

Develop security assessment reports (SARs) outlining findings, risks, and recommended remediation strategies.

Utilize automated tools such as Nessus, Qualys, Splunk, and SIEM solutions for vulnerability scanning and security monitoring.

Provide recommendations for improving security posture and ensuring continuous monitoring compliance.

Collaborate with Information System Security Officers (ISSOs), System Owners, and other key stakeholders to address security deficiencies.

Sr. Information Security Assurance Analyst

Northrop Grumman Corporation June 2019 – June 2022

Performed RMF-based assessments of cloud and on-premises systems to evaluate security controls and compliance.

Authored A&A packages, conducted risk analyses, and ensured accurate mitigation planning for vulnerabilities.

Maintained security compliance using eMASS to track accreditation packages and manage continuous monitoring efforts.

Conducted comprehensive security risk assessments and audits to ensure compliance with NIST 800-53, ISO 27001, FISMA, and RMF guidelines.

Developed and enforce security policies, procedures, and best practices to protect organizational assets.

Lead security control assessments (SCAs) and documented findings, risks, and mitigation plan in Security Assessment Reports (SARs).

Managed and oversee vulnerability assessments, penetration testing, and remediation efforts using tools like Nessus, Qualys, and Tenable.

Collaborated with IT teams, system owners, and stakeholders to enhance security controls and mitigate potential threats.

Provided security assurance through compliance monitoring, continuous assessment, and risk management strategies.

Conducted security awareness training and developed educational materials to promote a culture of security awareness.

Assisted in the development and implementation of incident response plans, ensuring timely and effective responses to security incidents.

Senior Information Security Assurance Analyst

General Dynamics Information Technology (GDIT) March 2018 – June 2019

Conducted security control assessments, self-assessments, and ST&E to identify system vulnerabilities.

Reviewed and updated SSPs, SARs, and POA&Ms to ensure compliance with federal regulations.

Supported RMF processes, including categorization, control implementation, and continuous monitoring.

Developed and maintain security policies, procedures, and best practices to align with organizational security objectives.

Oversaw vulnerability management programs, utilizing tools like Nessus, Qualys, and Tenable to assess and mitigate security risks.

Collaborated with cross-functional teams, including ISSOs, system owners, and IT administrators, to implement security improvements.

Lead incident response efforts, analyzed security threats, and provided recommendations for threat remediation and risk mitigation.

EDUCATION

Master of Science in Cybersecurity Management and Policy

University of Maryland Global Campus (UMGC) — Adelphi, MD 2022–2024

Program designated by the NSA National Centers of Academic Excellence in Cyber Defense (CAE-CD).

Focus on cybersecurity strategy, risk management, and policy development.

Bachelor of Arts in English Modern Letters, University of Dschange, Cameroon

CERTIFICATIONS

CompTIA Security+

Certified Information System Auditor (CISA)

ACCOMPLISHMENTS

Spearheaded designing and implementing a Third-Party Risk Management framework, reducing vendor-related risks by 25% over two years.

Contact this candidate