Security Analyst Cloud

Amanda Richardson

Dallas, GA ***** 228-***-**** ********************@*****.***

Professional Summary

A results-driven IT Security Analyst with over 9+ years of experience in cybersecurity, governance, risk, and compliance (GRC). Proven expertise in third-party risk assessments, regulatory compliance, and policy development with deep knowledge of frameworks such as FISMA, NIST, ISO 27001, SOC 2, and HIPAA. Adept at implementing Lean-Agile methodologies and optimizing security operations through advanced SIEM, vulnerability management, cloud security, and risk assessment tools. Brings strong technical and analytical skills, consistently delivering high-quality, proactive security solutions.

Key Skills

Cybersecurity & Compliance:

FedRAMP (e.g., SaaS), SA&A, Cybersecurity Threat Management

Compliance & Risk Management: FISMA, NIST, CMMC, HIPAA, GDPR, ISO 27001, SOC 2

Security Tools & Technologies:

SIEM: Splunk, LogRhythm

Vulnerability Management: Tenable Nessus (SAST), WebInspect (DAST)

Cloud Security: Azure Security Center, Azure DevSecOps, Zscaler

Risk Assessment & Management: RSA Archer, Palantir Protective Intelligence

Lean-Agile & Project Management:

Methodologies: Agile, Lean, ITIL v3, Kanban, Scrum

Tools: VersionOne, Jira, Confluence, Kanban Boards, Sprint Planning

Certifications:

ITIL v3

Microsoft Azure Foundations

Significant Accomplishments

Spearheaded the development and execution of ATO packages—including the creation and continuous update of System Security Plans (SSPs)—to ensure compliance with FISMA and NIST 800-53 standards, directly contributing to the accreditation and improved security posture of over 470+ systems.

Developed and implemented SharePoint dashboards integrated with Power BI, which enhanced reporting and metrics visualization. This innovation provided 1,300+ stakeholders with increased data insights, supporting strategic decision-making processes.

Delivered comprehensive IT support and vulnerability management for the World Trade Center Health Program by orchestrating proactive vulnerability scans and remediation efforts across 120+ systems, reducing remediation turnaround time by 30% and boosting patch compliance by 40% to ensure robust, uninterrupted operational support.

Work Experience

Centers for Disease and Control Prevention (CDC)/AlphaSix

Information Security Analyst Senior (03/2022 to Present, Remote)

Identifies vulnerabilities in vendor management and supply chain programs, providing actionable recommendations for the National Institute for Occupational Safety (NIOSH) and the World Trade Center Health Program (WTCHP).

Validates security controls for high-risk solutions using the National Institute of Standards and Technology (NIST) Risk Management and FedRAMP frameworks.

Led enterprise-wide third-party cybersecurity risk assessments and audits using GRC platforms and security tools (e.g., ServiceNow, RSA Archer)

Analyzes threat intelligence to proactively identify emerging threats and apply mitigation strategies

Serves as a subject matter expert (SME) during internal and external audits or regulatory assessments.

Conducts regular vulnerability scans using automated tools such as Nessus to identify known vulnerabilities in systems, applications, and networks.

Maintain a comprehensive asset inventory to ensure that all devices, software, and hardware are regularly assessed for vulnerabilities

Coordinates and conducts risk assessments, security audits, and compliance reviews (e.g., NIST, HIPAA, PCI DSS).

Partnered with internal stakeholders and vendors to oversee the implementation and management of security technologies like SIEM, IDS/IPS, DLP, and EDR.

Department of Homeland Security/General Dynamics Information Technology

Information Security Analyst Senior (02/2016 to 03/2022, Remote)

Provided security expertise in the Federal Information Security Management Act (FISMA) and federal government requirements to ensure compliance, strengthen information security programs, and support developing and enforcing risk management frameworks.

Led execution of Authorization to Operate (ATO) package development, including System Security Plan (SSP) content creation and updates to ensure alignment with security controls.

Remediated Plan of Action and Milestones (POA&M) items by addressing assessment and continuous monitoring findings to ensure compliance and reduce risk exposure.

Updated security controls in accordance with the NIST 800-53 Framework to enhance system resilience, mitigate emerging threats, and ensure continuous compliance and federal security standards.

Prepared and presented change requests based on evolving business needs to the technical change boards for review and approval.

Conducted post-implementation reviews to evaluate outcomes and gather lessons learned.

Maintained security lifecycles within change document reviews.

Gathered artifacts for compliance to ensure the security posture remains strong, meets regulatory requirements, and demonstrates adherence to industry standards and internal policies.

NCCIPS Data Center/AAC, Inc

Information Technology Data Center Technician (07/2014 to 02/2016, Onsite in Bay St Louis, MS)

Installed, configured, and maintained data center hardware, servers, and network equipment to ensure continuous operation and reliability.

Performed routine equipment checks and monitored environmental systems (cooling, power, humidity) to guarantee optimal system functioning.

Education

Bachelor of Science in Business Administration – Long Beach, Mississippi

Associate of Arts/Science- Gulfport, Mississippi

Contact this candidate