Risk Management Information Security
Resume:
Brandon Simmons
Professional summary
** ***** **********, *** *******-driven Information Security Analyst with expertise in risk management framework (RMF),
FISMA compliance, FEDRAMP for cloud systems, systems development life cycle (SDLC), vulnerability scanning, and security controls
Assessment, risk management, and vulnerabilities management of a wide range of vulnerabilities and threats.
Well-versed in direct and remote analysis with strong critical thinking communication and people skills. Able to
Thrive in fast-paced and challenging environments where accuracy and efficiency matters.
Education and Certification
University of MD Global Campus US:
BS of Cyber Security Management & Policy
Certified Authorization Professional CAP In-Progress
Active 701 Security +
Able to obtain Security Clearance
Military Experience
Marine Corps
09/2003-10/2010
Administrative Specialist/0121
Awards:
Navy and Marine Corps Achievement Medal
good conduct medal
global war on terrorism service medal
Certificate of commendation
certificate of achievement “marine of the quarter”
Professional Experience
US Courts GDIT/K-Force December 2017– Present
Security Control Assessor/ISSO
Support all Security Authorization Processes, Security Control Assessments and Ongoing Authorization activities as required and as directed by the Federal Government/Commercial Clients.
Prepare documentation and materials to support the operations of FedRAMP compliance requirements throughout the organization.
Assisted ISSO in maintaining system security plans (SSPs) and ensuring compliance with NIST SP 800-53 and Risk Management Framework (RMF) guidelines.
Ensured security controls were implemented and operating as intended by supporting vulnerability scanning, patch management, and incident response.
Coordinated with system owners and engineering teams to maintain compliance with federal cybersecurity policies and procedures.
Conducted periodic reviews of system audit logs, access controls, and account management in support of ISSO duties.
Apply appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53, FIPS 199, FIPS 200, and NIST SP 800-53A R4
Assess security controls and develop security assessment report (SAR)
Support A&A activities (Categorize, Selection, Implement, Assessment, Authorize, Monitor) according to the A&A project plan.
Facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities
Review authorization documentation for completeness and accuracy for compliance.
Facilitate Security Control Assessment (SCA) and monitor activities.
Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4.
Ensure cyber security policies are adhered to and that required controls are implemented.
Validated information system security plans to ensure NIST control requirements are met.
Assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements.
Review security logs to ensure compliance with policies and procedures and identify potential anomalies.
Update and review A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, and POA&M.
Collect Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless.
Upload supporting documentation into SharePoint, Google Docs, and CSAM.
Manage vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network.
EPIC Health Services November 2014– December 2017
Security Risk Specialist
Ensure proper system categorization using NIST 800-60 and FIPS 199; implement appropriate security controls for information system based on NIST 800-53 rev 4 and FIPS 200.
Conduct security assessment interviews to determine the Security posture of the System and to
Performing Kick Off Meetings
Apply appropriate information security control for Federal Information system based on NIST 800-37 Rev1.
Facilitate Security Control Assessment (SCA) and monitor activities.
Develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company Authorization to Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.
Reviewing, maintaining, and ensuring all assessment and authorization (A&A) documentation is included in the security system package.
Perform information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements.
Work with system owners to develop, test, and train on contingency plans and incident response plans.
Tests, assess, and document security control effectiveness. Collect evidence, interview personnel, and examine records to evaluate effectiveness of controls.
Review and update remediation on plan of action and milestones (POA&Ms), in organization’s CSAM. Work with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M.
GYRODATA, INC August 2011– November 2014
Help Desk
Trouble shoot problems, resolving heat tickets.
Assigned issues to appropriate support group for thorough support and prompt resolution.
Responsible for identifying, troubleshooting, researching, supporting and researching customer IT issues.
Provided first point of contact for support issues.
Researched and resolved technical issues, maintained technical aptitude and support corporate initiatives and team department goals according to direction of management.
Interacted with users to provide and process information in response to problems, inquiries, concerns and/or requests, collaborated with customers to resolve application, phone, printer, or computer problems in real time.
Worked closely with clients and staff to ensure smooth, uninterrupted operation of network client workstations, servers, and perform other assigned duties
Computer & Software Proficiencies
Microsoft Office Suite
CSAM
Archer
SharePoint
Excel
Adobe
PowerPoint
Qualified Typist (70wpm)
MS Project
FEDRAMP
RMF
10615 Parkwood Court, TX
(P): 979-***-****
Email: *******.**********@*****.***
Contact this candidate