Post Job Free
Sign in

Risk Management Information Security

Location:
Odenton, MD
Posted:
August 26, 2025

Contact this candidate

Resume:

CANDI ASANTE

Cybersecurity & Risk Management Professional CGRC Certified Federal Information Security Expert Odenton, MD **********@*****.*** 301-***-****

PUBLIC TRUST CLEARANCE

Professional Summary

Dynamic and results-driven cybersecurity analyst with 8 years of hands-on experience supporting federal agencies through risk assessments, system authorizations, and continuous monitoring under the NIST Risk Management Framework (RMF). Proven expertise in evaluating IT security controls, managing POA&Ms, and guiding ATO efforts across high-value assets and mission-critical systems. Adept at translating complex security requirements into actionable compliance strategies while fostering collaboration with stakeholders, system owners and Information System Security Officers. I am certified in Governance, Risk, and Compliance (CGRC) and committed to advancing organizational resilience and enterprise education.

University of Maryland University College

Bachelor of Science in Business Administration

CERTIFICATIONS & TRAINING

•Certified in Governance, Risk, and Compliance (CGRC) A.K.A – Certified Authorization Professional (CAP)

•AES High Value Asset (HVA) Certification

Professional Skills & Technical Proficiencies

•Frameworks:

oExtensive knowledge of FISMA, FedRAMP, NIST Publications including FIPS 199/200, RMF, SP 800-53, SP 800-18, SP 800-60, SP 800-37, SP 800-137

•Security Artifacts:

oExtensive knowledge of Artifacts including System Security Plan (SSP), Security Assessment Report (SAR), Security Assessment Plan (SAP), Plan of Action and Milestones (POA&M), Contingency Plan (CP), Business Impact Analysis (BIA), Security Control Assessment (SCA), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication

•Tools:

oServiceNow, Archer, Splunk, SharePoint Content Management, Configuration Management Database (CMDB), Trusted Agent (TA), Microsoft Office Suite, Tenable Nessus

PROFESSIONAL EXPERIENCE

Information Security Analyst - Centers for Disease Control and Prevention (CDC) – Compass Federal Consulting

September 2021 – March 2025

•Led system kickoff meetings, coordinated RMF packages, and supported full Authorization to Operate (ATO) lifecycle from start to finish.

•Ensured proper system categorization by following the guidelines in NIST 800-60 and FIPS 199.

•Conducted security controls and risk assessments of Federal systems and applications that included reviewing organizational policies, standards and procedures, observation and interviewing appropriate personnel.

•Developed and managed comprehensive documentation including SSP, SAPs, ST&E Reports, and SARs, while analyzing Web Inspect vulnerability scan reports and integrating findings into the SAR to support risk analysis and ATO decision-making.

•Executed the development of POA&Ms to document security vulnerabilities and mitigation strategies in the SAR, tracked POAM remediation efforts in Archer, and ensured timely closure.

•Reviewed evidence and existing documentation needed to validate controls including security policies and procedures, and previous assessment reports.

•Reviewed and updated System Security Plans and other documents using the NIST 800-18 as a guide.

•Performed regular vulnerability scans on enterprise systems using Tenable.sc to identify security weaknesses and ensure compliance with organizational policies.

•Coordinated penetration testing activities across multiple systems in support of the agency’s continuous monitoring requirements.

•Managed the full lifecycle of web-based, host-based, and continuous testing Pen Test, from scoping and execution through reporting and remediation validation.

•Directed penetration testing initiatives, including cloud-based assessments and the Annual Cloud Pen Test, ensuring alignment with organizational security objectives.

•Maintained and updated Pentest workflow and escalation SOPs to ensure consistent, efficient, and compliant penetration testing operations.

•Compiled weekly reports summarizing vulnerabilities, action items, and completed tasks to support risk mitigation and executive decision-making.

•Collaborated with ISSOs, system owners, and third-party vendors to scope tests, validate system boundaries and ensure alignment with NIST SP 800-53 and NIST SP 800-115.

Information Security Analyst - National Institutes of Health (NIH) – Compass Federal Consulting / Open Science Systems April 2019 – August 2021

•Provided Assessment and Authorization (A&A) support across NIH Institutes and Centers (ICs).

•Guided Information System Security Officer’s (ISSOs) through POA&M creation, vulnerability remediation efforts and required documentation for Federal systems, providing support to ensure accuracy and compliance.

•Performed self-assessments based on NIST guidelines, identified weaknesses, and developed POA&Ms following industry best practices.

•Established remediation deadlines, tracked progress, and ensured the resolution of security vulnerabilities

•Reviewed and validated all system security documentation and ensured NIST alignment.

•Responded to ServiceNow tickets, reviewing and approving waivers, assessments, and exceptions.

•Assisted with privacy threshold analysis, eAuthentication, and BIA documentation.

•Ensured timely completion of Annual Assessments and Contingency Plan Tests to support FISMA compliance and maintain system authorization.

•Ensured all required FISMA documentation was current and properly uploaded under each respective system in NSAT/GRC tool in accordance with compliance and reporting requirements.

•Created FISMA systems within NSAT tool, updated the A&A Wiki page to align content with prevailing NIH policies and ensure compliance with agency standards and requirements.

•Developed RMF BPA training materials for new users and staff, providing guidance to ensure compliance with NIST and NIH requirement.

Security Control Assessor (SCA) - National Credit Union Administration (NCUA) – Micore Solutions

April 2017 – February 2019

•Conducted security assessments and audits of customer IT systems to ensure compliance with organizational security policies, NIST SP 800-53A, and RMF.

•Reviewed methods and test procedures; assessed and evaluated security controls using NIST SP 800-53A as a guide and documented security assessment in Security Assessment Plan.

•Collected artifacts to validate baseline control implementation and assembled full accreditation (ATO) packages.

•Reviewed SSPs, Configuration Management Plans (CMPs), Contingency Plans (CPs), and related documentation for compliance and completeness.

•Developed detailed Security Assessment Reports (SARs) using vulnerability scan data and test results.

•Facilitated assessment activities by organizing kick-off meetings, scheduling interviews with system owners, and guiding stakeholders through the A&A process.

•Reviewed FIPS 199 Security Categorization for impact level determination and assessed controls in alignment with privacy and security requirements.

•Coordinated ATO package preparation includes SSPs, SAPs, SARs, POA&Ms.

•Executed test plans and walkthroughs per NIST 800-53A for multiple systems.

•Reviewed vulnerabilities and participated in weekly assessment progress meetings.

Help Desk Support Specialist Comcast

July 2015 – February 2017

•Provided Tier 1 support for hardware/software issues, onboarding, and imaging.

•Maintained IT knowledge base and resolved support tickets using help desk tools.

•Accurately diagnosed and solved system, hardware and software problems using the help desk ticketing system.

•Provided software updates and upgrades to workstations and other equipment, including anti-virus, Microsoft Office applications and Comcast proprietary applications.

•Reimaged and configured new workstations for new associates.

•Updated IT knowledge-based articles as solutions were found.

•Maintained inventory of hardware and software



Contact this candidate