Post Job Free
Sign in

Information Security Customer Service

Location:
Bowie, MD
Posted:
July 10, 2024

Contact this candidate

Resume:

EXPERIENCE SUMMARY:

Highly motivated Information Security Analyst with nine years of experience analyzing various security-related events, performing assessments, and protecting enterprise information systems. Expertise in customer service management, security, and data protection, team leadership, project management, strategic planning, and policy and procedure reinforcement.

AREAS OF EXPERTISE:

MS Office Suites

Linux

Contingency Plan

ISCP

POA&M

RMF

Incident Response

TEXT

SOP

Nessus

Windows

PTA

NIST 800 Series

CSAM

ATO Package

Vulnerability Management

Risk Assessment

ISO 27001

GRC

FedRAMP

DRP

eMASS

Data Analysis

PROFESSIONAL EXPERIENCE:

Guide House 09/22 – Present

Grant Thornton 08/20 – 09/22

Information System Security Officer

Implements the Risk Management Framework (RMF) in accordance with NIST SP 800-37 Rev 2

Working with clients to produce non-FedRAMP and FedRAMP compliant System Security Plans and all required documents using CSAM.

Assisting clients with the maintenance and monitoring of controls and required FedRAMP artifacts and submissions.

Work with the client, SaaS providers, and internal development team to identify security gaps and resolve them to protect client data.

Reviews security categorization of systems using FIPS 199 & NIST SP 800-60 Vol 2

Updates technical, operational, and management control families and controls with guidance from NIST 800-53 Rev 4 and FIPS 200.

Work with a team of Developers, Information Security Owners, and System Engineers to select, implement, and tailor security controls to safeguard system information.

Reviews and updates SSP implementation statements of respective applicable control to assigned systems as the need arises using NIST 800-18

Provide support for security-related FedRAMP compliance controls; and audit systems, services, and processes to verify adherence to company security policies and procedures.

Central point of contact for questions about the company’s FedRAMP security practices and support process for responding to Federal customer security questionnaires.

Develop information security policies, standards, procedures, and best practices to support a FedRAMP moderate operating environment.

Maintain A&A project documentation in CSAM and update the documents annually as part of the continuous monitoring RMF requirement.

Perform independent compliance reviews, tracking, and continuous monitoring of RMF A&A packages in CSAM.

Independently put together a variety of Security Authorization deliverables including System Security Plans, Security Assessments Reports, Risk Assessment Plans, and POA&M.

Conduct risk assessments regularly; ensure measures raised in assessments were implemented in accordance with the risk profile, and root causes of risks were fully addressed following NIST 800-30 and NIST 800-37.

Conduct Self-assessments and provide briefings to stakeholders like system owners and Business owners.

Document and Review security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.

Provide routine support of IT security programs to ensure that security objectives of Confidentiality, Integrity, and Availability are met.

DT Tech Consulting 05/24/2019 – 08/07/2020

Cloud Security Analyst/FedRAMP Specialist

Conducted a comprehensive review of the Cloud System seeking Agency Authorization using FedRAMP standards and provided Authorization recommendations to the Authorizing Official.

Conducted continuous monitoring of SaaS applications that have been procured by the agency and provided status updates to the stakeholders.

Reviewed security controls, policies, and procedures and provided recommendations for the adaptation of new technologies or policies.

Identified improvement areas and provided organization-wide security awareness training.

Obtained and reviewed FedRAMP ATO packages for SaaS and PaaS applications.

Work with teams to ensure they make safe, compliant, design and architectural decisions.

Performed security categorization, using FIPS 199, and reviewed Privacy Threshold Analysis (PTA), and E-Authentication with business owners and selected stakeholders.

Developed NIST Compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M) and addressed system weaknesses.

Performed comprehensive Security Control Assessment (SCA) and prepared reports on management, operational, and technical security controls for audited applications and information systems.

Provided answers to Audit inquiries.

Conducted risk assessments regularly; ensured measures raised in assessments were implemented in accordance with the risk profile, and root causes of risks were fully addressed following NIST 800-30 and NIST 800-37.

Conducted Self-assessments and provided briefings to stakeholders like system owners and Business owners.

Documented and reviewed the System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO.

Documented and Reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.

Conducted Risk Management Framework (RMF) assessments and Continuous Monitoring: Performed RMF assessment on several different environments using both scanning tools and manual assessment. The assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance on evidence needed for security controls, and documenting the findings of the assessment.

Defense Point Security 09/24/2018 – 05/03/19

Security Assurance Analyst

Identified improvement areas and provided organization-wide security awareness training.

Reviewed security controls, policies, and procedures and provided recommendations for the adaption of new technologies or policies.

Conducted FISMA-based security risk assessments for government contracting organizations and application systems, including interviews, tests, and inspections; produced assessment reports and recommendations; conducted out-briefings.

Performed security categorization, using FIPS 199, and reviewed Privacy Threshold Analysis (PTA), and E-Authentication with business owners and selected stakeholders.

Obtained and reviewed FedRAMP ATO packages for SaaS and PaaS applications.

Conduct continuous monitoring of SaaS applications that have been procured by the agency and provide status updates to the stakeholders.

Assessments conducted following NIST 800 processes and controls.

Work with teams to ensure they make safe, compliant, design and architectural decisions.

Perform security categorization, using FIPS 199, and review Privacy Threshold Analysis (PTA), and E-Authentication with business owners and selected stakeholders.

Develop NIST Compliant vulnerability assessments, technical documentation, and Plans of Action and Milestones (POA&M), and address system weaknesses.

Perform a comprehensive Security Control Assessment (SCA) and prepare a report on management, operational, and technical security controls for audited applications and information systems.

Reviewed and Analyzed System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO)

Risk Management Framework (RMF) assessments and Continuous Monitoring: Performed RMF assessment on several different environments using both scanning tools and manual assessment. The assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance on evidence needed for security controls, and documenting the findings of the assessment.

Conducted risk assessments regularly; ensured measures raised in assessments were implemented per risk profile, and root causes of risks were fully addressed following NIST 800-30 and NIST 800-37.

Conducted Self-assessments and provided briefings to stakeholders like system owners and Business owners.

Conducted comprehensive reviews of Cloud Systems seeking Agency Authorization using FedRAMP standards and provided Authorization recommendations to the Authorizing Official.

Documented and Reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.

Washington Tech Solution 03/09/2015 - 09/14/2018

Information Security Analyst

Conducted self-assessments of security controls on various impact systems following agency guidelines to ensure compliance with NIST 800-53a.

Collaborated with System Owners, and security team members, to make sure security controls are updated properly, and have evidential material to support security control.

Ensured Security documentation (System Security Plan, Contingency Plan, Risk Assessments, and Incident Response Plan, etc.) are reviewed, maintained, and up to date for FISMA Compliance.

Worked with a team of Developers, Information Security Owners, and System Engineers to select, implement, and tailor security controls to safeguard system information.

Created Standard Operating Procedures templates (SOPs) for assigned systems.

Provided support during ATO Assessments, providing evidence as needed.

Created and reviewed POA&Ms to ensure all POA&Ms have a documented path forward.

Collaborated with ISSO and security team to implement security controls selected in SSP Using NIST 800-18 as a guide to develop SSP.

Work with ISSO and Security team to access security controls selected, in updating SAP, ROE where Vulnerability scanning and penetration testing procedures are included in the assessment,

Conducted assessment meeting kickoff and security Control meeting with ISSO and System Owner Assessment finding results be reflected on the (RTM) or Test case and all weaknesses noted be reported in our SAR report.

Monitored security controls using NIST 800-137 as a guide by testing a portion of one-third of the Applicable Security controls annually and performing periodic Vulnerability Scanning.

EDUCATION AND CERTIFICATIONS:

University of Buea, B.S., Computer Science and Information Technology

Oracle Certified Associate Oracle Solaris 10 - Oracle University

Cloud Security Alliance V3 CCSK

CEH

CHFI

Sec+

CISA



Contact this candidate