Risk Management Scrum Master

Joyce Anjeh

Active Secret Clearance

MBA -Cyber Security-Certified CompTIA Security+, Cyber Threat Leve 1, CISA.

E-mail: ad79ok@r.postjobfree.com Phone: +1-443-***-**** Address: Owings, MD 21117

PROFESSIONAL SUMMARY

Dedicated and driven Security and Compliance Analyst with a passion for ensuring robust security protocols and regulatory compliance within organizational frameworks. Seeking to leverage a strong background in risk assessment, threat detection, and regulatory adherence to contribute effectively towards safeguarding sensitive data and fortifying organizational resilience against evolving security threats. Committed to staying abreast of industry best practices and emerging technologies to enhance security posture and mitigate vulnerabilities effectively. I am dedicated to safeguarding organizational assets, information systems, and data from cyber threats and risks. I have conducted cyber risk assessments, prioritized risk management activities, and ensured compliance with cybersecurity standards and regulations. Investigated and resolved security-related issues such as system vulnerabilities, malware infections, and unauthorized access attempts. I leverage log analysis tools to go through vast amounts of data, identify abnormal behavior, and investigate security incidents to determine their root cause.

SKILLS SNAPSHOT

NIST 800 series; 800-18, 37, 39 .50, 53, 53A, 30, 60, 118, 137, 171, FIPS, FISMA ISO 27001, HIPAA, SOC2, PCI-DSS and others. Incident reporting and incident management with tools like JIRAVendorsecurityassessmentProjectManagementNetworking monitoring with IDS/IPS, Firewall etc.

POAM ManagementDrafting and creating Sops Third Party Risk Management (TPRM) Drafting Policies&Procedures Software Development Lifecycle (SDLC) Cloud and FedRAMP Compliance

GRC Compliances and EXACTA 360 proficientTechnical Writing Capabilities.solutions SIEMs, firewall appliances, intrusion prevention systems, data loss. OWASP Top 10 and SANS 25. Identify and address issues such as CSRF, XSS, SQL Injection, Privilege Escalation. conducted and reviewed vulnerability scans, device configurations, and system architecture, employing tools like Nessus, WebInspect, IACS, CSAM, and AppDetective. I've honed my expertise in information security engineer, specializing in vulnerability scanning, anti-malware solutions, content filtering, breach detection, and network security. Leverage detection/prevention systems (IDS/IPS), firewalls, proxies, antivirus software, Endpoint Detection and Response (EDR), and Data Leakage Prevention (DLP) solution.(SIEM) solutions such as Splunk, IBM QRadar, or ArcSight for log aggregation, correlation, and analysis.

EDUCATION

Master of Science in Cybersecurity Technology, University of Maryland Global Campus, June 2022

Cyber Threat Hunting Level 1

Certified CompTIA Security+

Certified Scrum Master. Scrum Alliance

Professional Scrum Master. Scrum.Org

Certified Information Security Manager (CISM) by ISACA

PROFESSIONAL EXPERIENCE

Triple Canopy Inc October 2019 – Present

Cyber Security Analyst, Washington DC

Tracking and report level of compliance for Information Systems.

Reviewing and analyze information system audit records weekly for indications of inappropriate or unusual activity and reports findings to appropriate management and technical personnel.

Receiving information system security alerts, advisories, and directives from designated external organizations on an ongoing basis

Generating internal security alerts, advisories, and directives as deemed necessary and disseminate security alerts, advisories, and directives to appropriate management and technical personnel.

Implementing security directives in accordance with established time frames.

Ensuring that the organization's systems and processes meet industry regulations.

Reviewing and analyze security controls, identify vulnerabilities and risks, and recommend and implement solutions to improve the overall security posture of the organization.

on Authorization boundaries

Evaluating the effectiveness and implementation of Continuous Monitoring Plans

Representing the customer on inspection teams

Communicating with the Information system Security officer to analyze risks.

Conducting risk management by identifying, assessing, responding, and monitoring risk respectively.

Assessing incoming threats and developing plans to close loopholes.

Analyzing security breaches to determine the root cause of problems.

Generating reports for both technical and non-technical staff.

Completing penetration tests on network systems and configured and updated antivirus servers.

Performing security evaluations, managed, and regulated all user access to the company's network, and pro-actively participated in team meetings with IT managers.

Performing and analyze vulnerability scans using the Nessus Tool

Planning, implementing, upgrading, or monitoring security measures for the protection of computer networks and information.

Assessing system vulnerabilities for security risks propose and implement risk mitigation strategies.

Meticulously assess and analyze the organization's current security posture, identifying vulnerabilities and potential threats.

Design and implement comprehensive security policies, procedures, and controls to mitigate risks and ensure compliance with industry standards and regulations.

Conduct regular security audits and assessments to evaluate the effectiveness of existing security measures and recommend improvements.

Develop and deliver customized security awareness training programs to educate employees about best practices and reduce the risk of security incidents.

Manage and configure security technologies such as firewalls, intrusion detection/prevention systems, and endpoint protection solutions to safeguard the organization's assets.

Collaborating with cross-functional teams to integrate security requirements into the development lifecycle of applications and infrastructure projects.

Monitor security events and alerts using SIEM (Security Information and Event Management) tools, promptly investigating and responding to potential security incidents.

Leading incident response efforts, coordinating with internal stakeholders and external partners to contain and mitigate security breaches effectively.

Conducting in-depth forensic analysis and root cause analysis to understand the impact of security incidents and prevent future occurrences.

Maintain and enhance the organization's disaster recovery and business continuity plans, ensuring resilience in the face of cyber threats and disruptions.

Staying abreast of the latest cyber security trends, threats, and technologies through continuous learning and professional development activities.

Contribute to the development and maintenance of security documentation, including policies, standards, procedures, and guidelines.

Serve as a subject matter expert on security-related matters, providing guidance and support to internal teams and external partners.

Participate in security governance meetings and represent the security team in discussions related to risk management and compliance.

Foster a culture of security awareness and accountability throughout the organization, promoting a proactive approach to cyber security among all stakeholders.

Performing system vulnerability scanning, IAVM Compliance, STIG/SRG Compliance and performing log reviews

MVM, Inc January 2013-October 2019Security Control Assessor, Ashburn, VA,

Verified accurate system categorization using National Institute of Standards & Technology (NIST) 800-60 and FIPS Federal Information Processing Standard (FIPS) to support systems/applications

Established security controls for information systems based on National Institute of Standards & Technology (NIST) 800-53 rev 4 and Federal Information Processing Standard (FIPS) 200

Conduced security assessment interviews and compose security assessment reports (SARs) during the completion of the securityTest and Evaluations (ST&Es)

Reviewed and confirm assessment and authorization (A&A) documentation is included within the system security package

Prepared Security Assessment Reports (SAR) in which all the weaknesses are reported.

Performed information security risk assessments and audit of information security processes to assess threat levels, risks, and vulnerabilities from emerging issues and recommend mitigation strategies

Coordinated with system owners to develop, test, and implement contingency and incident response plans to allow the organization to promptly return to daily operations following an unforeseen event

Analyzed and update remediation plans of action and milestones (POA&Ms) and implement/document corrective action plans

Resolved complex technical issues leveraging knowledge of the software development lifecycle (SDLC)

Coordinated with the IT Director and security teams to develop and maintain IT security policies, architecture, and security across the organization, including performing audits of security systems to maintain compliance with standards and protocols

Communicated with the Information system Security officer to analyze risks.

HartWood Foundation Inc. May 2010-January 2013

Assessor/IT Auditor, Fairfax VA.

Consolidated risk management activities, and manage tasks to ensure timely deliverables.

Champion a team of 5 information security professionals and oversee the review of security authorization packages based on the National Institute of Standards & Technology (NIST) to support systems/applications

Made recommendations based on Federal Information Processing Standard (FIPS) 199 impact level designations and identify the controls needed based on general support system or major applications

Performed oversight of the development, implementation and evaluation of IS security program policy; special emphasis placed upon integration of existing SAP network infrastructure

Performed assessment of ISs, based upon the Risk Management Framework (RMF) methodology in accordance with the Joint Special Access Program (SAP) Implementation Guide (JSIG)

Advised the Information System Owner (ISO), Information Data Owner (IDO), Program Security Officer (PSO), and the Delegated and/or Authorizing Official (DAO/AO) on any assessment and authorization issues

Evaluated Authorization packages and make recommendation to the AO and/or DAO for authorization

Evaluated IS threats and vulnerabilities to determine whether additional safeguards are required

Advise the Government concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system

Ensured security assessments are completed and results documented and prepare the Security Assessment Report (SAR) for the Authorization boundary

Initiated a Plan of Action and Milestones (POA&M) with identified weaknesses for each Authorization Boundaries assessed, based on findings and recommendations from the SAR

Evaluated security assessment documentation and provide written recommendations for security authorization to the Government

Discussed recommendation for authorization and submit the security authorization package to the AO/DAO

Assessed proposed changes to Authorization boundaries operating environment and mission needs to determine the continuation to operate.

Reviewed and concur with all sanitization and clearing procedures in accordance with Government guidance and/or policy

Assisted the Government compliance inspections

Evaluated the effectiveness and implementation of Continuous Monitoring Plans

Reviewed documentations to include System Security Plan using NIST 800-18 as a guide, Authorization to Operate (ATO),Security Assessment Report(SAR) using NIST800-30 as a guide, FIPS 199 and NIST 800-60 Vol1/Vol2 for System Categorization based on confidentiality, integrity and availability (CIA), policy and procedures, e-authentication, privacy threshold analysis (PTA), Privacy Impact Analysis (PIA), Contingency Plan (CP) and Interconnection Security Agreement (ISA) as per NIST 800-47, Certification and Accreditation (C&A) packages and System Standard Operating Procedures.

Worked with Stakeholders and Project managers to Develop a concrete, detailed plans for a project, including the schedule, the budget, outlining the duties of each team members, creating project charters and setting a timeline for the project

Guided and mentored the team while reviewing their performances and managing the KPIs.

Lead daily team stand up and weekly team meetings. Ability to facilitate meetings as well as capture and publish accurate notes

Analyzed and identified system and process gaps for new proposed business changes with

applications

In charge of producing weekly quality check reports published by other department managers.

Reviewed and assessed architecture design, implementation, testing and deployment needs, assess risk and worked with team and other project managers to develop risk management and issues management plans

Successful implementation of online transaction processing applications and its associated

modules like database testing and validation.

Technical Skills

Nessus Tool

Vulnerability Scan

Wireshark

Sniffing

Nmap

Vulnerability Scan

NIST SP 800-53

Recommends security controls for federal information systems and organizations and documents security controls for all federal information systems.

Microsoft office suite

Microsoft words, Excel, PowerPoint, OneNote, Outlook, Access, and Skype for Business

VMware

Able to run multiple applications and operating system workloads on one server

Virtual Machine Application

Stores data, including operating systems and applications.

Burp Suite

Vulnerability scan

OpenVAS

Vulnerability scan

Nikto2

Vulnerability Scan (Penetration testing)

Cain & Abel

Password Recovery tool

Cryptography

Protects sensitive data

OWASP ZAP

Vulnerability Scan

Contact this candidate