Information Security Analyst resume example with 7+ years of experience
JessicaClaire
, , 100 Montgomery St. 10th Floor(555) 432-1000, resumesample@example.com
Professional Summary
An experienced Information Security Analyst knowledgeable in Security Assessment and Authorization (A&A), implementation of the Risk Management Framework (RMF) Steps, applicable OMB policy, and NIST guidelines and standards on Federal Information Systems to ensure compliance with FISMA. Ability and knowledge to utilize security controls to mitigate vulnerabilities to achieve confidentiality, integrity, and availability of organizational information, and information systems; integrating risk management activities into organizational processes and System Development Lifecycle (SDLC) - Strong work ethics, detail-oriented team player with excellent interpersonal communication and presentation skills. IT professional with 7 years of experience developing and implementing security solutions in fast-paced environments. Skilled in SSP, SAR and POA&M with proven history of delivering exceptional risk management support.
Education/Certifications
Expected in 2023Bachelor of Science | Computer ScienceUniversity of The People, Pasadena, CAGPA:
Expected in 2011Bachelor of Arts | Music Theory and Composition/Criminal JusticeDallas Baptist University, Dallas, TXGPA:
Certifications
CompTIA Security+
Cybersecurity Analyst (CySA+)
Cisco Cybersecurity Essentials
Cisco Networking Essentials
Cisco Introduction to Packet Tracer
NDG Linux Essentials
NDG Linux Unhatched
CompTIA Advance Security Practitioner (CASP+)
Certified Ethical Hacker (CEH)
Certified Authorization Professional (CAP) in-view
Certified Information System Security Professional (CISSP) In-view
Skills
Vulnerability Management
Assessment & Authorization
FISMA
NIST Special Publications
Risk Management Framework RMF
Customer Service/ Client Relations
Risk Assessment
Authorization Package (SSP, SAR, POA&M)
Erecting firewalls
Wireshark Software
Customer Service
Data Security
Prepare Correspondence
Deadline-Driven
Microsoft Hyper-V Server
Multi-Line Phones
General Office
Designing Security Controls
Professional Appearance
Work History
07/2018 to CurrentInformation Security AnalystHd Supply | Tacoma, WA,
Reviewing, maintaining, and ensuring all Assessments and Authorizations (A&A) documentation are included in system security package.
Conducting security assessment interviews to determine Security posture of System and to develop Security Assessment Report (SAR) in completion of Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company Authorization to Operate (ATO), Risk Assessment, System Security Plans, and System Categorization.
Performing information security risk assessments and assisting with internal auditing of information security processes.
Assessing threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements.
Developing and conducting ST&E (Security Test and Evaluation) according to NIST Special Publications.
Providing recommendations regarding selection and implementation of controls that apply security protections to systems, processes, and information resources using NIST 18 family of security controls.
Working with support and security coordination team to ensure compliance with security processes and controls.
Developing Security Authorization documents and ensuring System Security Plan, Security Assessment Plan, Plan of Action and Milestones (POA&M), Contingency Planning and artifacts are maintained and updated in accordance with NIST guidelines.
Assisting System Owners and ISSO in preparing Assessment and Authorization Package for IT systems, ensuring management, operational and technical security controls adhere to formal and well-established security requirement authorized by NIST SP 800-53.
Reviewed violations of computer security procedures and developed mitigation plans.
Monitored computer virus reports to determine when to update virus protection systems.
05/2016 to 07/2018Information Security AnalystHd Supply | Tallahassee, FL,
Designated systems and categorized its C.I.A using FIPS 199 and NIST SP 800-60.
Performed Vulnerability Assessment and ensured that risks were assessed, evaluated and proper actions were taken to limit their impact on Information and Information Systems.
Developed System Security Plan (SSP), Security Assessment Report (SAR) and POA&Ms that were presented to Designated Approving Authorizing Official (AO) in order to obtain authority to operate (ATO).
Conducted periodic IT risk assessment and reviewed security controls for any deficiencies in accordance with NIST 800-53AR4.
Developed POA&M for deficient security controls reported to Information System owner for appropriate mitigation actions.
Conducted security controls assessment to ensure controls are implemented to comply with standards.
Initiated and led information security awareness and training program in order to inform employees of their roles in maintaining matured security posture.
Contributed in weekly change management meetings in order to evaluate change requests (systems or application) that could lead to approval or denial of requests, validated testing results from testing environments and promoted changes to production environment.
Conducted weekly review of security logs and vulnerability scans on Operating Systems, Databases, and Applications.
Identified, respond to, and report security violations and incidents as encountered to ensure that senior management is kept apprised of all pertinent security systems issues.
Performed library functions such as archiving and filing of final SA and RA documents, Process/Procedure documents, inventory and maintenance.
Validated and remediated vulnerabilities.
01/2014 to 05/2016Information Security AnalystHd Supply | Thornton, CO,
Generated, reviewed and updated System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements.
Identified security requirements specific to IT system in all phases of System Life Cycle.
Ensured compliance with annual FISMA deliverables and reporting.
Classified and categorized information Systems using RMF processes to ensure system Confidentiality, Integrity and Availability.
Developed Security Assessment Plan (SAP) to assess security controls.
Conducted security assessment interviews to determine Security posture of System and to develop Security Assessment Report (SAR) in completion of Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company Authorization to Operate (ATO), Risk Assessment, System Security Plans, and System Categorization.
Assessed security controls in accordance with assessment procedures defined in security assessment plan.
Prepared security assessment report documenting issues, findings, and recommendations from security control assessments.
Conducted remediation actions on security controls based on findings and recommendations of security assessment report (SAR).
Updated policies, procedures, standards, and guidelines according to system requirements.
Ensured policies & procedures are in place for all controls and reviewed annually.
Participated in client interviews to determine security posture of System.
Supported Information Assurance (IA) team to conduct risk assessments, documentation for Security Control Assessment, vulnerability testing and scanning.
Prepared and submitted Security Assessment Plan (SAP) for approval.
Conducted initial assessment and performed continuous monitoring of security control post assessment.
Worked with System Owner to develop and perform periodic testing of contingency and disaster recovery plan.
Developed and updated Security Plan, Plan of Action and Milestones (POA&M).
Monitored controls post authorization to ensure continuous compliance with security requirements.
Prepared and updated Security Assessment Report (SAR).
Analyzed and performed technical and non-technical security risk assessments of computer and network systems via network scans, interviews, documentation review and walk-through of both new and existing federal information systems for FISMA compliance using NIST guidelines and controls.
Conducted Risk Assessment on all system changes.
Re-assessed remediated controls for effectiveness.
Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.