Over three years' experience in Security Assessments using Certification & Accreditation (C&A) processes, NIST 800 Series, NIST Risk Management Framework, Federal Information Processing Standards (FIPS) and Federal Information System Act (FISMA )requirements. Excellent written and verbal communication skills with the ability to communicate with colleagues at varying levels of technical expertise. Standards and Area of Specializations FISMA, NIST SP 800 Series, FIPS 199 & 200, SSP, POA&M, HIPAA, Risk Management Framework, Security Assessment & Authorization (SA&A), Windows, MS Excel, MS, Word, MS PowerPoint, Remedy, Certification and Accreditation, General Computer Controls, Application control, and Compliance Testing, Vulnerability Scans, Risk Assessment, Policies and Procedures, Implementation. Experience in Network Administration Principles, VPN Concentrator
Skills
Guest services
Inventory control procedures
Merchandising expertise
Loss prevention
Cash register operations
Product promotions
Experience
Information Security Analyst, 08/2015 to 10/2017 Nes Associates – Bedford, MA,
Conducted Security Assessment on Low and moderate systems using NIST Framework.
Ensured that all routers where secured with proper password authentication Assessed risks, identified mitigation requirements and developed recommendations.
Promoted awareness of security issues among management and ensure sound security principles were reflected in the organization's visions and goals.
Contributed in the creation of SA&A assessment packages with the responsibility of gathering information from system owners applying data to the appropriate templates and attending meetings in support of the effort.
Developed, reviewed and updated Information Security System Policies, System Security Plans and Risk Assessment Report in accordance with NIST, FISMA, OMB App.
III A-130 and industry best security practices Responsible for assessing the management, operational, and technical security controls implemented on an information system via security assessment and authorization (SA&A) methods Applied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev 4, SP 800-53A, FIPS 199 and FIPS 200 Conducted systems and network vulnerability scans in order to identify and remediate potential risks.
Developed and analyzed security policies, procedures and technical standards including corporate compliance, security training, and end-user awareness Medical applications systems, and networks to ensure the integrity, availability, and confidentiality of information Ensured that personnel accessing systems complied with HIPAA (Health Insurance Portability and Accountability Act.
Ensured that systems security measures are taken to protect Personal Identifiable Information (PII) Enhanced and optimized the existing log monitoring and analysis process to identify, scope, track, and report on potential security incidents, unauthorized configuration changes, and policy violations.
IT Risk Analyst, 01/1 to 07/2015 Bank Of America Corporation – Prescott Valley, AZ,
Documented and Review System security plans (SPP), Contingency plans (CP), Contingency plan Tests (CPT), Privacy Impact Assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines Performed Vulnerabilities scanning using Nessus to scan network systems to ensure that network systems are secured Ensured correct and updated information is documented in the System Security Plans (SSP) in accordance with NIST.
Drafted Security Assessment Reports (SAR) and Security Requirements Traceability Matrix (SRTM) to identify security controls that were tested and examined following assessments efforts.
Run targeted vulnerability, baseline and credential scans on the network using Nessus.
Facilitated in the remediation of critical findings from generated reports Nessus scans.
Collaborated with ISSO (Information System Security Officer) in scheduling kick-off meeting and rules of communication using Microsoft outlook, skype and excel spreadsheet.
Assisted with investigations of security events (e.g., unauthorized access, non- compliance with company policies, fraud, service exploitation, etc.) to determine malfunctions, breaches, and remediation steps.
Drafted initial Security Categorization Document (SCD) to provide system categorization level (utilizing FIPS 199 & NIST SP 800-60).
Drafted initial POA&Ms by collecting and documenting security artifacts to validate the implementation of security controls.
Computer Technical Analyst, 08/2011 to 07/2012 Exegy – New York, NY,
Coordinated and led the design, implementation and evaluation of all phases of highly complex information security solutions and programs for a particular contract or company.
Designed audits of computer systems to ensure they are operating securely and that data is protected from both internal and external attack.
Made recommendations for preventive measures as necessary.
Assessed assigned system to determine system security status.
Designs and recommends security policies and procedures to implement; ensures compliance to policies and procedures.
Designs training materials for computer security education and awareness programs.
Education and Training
MS: Information Technology, Expected in 2015 University of Maryland University College MD - , GPA: GPA: 3.7 Information Technology
Master's: Business Administration, Expected in 2014 University of Maryland University College MD - , GPA: GPA: 3.9 Business Administration
Bachelor of Science: Biology, Expected in 2009 State University of New York - Plattsburg, NY GPA: Biology
COMTIA + (Security plus in progress: , Expected in December 2017 - , GPA:
)
Groups
WIT- Women in Technology
Women's Society of Cyberjutsu: , Expected in - , GPA:
Skills
network systems, Risk Assessment, scheduling, spreadsheet, training materials
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
How this resume score could be improved?
Many factors go into creating a strong resume. Here are a few tweaks that could improve the score of this resume:
resume Strength
Length
Measurable Results
Personalization
Target Job
Resume Overview
School Attended
University of Maryland University College MD
University of Maryland University College MD
State University of New York
Job Titles Held:
Information Security Analyst
IT Risk Analyst
Computer Technical Analyst
Degrees
MS
Master's
Bachelor of Science
COMTIA + (Security plus in progress
)
Groups
WIT- Women in Technology
Women's Society of Cyberjutsu
