. Motivated Information System Security Professional with a 5-year experience in Managing and protecting Enterprise Information and Network systems in accordance with applicable standards, policies and regulatory guidelines. . Thorough knowledge and understanding of the System development Life Cycle and Risk Management Framework. Skilled in Security and Privacy Control Assessment, monitoring and documenting Authorization To Operate (ATO) package- SSP, SAR, and PAO&M. Well experienced in vulnerability assessment and management. Possess excellent communication, interpersonal and critical thinking skills. Effectively engaging System Stakeholders to remediate (PAO&M) findings and providing recommendations for security improvements
Skills
Microsoft office suite (Word, Excel and PowerPoint)
Vendor Risk/Third Party security Risk Management.
Expert Knowledge of NIST, RMF Process OMB, FIPS 199 and 200 FISMA, FedRAMP, PCI-DSS, Privacy Threshold Analysis(PTA), Privacy Impact assessment (PIA), HIPAA,ISO 27001
Vulnerability Assessment and Management using tools such as Tenable Nessus, WEBINSPECT, NEXPOSE
Developing System Security Plans, Security Assessment report and Plan of Action and Milestone
Incident Reports
CSAM
Multitasking Abilities
Ability to adapt in fast-paced and time sensitive environment.
Leadership and organizational skills
Exceptional Verbal and Written Communication skills
Team player and can work independently
Work History
03/2019 to Current
Security Control Assessor (SCA)Caci International Inc. – Warrenton, VA,
Schedule kick off meetings with system owners to help identify assessment scope, system boundary, information system's category and attain any artifacts needed in conducting assessment.
Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide.
Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with NIST SP 800-53A Rev 4 Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination and testing.
Document assessment findings in Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.
Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool.
Perform vulnerability and baseline scans using tools such Tenable Nessus, WEBINSPECT, NEXPOSE, analyze scan results and document findings in the POA&M
Review and update remediation on POA&Ms in organization's CyberSecurity Assessment and Management (CSAM) system
Collaborate with System Administrators to remediate POA&M findings
Ensure Vulnerabilities and Risk are efficiently mitigated in accordance with organization Continuous monitoring plan
Monitor controls post authorization to ensure continuous compliance with security requirements.
02/2018 to 02/2019
Cyber Security Analyst (ISSO)Imagine One – New Orleans, LA,
Implemented Risk Management Framework (RMF) in accordance with NIST SP 800-37.
Reviewed security categorization of systems using FIPS 199 & NIST SP 800-60 Updated technical, operational and management control families and controls with guidance from NIST 800-53 Rev 4 and FIPS 200.
Reviewed and updated System Security Plan implementation statements of respective applicable control to assigned systems as need arises using NIST 800-18.
Independently put together a variety of Security Authorization deliverables including; System Security Plans, Security Assessments Reports, Risk Assessment Plans and POA&M.
Created and updated Authorization to Operate (ATO) packages Drafted, finalized, and submitted Privacy Threshold Assessments (PTAs), Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs) for annual review and recertification.
Continuously monitored security controls effectiveness using NIST SP 800-137 as a guide.
Created plans and communicated deadlines to ensure that projects were completed on time
01/2017 to 01/2018
Junior Information Security AnalystCollins Aerospace – Bamberg, SC,
Assisted in the development, maintenance and implementation of IT Risk Management Framework
Ensured established internal control procedures were in compliance by examining reports, records documentation and operating practices.
Ensured security awareness and training materials were reviewed and updated periodically.
Analyzed Nessus scans to identify vulnerabilities and documented weaknesses.
Evaluated and managed system vulnerabilities
Reviewed, monitored, and responded to escalated system security alerts.
Performed Vendor risk assessments to identify emerging key risks and reassess current risks.
Assessed completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls.
Communicated vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
Validated evidence from vendors before remediation plans are closed.
Planned and executed onsite security/risk assessments for third party vendors.
Ensured all risk controls were documented in a Vendor Risk Scorecard in accordance with Third Party Risk Management (TPRM) Policy and the Risk Assessment Matrix.
Assessed outsourced products/services for Risks and Criticality.
01/2015 to 12/2016
Customer Service RepresentativeMolina Healthcare – City, STATE,
Maintained customer satisfaction with forward-thinking strategies focused on addressing customer needs and resolving concerns.
Inbound and outbound calls to patients and providers on insurance coverage verification, benefits information, provider contracting and credentialing status, prior authorization status verifications
Provided primary customer support to internal and external customers.
Offered advice and assistance to customers, paying attention to special needs or wants.
Clarified customer issues and determined root cause of problems to resolve product or service complaints.
Updated account information to maintain customer records.
Used company troubleshooting resolution tree to evaluate technical problems and find appropriate solutions.
Education
Expected in 2019
Master of Science: Information Technology-Information Assurance University of Maryland - Adelphi, Maryland GPA:
Expected in 2008
Bachelor of Science: Computer Science University of Buea - Cameroon, GPA:
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
How this resume score could be improved?
Many factors go into creating a strong resume. Here are a few tweaks that could improve the score of this resume:
