Security Control Assessor Resume Example Company Name

SECURITY CONTROL ASSESSOR

Skills

Developing system security plans (SSP)
Planning and Coordination
Implementing security programs
Data security
Conflict resolution
Leadership

Critical thinking
Risk Management Framework, CMMC, GRC
Vulnerability Assessment
Tenable Nessus, CSAM, XACTA
SDLC Processes
Knowledge of : NIST 800-53 Rev. 5, NIST 800-39, NIST 800-37, NIST 800-30, NIST 800-53a Rev 5, NIST 800-171, FIPS 199, FIPS 200, FedRAMP, FISMA, Risk Assessment (RA), Security Assessment Reports (SAR), Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), SPLUNK

Professional Summary

Security Controls Assessor with five years' experience in managing and protecting enterprise information and network systems through information assurance in accordance with FISMA, FedRAMP and OMB. Direct work experience in conducting assessments of management, operational, and technical security controls employed within or inherited by information systems to determine the overall effectiveness of the controls. Possesses exceptional communication and leadership skills, effectively engaging stakeholders in both commercial and federal sectors.

Work History

Security Control Assessor, 12/2018 to Current
Company Name - City, State

Conducted security audits to identify vulnerabilities.
Responsible for ensuring System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&M), Contingency Plans (CPs), Incident Response Plans (IRPs) and artifacts are maintained and updated in CSAM.
Ensures management, operational and technical controls for securing information systems are properly in place, enforced, and followed according to FISMA and FedRAMP guidelines as stated in NIST SP 800-53, SP 800-53A rev 4 and SP 800-37 rev 1.
Participates in client interviews to determine the security posture of information systems and assists in the completion of Security Assessment Plans (SAPs) and Security Assessment Reports (SARs).
Analyzes reports from vulnerability scans conducted on information systems using Tenable Nessus and communicates security vulnerabilities to systems' owners.
Assists in continuous monitoring procedures that effectively manage and documents changes to information systems.
Conducted kick-off meetings with stakeholders and produced Security Assessment Plans (SAPs) and Security Assessment Reports (SARs).
Assessed systems to analyze risks, identify vulnerabilities, and report on system weaknesses via testing security controls, interviewing system personnel and examining artifacts.
Consulted with team members and leadership to carry out risk assessments and provided security Test and Evaluation (ST&E) questionnaires to systems Information Systems Security Officer (ISSO) using NIST SP 800-53A rev 4 as guidance.
Populated Risk Traceability Matrixes (RTMs) with security control test results and produced Security Assessment Reports (SARs) detailing findings of the information system.
Conducted internal security control assessments in preparation of independent third-party audits.
Reviews GRC ServiceNow data for stakeholders.

Cybersecurity Analyst, 06/2015 to 12/2018
Company Name - City, State

Designed company-wide policies to bring operations in line with Center for Internet Security (CIS) standards.
Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
Provided hands-on support to the Information Systems Security Officer (ISSO) throughout the lifecycle of all projects.
Performed risk analyses to identify appropriate security countermeasures.
Categorized information systems by identifying information types and assigning potential impact levels for a loss of Confidentiality, Integrity, and Availability (CIA) using NIST SP 800-60 and FIPS 199 for guidance.
Selected the appropriate security controls for the information systems based on systems high watermark and guidance provided by NIST SP 800-53 rev 4, FIPS 200.
Managed and tracked Plan of Action and Milestones (POA&Ms) status in CSAM. Worked with Information Systems Security Officers (ISSOs), engineers, and vendors to remediate findings and close Plan of Action and Milestones (POA&Ms).
Prepared, developed, and ensured all Assessment and Authorization (A&A) documentation was included in system's authorization package when submitted to the Authorizing Official (AO).

Tier II Engineer, 10/2012 to 06/2015
Company Name - City, State

Responded to technical concerns quickly and effectively devised solutions.
Responded to IT incidents and requests that were assigned or escalated by Tier 1.
Interfaced with and created tickets for customers while working directly with them remotely.
Collaborated with on-site directors, operations managers and supervisors on engineering projects.
Followed-up with end users to provide status updates as per service level guidelines.
Conducted research to test and analyze feasibility, design, operation and performance of equipment, components and systems.

Education

Bachelor of Science: : Computer Science, 05/2008Valley Forge Military College - City, State

Certifications

CompTIA Security+

Resume Overview

School Attended

Valley Forge Military College

Job Titles Held:

Security Control Assessor
Cybersecurity Analyst
Tier II Engineer

Degrees

Bachelor of Science : : Computer Science , 05/2008

Security Control Assessor Resume Example

DISCLAIMER

How this resume score could be improved?

Resume Overview

Create a job alert for [job role title] at [location].

Similar Resumes