, , 100 Montgomery St. 10th Floor(555) 432-1000, resumesample@example.com
Professional Summary
Security Controls Assessor with eight years’ experience in managing and protecting enterprise information and network systems through information assurance in accordance with SOC 2, ISO 27001, PCI-DSS, FISMA, FedRAMP and OMB. Direct work experience in conducting assessments of management, operational, and technical security controls employed within or inherited by information systems to determine the overall effectiveness of the controls. Possesses exceptional communication and leadership skills, effectively engaging stakeholders in both commercial and federal sectors.
02/2020 to CurrentInformation Security AnalystNucrest Llc | Arlington, VA,
Designed company-wide policies to bring operations in line with ISO 27001 standards.
Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
Provided hands-on support to Information Systems Security Officer (ISSO) throughout lifecycle of all projects.
Performed risk analyses to identify appropriate security countermeasures.
Reviewed violations of computer security procedures and developed mitigation plans.
Monitored computer virus reports to determine when to update virus protection systems.
Design the ISO 27001 audit schedule and allot responsibilities to the audit teams
Carry out the quality assessment tests to compute the dimensional, speed and performance levels of the product
Prepare quality assessment report and give an overview of the product's present quality and efficiency against the expected standards
Report the non conformity of the products specifications with the ISO 27001 requirements
Resolve any queries raised by management in respect of quality assessment
12/2018 to 02/2020Security Control AssessorBank Of The West | Little Falls, MN,
Conducted security audits to identify vulnerabilities.
Responsible for ensuring System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&M), Contingency Plans (CPs), Incident Response Plans (IRPs) and artifacts are maintained and updated in CSAM.
Ensures management, operational and technical controls for securing information systems are properly in place, enforced, and followed according to FISMA and FedRAMP guidelines as stated in NIST SP 800-53, SP 800-53A rev 4 and SP 800-37 rev 1.
Participates in client interviews to determine security posture of information systems and assists in completion of Security Assessment Plans (SAPs) and Security Assessment Reports (SARs).
Analyzes reports from vulnerability scans conducted on information systems using Tenable Nessus and communicates security vulnerabilities to systems’ owners.
Assists in continuous monitoring procedures that effectively manage and documents changes to information systems.
Conducted kick-off meetings with stakeholders and produced Security Assessment Plans (SAPs) and Security Assessment Reports (SARs).
Assessed systems to analyze risks, identify vulnerabilities, and report on system weaknesses via testing security controls, interviewing system personnel and examining artifacts.
Consulted with team members and leadership to carry out risk assessments and provided security Test and Evaluation (ST&E) questionnaires to systems Information Systems Security Officer (ISSO) using NIST SP 800-53A rev 4 as guidance.
Populated Risk Traceability Matrixes (RTMs) with security control test results and produced Security Assessment Reports (SARs) detailing findings of the information system.
Conducted internal security control assessments in preparation of independent third-party audits.
Reviews GRC ServiceNow data for stakeholders.
06/2015 to 12/2018Cybersecurity AnalystVenatore | City, STATE,
Categorized information systems by identifying information types and assigning potential impact levels for loss of Confidentiality, Integrity, and Availability (CIA) using NIST SP 800-60 and FIPS 199 for guidance.
Selects appropriate security controls for information systems based on systems high watermark and guidance provided by NIST SP 800-53 rev 4, FIPS 200.
Managed and tracked Plan of Action and Milestones (POA&Ms) status in CSAM. Worked with Information Systems Security Officers (ISSOs), engineers, and vendors to remediate findings and close Plan of Action and Milestones (POA&Ms).
Prepared, developed, and ensured all Assessment and Authorization (A&A) documentation was included in system’s authorization package when submitted to the Authorizing Official (AO).
10/2012 to 06/2015Tier II EngineerCompany Name | City, State,
Responded to technical concerns quickly and effectively devised solutions.
Responded to IT incidents and requests that were assigned or escalated by Tier 1.
Interfaced with and created tickets for customers while working directly with them remotely.
Collaborated with on-site directors, operations managers and supervisors on engineering projects.
Followed-up with end users to provide status updates as per service level guidelines.
Conducted research to test and analyze feasibility, design, operation and performance of equipment, components and systems.
Education
Expected in 05/2008Bachelor of Science | Computer ScienceValley Forge Military College, Wayne, PAGPA:
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
How this resume score could be improved?
Many factors go into creating a strong resume. Here are a few tweaks that could improve the score of this resume:
