security control assessor resume example with 7+ years of experience

Jessica Claire
, , 609 Johnson Ave., 49204, Tulsa, OK 100 Montgomery St. 10th Floor
Home: (555) 432-1000 - Cell: - - : - -
Professional Summary

IT professional with over 7 years of experience in Risk Management Framework, FISMA guidelines and key compliance regulations. Experience in testing of Information Technology controls and developing Security policies, procedures and guidelines. Excellent interpersonal, organizational and communication skills, able to work both independently and in a team setting. Keen interest in applying experience and skills to help achieve organizational missions and objectives, while enhancing knowledge for professional growth.

Expected in to to
MBA: Project Management
University of Phoenix - Tempe, AZ
Expected in to to
Bachelor of Arts: Psychology
University of Ghana - Accra, Ghana,


PMP, CISM, CISA ,CompTIA Security+.

In Progress , CISSP

Technical Skills
  • Risk Management Framework (RMF)
  • Assessing security controls
  • Project management.
  • SDLC and Agile Methodologies.
  • Rsa Archer, Csam, XACTA, NESSUS
05/2018 to Current
Security Control Assessor Nes Associates Shafter, CA,

Monitor security controls to ensure continuous compliance with systems security requirements, assist in establishing continuous monitoring strategy, and make recommendations to Project Managers.

  • Support performance of assessments via interviews in addition to identification and gathering of evidentiary artifacts.
  • Perform Security Control Assessments for applications to ensure thy get ATO.
  • Test Security Controls of Major and Minor applications/systems in accordance with NIST SP 800-53 Rev4.
  • Review and evaluate Assessment and Authorization (A&A) artifacts in submission documentation.
  • Assess System Security Plan (SSP), document findings, and make recommendations.
  • Lead kick- off meetings and assist System Owners, Security Staff and other Stakeholders in understanding Assessment and Authorization documentation and reporting requirements.
  • Review A&A templates and deliverables created to ensure completeness and accuracy for both cloud and traditional systems.
  • Prepare system documentation for assessments in accordance with Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53); identify deficiencies and provide recommendations for solutions.
  • Advise and assist with lifecycle A&A process and develop SAR and POA&Ms for authorization to operate (ATO).
  • Evaluate controls at all stages of information systems development lifecycle (SDLC).
05/2016 to 05/2018
Information Security Analyst (ISSO) Highmark Inc. Leechburg, PA,

Performed security audits on information systems. Conducted vulnerability Assessment analysis using ACAS and DISA STIG’s implementation across multiple platforms.

  • Managed plan of action and milestone (POA&M) and vulnerability trackers to ensure timely remediation.
  • Monitored and tracked remediation process in eMASS and XACTA tool.
  • Developed and updated system documentation for information systems authorization, security management and continuous monitoring.
  • Administered and monitor assigned system's implementation of Risk Management Framework (RMF) steps and activities through system life cycle using Enterprise Mission Assurance Support Service (eMASS).
  • Updated Security documents, policy and procedure, contingency planning (CP), Contingency Plan Test (CPT), POA&M and SSP.
  • Conducted weekly meetings to discuss ongoing Plan of Actions and Milestones (POA&Ms) status, risks and control implementation status on assigned information system.
03/2015 to 05/2016
Risk & Compliance Analyst Iqvia Holdings Inc Belville, NC,

Reviewed vendor performances related to Service Level Agreements (SLAs) and Key Performance Indicators (KPIs) and verified inclusion of these terms in contracts related to SaaS cloud and other business critical deployments that involved PII, PHI, and other mission critical suppliers.

  • Designed and conducted walk-throughs, formulated test results and developed remediation plans for each area of testing.
  • Conducted audit follow-up to evaluate whether risks was sufficiently addressed
  • Reviewed and analyze SOC 2 Type II reports of third parties/vendors and Data Center
  • Assisted and liaise with business owners for artifacts in SOX testing of General Computer Controls.
  • Assisted in developing Business Continuity Plan and relationship with outsourced vendors.
  • Communicated audit progress, findings, results, and recommendations to stakeholders
  • Participated in evidence gathering, developed test plans, test procedures, documented test results and exceptions with IT team.
  • Engaged in Regulatory Security Risk Assessments, audits, and updated related regulations and industry best practices.
  • Reviewed ISO 27001 standards with client to identify potential gaps in required documentation and processed
  • Promoted enterprise-level risk management practices and helped instill strong culture focused on protective policies and procedures.
05/2014 to 03/2015
Information Security Analyst, Junior Santander Bank City, STATE,

Assisted in the development, implementation, and maintenance of IT risk management framework.

  • Ensured established internal control procedures were in compliance by examining reports, records documentation and operating practices.
  • Ensured security awareness and training materials were reviewed and updated periodically.
  • Analyzed Nessus scans to identify vulnerabilities and documented weaknesses found.
  • Performed technical troubleshooting with enterprise environment including systems crashes.
  • Evaluated and managed remediation of system vulnerabilities.
  • Monitored, reviewed and responded to escalated system security alerts.
01/2013 to 05/2014
Project Coordinator FTS International Services City, STATE,

Supervised multiple projects from project start through delivery by prioritizing needs and delegating assignments.

  • Developed project plan, schedules and budget based on client’s requirements
  • Assisted project managers in preparation of Incident response plan (IRP
  • Organized, attended and participated in stakeholder meetings assisting Project and Portfolio Managers as requested.
  • Monitored and reported on progress of project milestones and deliverables as requested.
  • Decreased total downtime on various sites by 20%, which created opportunities for new projects and less incident.
  • Assisted in preparation of project costs and schedules estimates, and presentation materials, to support approvals.
  • Gathered requirements for ongoing projects and organized details for management use
  • Developed executive presentations and reports to facilitate project evaluation and process improvement

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • University of Phoenix
  • University of Ghana

Job Titles Held:

  • Security Control Assessor
  • Information Security Analyst (ISSO)
  • Risk & Compliance Analyst
  • Information Security Analyst, Junior
  • Project Coordinator


  • MBA
  • Bachelor of Arts

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: