SEARCH

Security Control Assessor (SCA) Resume Example

Resume Score: 80%

Love this resume?Build Your Own Now
LM
SECURITY CONTROL ASSESSOR (SCA)
https://www.linkedin.com/in/mbahls07/
Professional Summary

Multi-talented IT professional with over 7 years of experience developing and implementing security solutions in fast-paced environments. Skilled in Security and privacy Control Assessment with proven history of delivering exceptional risk management support. Self- motivated and deadline-oriented with a track record of on-time deliverables. Clear understanding of the SDLC, with outstanding experience in the RMF process. Skilled in assembling authorization package using documents like NIST 800 series, FIPS 199 and FIPS 200, FedRAMP, OMB, FISMA and industry best standard. US citizen, and currently seeking for new opportunities.

Skills
  • Microsoft office suite (Word, Excel and PowerPoint)
  • NIST Standards
  • ISO 27001/PCI DSS/HIPAA/FISMA/FIPS
  • Vendor Risk/Third Party security Risk Management.
  • Plan of Actions and Milestones (POA&M)
Work History
01/2017 to CurrentSecurity Control Assessor (SCA)LawTech | Hyattsville, MD
  • Schedule kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.
  • Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide.
  • Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A Rev 4 Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination and testing.
  • Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.
  • Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool.
  • (CSAM) Request scans and later review the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.
12/2015 to 11/2016Cyber Security Analyst (ISSO)Capital Care Inc | Hyattsville, MD
  • Implemented the Risk Management Framework (RMF) in accordance with NIST SP 800-37.
  • Reviewed security categorization of systems using FIPS 199 & NIST SP 800-60 Updated technical, operational and management control families and controls with guidance from NIST 800-53 Rev 4 and FIPS 200.
  • Reviewed and updated the System Security Plan implementation statements of the respective applicable control to assigned systems as need arises using NIST 800-18.
  • Independently put together a variety of Security Authorization deliverables including; System Security Plans, Security Assessments Reports, Risk Assessment Plans and POA&M.
  • Created and updated Authorization to Operate (ATO) packages Drafted, finalized, and submitted Privacy Threshold Assessments (PTAs), Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs) for annual review and recertification.
  • Continuously monitored security controls effectiveness using NIST SP 800-137 as a guide.
02/2013 to 11/2015Vendor Risk AnalystCis & H LLC | Hyattsville, MD
  • Maintained, tracked and reported on third party risks to the appropriate stakeholders.
  • Conducted periodic audits/assessment for potential and existing suppliers through questionnaires, site visits, and review of other documentation including assessment reports (ex.Soc 2) to identify control gaps and risks.
  • Acted as remediation analyst to work with vendors in remediating findings discovered during the onsite/virtual assessment.
  • Performed Vendor risk assessments to identify emerging key risks and reassess current risks.
  • Assessed completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls.
  • Communicated vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
  • Validated evidence from vendors before remediation plans are closed.
  • Planned and executed onsite security/risk assessments for third party vendors.
  • Ensured all risk controls were documented in a Vendor Risk Scorecard in accordance with Third Party Risk Management (TPRM) Policy and the Risk Assessment Matrix.
  • Assessed outsourced products/services for Risks and Criticality.
01/2012 to 12/2012Scrum MasterErie Insurance Group | Rockville, MD
  • Communicated team plans, reported impediments for escalation and identified risks/concerns to relevant stakeholders to help resolve.
  • Owned the scrum lifecycle which included managing progress blockers, removing impediments, communicating progress to plans and coaching teams to correctly apply agile development principles.
  • Coached PO/team on backlog refinement and prioritization Supported the Product Owner through applying effective techniques for managing their product backlog, maintaining focus on delivering features while maintaining high quality.
  • Collaborated with the Product Owner and team members to develop user stories and maintain a healthy product backlog.
  • Organized and facilitated scrum ceremonies like daily stand up meetings, sprint reviews, sprint retrospectives, sprint planning, and other meetings.
  • Tracked and communicated team velocity and sprint/release progress within the agreed reporting framework.
  • Effectively utilized burn-down and burn-up charts to track project's progress Coached the scrum team in understanding the concept and values of the Scrum framework.
Education
2019Master of Science | Information Technology-Information AssuranceUniversity of Maryland, Adelphi, Maryland
2008Bachelor of Science | Computer Science University of Buea, Cameroon
Certifications
  • Certified Scrum Master (CSM)
  • CompTIA Security+ in progress
  • ISC2 CAP in progress
Build Your Own Now

Resume Overview

Companies Worked For:

  • LawTech
  • Capital Care Inc
  • Cis & H LLC
  • Erie Insurance Group

School Attended

  • University of Maryland
  • University of Buea

Job Titles Held:

  • Security Control Assessor (SCA)
  • Cyber Security Analyst (ISSO)
  • Vendor Risk Analyst
  • Scrum Master

Degrees

  • 2019 Master of Science | Information Technology-Information Assurance
    2008 Bachelor of Science | Computer Science

Similar Resumes

View All
Security-Control-Assessor-resume-sample

Security Control Assessor

Huntington Ingalls Industries

Wilmington, Ohio

Posted 75 days ago