security control assessor sca resume example with 10+ years of experience

Jessica Claire
  • , , 609 Johnson Ave., 49204, Tulsa, OK 100 Montgomery St. 10th Floor
  • H: (555) 432-1000
  • C:
  • Date of Birth:
  • India:
  • :
  • single:
  • :
Websites, Portfolios, Profiles
Professional Summary

Multi-talented IT professional with over 7 years of experience developing and implementing security solutions in fast-paced environments. Skilled in Security and privacy Control Assessment with proven history of delivering exceptional risk management support. Self- motivated and deadline-oriented with a track record of on-time deliverables. Clear understanding of the SDLC, with outstanding experience in the RMF process. Skilled in assembling authorization package using documents like NIST 800 series, FIPS 199 and FIPS 200, FedRAMP, OMB, FISMA and industry best standard. US citizen, and currently seeking for new opportunities.

  • Microsoft office suite (Word, Excel and PowerPoint)
  • NIST Standards
  • Vendor Risk/Third Party security Risk Management.
  • Plan of Actions and Milestones (POA&M)
Work History
Security Control Assessor (SCA), 01/2017 - Current
Caci International Inc. Newark, NJ,
  • Schedule kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.
  • Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide.
  • Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A Rev 4 Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination and testing.
  • Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.
  • Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool.
  • (CSAM) Request scans and later review the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.
Cyber Security Analyst (ISSO), 12/2015 - 11/2016
Midfirst Bank Stillwater, OK,
  • Implemented the Risk Management Framework (RMF) in accordance with NIST SP 800-37.
  • Reviewed security categorization of systems using FIPS 199 & NIST SP 800-60 Updated technical, operational and management control families and controls with guidance from NIST 800-53 Rev 4 and FIPS 200.
  • Reviewed and updated the System Security Plan implementation statements of the respective applicable control to assigned systems as need arises using NIST 800-18.
  • Independently put together a variety of Security Authorization deliverables including; System Security Plans, Security Assessments Reports, Risk Assessment Plans and POA&M.
  • Created and updated Authorization to Operate (ATO) packages Drafted, finalized, and submitted Privacy Threshold Assessments (PTAs), Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs) for annual review and recertification.
  • Continuously monitored security controls effectiveness using NIST SP 800-137 as a guide.
Vendor Risk Analyst, 02/2013 - 11/2015
Passionhr Arnold Afb, TN,
  • Maintained, tracked and reported on third party risks to the appropriate stakeholders.
  • Conducted periodic audits/assessment for potential and existing suppliers through questionnaires, site visits, and review of other documentation including assessment reports (ex.Soc 2) to identify control gaps and risks.
  • Acted as remediation analyst to work with vendors in remediating findings discovered during the onsite/virtual assessment.
  • Performed Vendor risk assessments to identify emerging key risks and reassess current risks.
  • Assessed completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls.
  • Communicated vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
  • Validated evidence from vendors before remediation plans are closed.
  • Planned and executed onsite security/risk assessments for third party vendors.
  • Ensured all risk controls were documented in a Vendor Risk Scorecard in accordance with Third Party Risk Management (TPRM) Policy and the Risk Assessment Matrix.
  • Assessed outsourced products/services for Risks and Criticality.
Scrum Master, 01/2012 - 12/2012
Erie Insurance Group City, STATE,
  • Communicated team plans, reported impediments for escalation and identified risks/concerns to relevant stakeholders to help resolve.
  • Owned the scrum lifecycle which included managing progress blockers, removing impediments, communicating progress to plans and coaching teams to correctly apply agile development principles.
  • Coached PO/team on backlog refinement and prioritization Supported the Product Owner through applying effective techniques for managing their product backlog, maintaining focus on delivering features while maintaining high quality.
  • Collaborated with the Product Owner and team members to develop user stories and maintain a healthy product backlog.
  • Organized and facilitated scrum ceremonies like daily stand up meetings, sprint reviews, sprint retrospectives, sprint planning, and other meetings.
  • Tracked and communicated team velocity and sprint/release progress within the agreed reporting framework.
  • Effectively utilized burn-down and burn-up charts to track project's progress Coached the scrum team in understanding the concept and values of the Scrum framework.
Master of Science: Information Technology-Information Assurance, Expected in 2019
University of Maryland - Adelphi, Maryland
Status -
Bachelor of Science: Computer Science , Expected in 2008
University of Buea - Cameroon,
Status -
  • Certified Scrum Master (CSM)
  • CompTIA Security+ in progress
  • ISC2 CAP in progress

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • University of Maryland
  • University of Buea

Job Titles Held:

  • Security Control Assessor (SCA)
  • Cyber Security Analyst (ISSO)
  • Vendor Risk Analyst
  • Scrum Master


  • Master of Science
  • Bachelor of Science

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: