SUMMARY

• Knowledge of the entire RMF process and its compliance using NIST publications and standards, also the FedRAMP framework and Cloud services like SaaS, PaaS, and IaaS.
• Compliance, Policy and Procedure scripting and cross - referencing using ERM/COSO/COBIT procedures as well as ISO 27001:2013 standards
• Experienced in system classification and categorization using the RMF processes to ensure system CIA. This ensures compliant security control selections and implementation for continuous system protection.
• Skilled in FIPS 199 based information security Risk Management Frameworks (RMFs) relating to regulatory and incident response and remediation actions. Some of these RMFs have been in the Federal Information Systems Management Act (FISMA), and the Health Information Technology for Economic and Clinical Health Act/Health Insurance Portability and Accountability Act (HITECH/HIPAA) sectors.
• Specialized in FISMA and the CIA of information and NIST SP based information systems compliance standards with external auditing all my years of experience.
• Specialized in areas of Information Technology (IT) such as Network Security, Cyber security, Information Assurance (IA), Security Assessment & Authorization (SA&A), Risk Management, System Monitoring, Regulatory Compliance, Physical and Environmental Security, Project Management, Incident Response, and Disaster Recovery.
• Over four (4) years of IT experience with special expertise in FISMA compliance, Security Training, developing security policies, procedures and guidelines.
• Skilled in analytical and organizational skills as well as familiarity with a wide variety of applications, database, operating systems and network devices.
• Strong verbal and written communication skills.
• Efficient, responsible and accountable, with demonstrated knowledge in information security artifacts.
• Fast learner and highly adaptive with ability to multi-task whilst working with little or no supervision.
• Great report writing skills for risk assessment recommendation documents such as SSP, RAR, SAP, ST&E, PTA, PIA, and POA&M.

TECHNICAL SKILLS

• Windows
• LAN/WAN
• LDAP
• Wireless Network
• Remedy
• IPS/IDS
• Cisco Routers
• Eye Retina Scan
• SAINT
• IBM App Scan
• Tenable Security Center
• Microsoft Word
• Excel
• Project
• Access
• Power Point
• Publisher
• Visio
• SharePoint.

PROFESSIONAL EXPERIENCE

IT Security Auditor

Confidential

Responsibilities:

• Conducted a kick off meeting in order to categorize systems according to NIST requirements of Low, Moderate or High system
• Developed a security baseline controls and test plan that was used to assess implemented security controls using NIST SP
• Conduct follow up meetings to assist information system owners to close/remediate POA&M items
• Develop System Security Plans (SSP) to provide an overview of system security
• An expert in vulnerability management tools such as Linux, IBM Apscan, McAfee, IDS/IPS, scanning analysis, select controls and implement process to mitigate vulnerabilities and threats
• Have in depth knowledge in ethical hacking technologies
• Conducted a security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented.
• A Security Assessment Report (SAR) was developed detailing the results of the assessment along with plan of action and milestones (POA&M)
• Assist System Owners and ISSO in preparing certification and Accreditation package for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP
• Assisted in the development of rules of engagement documentation in order to facilitate the scanning of network, applications and databases for vulnerabilities
• Developed a risk assessment report. This report identified threats and vulnerabilities applicable to systems. In addition, it also evaluates the likelihood that vulnerability can be exploited, assesses the impact associated with these threats and vulnerabilities, and identified the overall risk level
• Design and Conduct walkthroughs, formulate test plans, test results and develop remediation plans for each area of the testing

Confidential

Cyber Security Analyst

Responsibilities:

• Adheres to all HIPPA, privacy and security policies and practices.Report violations and incidents observe and cooperate in investigations as requested by management.
• Led in the development of Privacy Threshold Analysis (PTA), and Privacy Impact Analysis (PIA) by working closely with the Information System Security Officers (ISSOs), the System Owner, the Information Owners and the Privacy Act Officer
• Developed an E-Authentication report to provide technical guidance in the implementation of controls
• Acts as a lead for Information Security assessments and recommends appropriate and cost effective controls to address identified security-related risks
• Support internal incident response activities, assisting with the mitigation and remediation processes while documenting lessons learned
• Prepares, disseminates, and monitors internal records procedures, as directed.
• Ensures the security of confidential records and compliance with all rules and regulations, organizational policies, and procedures
• Conducted walkthroughs, formulated test plans, documented gaps, test results, and exceptions; and developed remediation plans for each area of testing-
• Conducted periodic risk assessments and business impact analysis, reviewed controls implemented and designed Contingency Plans(CP) or Disaster Recovery plans(DR)
• Performed quarterly account reviews against active employee list and review permissions and privileged account
• Performed bi annual security policy reviews to make sure all information are current with the laws, directives and regulation.

Confidential

Data Security Analyst

Responsibilities:

• Acting as the main system data security analyst for a new project to ensure compliance with NIST Standards.
• Conducting the RMF process to categorize system, select and implement appropriate controls for system security against Confidentiality, Integrity and Availability (CIA).
• Using System/Network scans and other vulnerability tools, and generating reports as part of risk assessment process to identify system vulnerabilities, threats, and associated impacts in order to effect proper controls and ensure system security.
• Assist system programmer in designing data governance procedures for system
• Engaging data sharing partners in data field definition and efficient system security discussions.