Information Security Analyst Resume Towson, MD - Hire IT People

SUMMARY:

To join a team as a long - term Information Compliance Analyst or Information Security Analyst within Cybersecurity. Clearable US Citizen. Willing to Relocate.
An adequate understanding of information security standards and regulations such as OMB requirements, NIST Publications, PCI/DSS and ISO 27001
In-depth knowledge of Risk Management Framework (RMF), Risk Assessment and Security Assessment and Authorization process (SA&A)
Ability to address multiple assignments simultaneously with the strong ability to prioritize tasks
Experience in the development of ATO Package Documents such as System Security Plans (SSP), SAR, POAM, and security documents such as Contingency Plans, Incident Response Plans, PIA, and Configuration Management
Proficient in the dental practice’s policies and procedures required under HIPPA Privacy, Security, and Breach Notification. As a Registered Dental Hygienist knowledgeable on the cyber-related threats facing a modern dental office; practice the essential steps to safeguard the office and patient data found in a modern dental computer network.

PROFESSIONAL EXPERIENCE:

Information Security Analyst

Confidential - Towson, MD

Host and facilitate kick-off meetings and presentations with system stakeholders/clients on the operational security posture for the system in their purview and on security-related policies in accordance with their requirements and compliant with FISMA.
Utilize Risk Management Framework (NIST ) to advise system stakeholders on Authorization to Operate (ATO) packages for their information systems such as SSPs, SARs, POA&Ms.
Employ NIST SP and FIPS 199 to categorize information and information systems to Low, Moderate or High in order to determine the potential adverse impact for each security objective (CIA).
Create and review security artifacts such as Contingency plans (CP), Contingency Plan Test (CPT), Configuration Management (CM), Privacy Impact Assessment (PIA), Incident Response (IR) per NIST 800 standards
Support stakeholders on the process of obtaining and maintaining Authorization to Operate (ATO) and the required security documentation including audits.
Monitor controls and/or remediation plans post authorization to ensure continuous compliance with the security requirements by regularly reviewing the Nessus scan results and collaborate with the IT team for mitigation actions.
Successful team player with the ability to get along with others in a leader and non-leader role

Information Security Intern

Confidential - Baltimore, MD

Project leader of the multi-language Information Security Awareness Training Program collaborating with members of to ensure a successful, technically sound project was completed on time and on budget.
Defined and provided regular and accurate management reporting on information assurance, security monitoring, and incident management, utilizing case management and ticketing technologies with ServiceNow.
Reviewed audit/activity logs for systems violations, and maintained POAM items
Developed employee training materials for mobile device management software which increased unified endpoint management across all devices within the corporation.
Generated, reviewed and updated SSP against NIST SP and NIST requirements
Successful experience working with diverse, cross-functional, cross-departmental projects and technologies
Working knowledge of Cloud-Based Management Solution, Microsoft Intune, and Mobile Device Management (MDM)
Contribute to the development of the business continuity management plan