Security Control Assessor Resume

SUMMARY

Accomplished individual that is secret cleared and certified with over a 5 year professional track record of successfully assessing security risks and coordinating and implementing remediation efforts.

TECHNICAL SKILLS

PROFESSIONAL EXPERIENCE

Confidential

Security Control Assessor

Responsibilities:

Work as part of a team to perform System Certifications, Annual Assessments, and Continuous Monitoring Assessments.
Reviewed technical, operational and management controls and conducted RMF per the NIST 800 - 53, NIST 800-37 requirements.
Conduct security assessment on assigned systems to ensure FISMA compliance following NIST SP 800 publications especially NIST 800-53a and Federal Information Processing Standards (FIPS).
Evaluate security controls on information system platforms.
Worked with a team of security assessors and security officers to assess security controls and put ATO package together.
Coordinate with project lead to plan time, prioritize tasks, and use assigned resources.
Conduct Annual assessments of systems on compliance with organizational policy.
Evaluate and review System Security Plans (SSP), Contingency Disaster Recovery Plans (CDRP), Risk Assessment Reports (RAR), Security Assessment Reports (SAR) and Executive Summaries.
Requested scans and later reviewed scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations. .

Confidential

Security Control Assessor

Responsibilities:

Worked as part of a team that assessed systems following the NIST Risk Management Framework (RMF).
Collaborate with the SOC engineers & Pen tester to request the scanning of systems using tools like Nessus and Web Inspect.
Analyze results from vulnerability scanning tools such as Nessus.
Familiarity with NIST Special Publications
Knowledge of federal risk management practices and security controls implementation processes, to include FISMA and the NIST Risk Management Framework.
Assisted with POA&M creation and closure, to remediate vulnerabilities across systems.
Methodical approach to gathering security documentation needed to validate security control requirements during an assessment.
Ability to follow and comply with existing processes and procedures, and propose updates.
Work with minimal supervision, set priorities, and give attention to detail and quality.
Demonstrates strong organizational and time management skills with the ability to multitask and work as a member of a team as well as individually.
Performed security categorization, using FIPS 199 as guide.

Confidential

Junior Security control Assessor

Responsibilities:

Provide weekly Briefs to senior management on security posture, highlighting high/ critical vulnerabilities, and remediation snapshots, and compliant security controls.
Conducted FISMA-based security risk assessments.
Actively coordinate with various teams to plan and implement security controls that meet program objectives based on NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.
Understanding and experience with NIST Risk Management Framework ( RMF) process.
Perform Information Systems Security Audits and Certification and Accreditation (C&A) Test Team efforts.
Generate, review and update System Security Plans (SSP) against NIST 800-18 and NIST 800-53 requirements.
Assisted in the assessment of existing policies in procedures against compliance requirements.
Review Technical Security Controls and provided implementation responses as too if/how the Systems are currently meeting the requirements.
Provide continuous monitoring support for control systems in accordance to FISMA guidelines.
Communicated effectively through written and verbal means to co-workers, subordinates and senior leadership.

Confidential

Cyber security analyst

Responsibilities:

Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)
Assist System Owners and ISSO in preparing assessment and accreditation package for company's IT systems, to ensure that management, operational and technical security controls adhere to a well - established security requirement authorized by NIST SP 800-53.
Perform Vulnerability Assessment to ensure risks are assessed, evaluated and proper actions are taken to limit their impact on the Information Systems
Performed engineering activities, including collaborating with system engineers to identify security controls.
Develop and Conduct Security Test and Evaluation (ST&E) per NIST SP 800-53A.
Ensured that awareness and training materials are reviewed periodically and updated when necessary.
Documented assessment findings in a Security Assessment Report (SAR) and produced a plan of action and milestones (POA&M) for all controls having weaknesses or deficiencies.
Developed the audit plan and performed the General Computer Controls testing of Information Security.