Profiles search
Relindis Ndisah
Information Security Analyst with over 5 years of IT experience currently working with CareerTech Consulting supporting NARA.
College Park, MD, United States
Details
Experience:
• Preform continues monitoring on MS Azure cloud systems by remediating all vulnerability and closing all open POA&Ms
• Perform and manage A&A tasks in support of maintaining client security requirements, using NIST 800-53 V4 as a guide when preforming the implementation process for controls
• Review and update inventory list for software and hardware
• Review new user requests forms and user agreement forms and provide awareness and training for users needing access to systems
• Maintain, review and update documentations such as System Security Plan (SSP), and Standard Operating Procedures (SOP)
• Participate in weekly meetings to provide updates on tasks completed such as new user requests, awareness training, software requests and inventory review and validations
• Generate, review and update System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements, as well as Plan of Action and Milestone (POA&M) and Authorization letter/memorandum (ATO)
• Identified Security Controls and Construct a Compliance Matrix for tracking
• Implemented information security requirements for IT Systems through the System Development Life Cycle (NIST 800-64) from requirement definition phased through disposition
• Reviewed Clients’ processes relating to Vulnerability Mitigation, Training on A & A Tools
• Work with a team of Information System Owners, Developers and System Engineers, to select and implement tailored security controls in safeguarding system information
• Drafted, finalized, and submitted Privacy Threshold Assessments (PTA)s, Privacy Impact Analyses (PIA)s, E-Authentication Assessments, System of Records Notices (SORN)s
• Support A&A activities (Categorize, Selection, Implement, Assessment, Authorize, Monitor) according to the A&A project plan.
• Apply appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53, FIPS 199, FIPS 200, and NIST SP 800-53A R4
2016 : Present
CareerTech Consulting
Information Security Analyst
• Participated in scheduling kick off meetings to help identify assessment scope, system boundary, information system’s category and attain artifacts needed in conducting assessment
• Discussed preassessment procedures with team members and notated findings and relevant questions
• Conducted Security Risk Assessment (NIST 800-30) and documented Key Controls
• Performed comprehensive security control assessment using assessment method such as, interviewing, examination and testing
• Participated in weekly meetings to discuss the status of the assessment process
• Documented and populated findings in the requirement traceability matrix based on NIST SP 800-53A
• Documented findings to be presented in Security Assessment Report (SAR) and provided recommendations for failed controls
• Conducted risk assessment to determine the likelihood and impact of controls that failed
• Review System Security Plan (SSP), Contingency Plans (CP), Contingency Plan Test (CPT), per NIST SP 800 guidelines for various government agencies.
• Assess security controls and develop Security Assessment Report (SARs)
2014 : 2016
CareeTech Consulting
Security Control Assessor
• Perform and manage A&A tasks in support of maintaining client security requirements, using NIST 800-53 V4 as a guide when preforming the implementation process for controls
• Review and update inventory list for software and hardware
• Review new user requests forms and user agreement forms and provide awareness and training for users needing access to systems
• Maintain, review and update documentations such as System Security Plan (SSP), and Standard Operating Procedures (SOP)
• Participate in weekly meetings to provide updates on tasks completed such as new user requests, awareness training, software requests and inventory review and validations
• Generate, review and update System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements, as well as Plan of Action and Milestone (POA&M) and Authorization letter/memorandum (ATO)
• Identified Security Controls and Construct a Compliance Matrix for tracking
• Implemented information security requirements for IT Systems through the System Development Life Cycle (NIST 800-64) from requirement definition phased through disposition
• Reviewed Clients’ processes relating to Vulnerability Mitigation, Training on A & A Tools
• Work with a team of Information System Owners, Developers and System Engineers, to select and implement tailored security controls in safeguarding system information
• Drafted, finalized, and submitted Privacy Threshold Assessments (PTA)s, Privacy Impact Analyses (PIA)s, E-Authentication Assessments, System of Records Notices (SORN)s
• Support A&A activities (Categorize, Selection, Implement, Assessment, Authorize, Monitor) according to the A&A project plan.
• Apply appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53, FIPS 199, FIPS 200, and NIST SP 800-53A R4
2016 : Present
CareerTech Consulting
Information Security Analyst
• Participated in scheduling kick off meetings to help identify assessment scope, system boundary, information system’s category and attain artifacts needed in conducting assessment
• Discussed preassessment procedures with team members and notated findings and relevant questions
• Conducted Security Risk Assessment (NIST 800-30) and documented Key Controls
• Performed comprehensive security control assessment using assessment method such as, interviewing, examination and testing
• Participated in weekly meetings to discuss the status of the assessment process
• Documented and populated findings in the requirement traceability matrix based on NIST SP 800-53A
• Documented findings to be presented in Security Assessment Report (SAR) and provided recommendations for failed controls
• Conducted risk assessment to determine the likelihood and impact of controls that failed
• Review System Security Plan (SSP), Contingency Plans (CP), Contingency Plan Test (CPT), per NIST SP 800 guidelines for various government agencies.
• Assess security controls and develop Security Assessment Report (SARs)
2014 : 2016
CareeTech Consulting
Security Control Assessor
Company:
CareerTech Consulting
About
Certified IT security professional with 5 years’ experience, capable of adjusting quickly to new technologies, environments, procedures and I get the job done in a timely manner. Experience working with business clients and stakeholders in a challenging environment. Dynamic, pay attention to detail and possess the ability to interact well at all levels. Excellent skills and experience in reviewing and implementing internal control procedures to ensure efficiency and mitigate risks.
Profile Photo
