Profiles search
Ruchi Gupta
VMware Cloud Services
Reston, VA, United States
Details
Experience:
Support VMware’s business units as a security compliance project lead in obtaining and maintaining security and compliance certifications for various VMware products.
Conduct Gap analysis, boundary scoping, review existing technical security documentation, provide security compliance guidance, create FedRAMP Significant Change Request (SCR) documentation and represent BUs throughout their federal security/compliance audit process.
2020 : Present
VMware
Information Security Consultant
Provide Assessment support to Cloud Service Providers (CSPs). Conduct FedRAMP and FISMA assessments for CSPs. Review Information Security documentation that includes System Security Plan, Information System Policies, and Procedures, Configuration Management Plan, Contingency Plan, Incidence Response Plan and other ancillary documents and artifacts to assess adherence to FedRAMP guidelines and compliance. Conduct technical interviews and on-site manual testing for NIST 800-53A Information System security controls. Create Security Requirement Traceability Matrix based on artifacts and information gathered during testing. Create Security Assessment Plan (SAP) and Security Assessment Report (SAR). Conducted assessments for AT&T, Accenture Federal, NetComm, RedRiver, Amazon Web Services, SAP NS2, Granicus/ Gov Delivery, Microsoft O365, Oracle, GDIT.
2016 : 2020
Coalfire
Senior Consultant, FedRAMP Assessment Services
Provide Advisory support and guidance to create FedRAMP and FISMA compliant security documentation for Cloud Service Providers (CSPs). Conduct GAP analysis for CSPs to assess their existing Information Security documentation and provide a plan of action to attain FedRAMP, FISMA Accreditation. Provide support to create System Security Plan, Information System Policies, and Procedures, Configuration Management Plan, Contingency Plan, Incidence Response Plan, Privacy Impact Analysis.
2016 : 2020
Veris Group, LLC (now Coalfire Systems)
Information Security Analyst, Cyber Risk Advisory
Worked with the Information Security Team to develop security documentation for FedRAMP C&A / A&A package. Wrote control implementation statements adhering to NIST 800-53 guidelines with inputs from System Engineers. Worked in coordination with Systems Administrators to identify and close FedRAMP Plan of Action and Milestones (POAMs). NIST 800-137, CA-7, RA-5. Created deviation requests and business cases for open POAM items based on monthly Nessus scan results. Tracked POAMs to completion and followed through the daily, weekly, monthly, quarterly and annual Continous Monitoring tasks. Supported ISSO to create SDLC based on NIST 800-64 guidelines. Conducted meetings with Security Engineers and stakeholders for SDLC gate reviews, created Visio diagrams for SDLC phases and system security architecture. Conducted internal audits to identify resource availability and allocation. Tracked and maintained SSL certificates. Collected artifacts for different security controls for the preparation of system and security audits.
2013 : 2016
Datapipe
Operations Analyst
2009 : 2011
Northern Virginia Family Service
HR Analyst
Conduct Gap analysis, boundary scoping, review existing technical security documentation, provide security compliance guidance, create FedRAMP Significant Change Request (SCR) documentation and represent BUs throughout their federal security/compliance audit process.
2020 : Present
VMware
Information Security Consultant
Provide Assessment support to Cloud Service Providers (CSPs). Conduct FedRAMP and FISMA assessments for CSPs. Review Information Security documentation that includes System Security Plan, Information System Policies, and Procedures, Configuration Management Plan, Contingency Plan, Incidence Response Plan and other ancillary documents and artifacts to assess adherence to FedRAMP guidelines and compliance. Conduct technical interviews and on-site manual testing for NIST 800-53A Information System security controls. Create Security Requirement Traceability Matrix based on artifacts and information gathered during testing. Create Security Assessment Plan (SAP) and Security Assessment Report (SAR). Conducted assessments for AT&T, Accenture Federal, NetComm, RedRiver, Amazon Web Services, SAP NS2, Granicus/ Gov Delivery, Microsoft O365, Oracle, GDIT.
2016 : 2020
Coalfire
Senior Consultant, FedRAMP Assessment Services
Provide Advisory support and guidance to create FedRAMP and FISMA compliant security documentation for Cloud Service Providers (CSPs). Conduct GAP analysis for CSPs to assess their existing Information Security documentation and provide a plan of action to attain FedRAMP, FISMA Accreditation. Provide support to create System Security Plan, Information System Policies, and Procedures, Configuration Management Plan, Contingency Plan, Incidence Response Plan, Privacy Impact Analysis.
2016 : 2020
Veris Group, LLC (now Coalfire Systems)
Information Security Analyst, Cyber Risk Advisory
Worked with the Information Security Team to develop security documentation for FedRAMP C&A / A&A package. Wrote control implementation statements adhering to NIST 800-53 guidelines with inputs from System Engineers. Worked in coordination with Systems Administrators to identify and close FedRAMP Plan of Action and Milestones (POAMs). NIST 800-137, CA-7, RA-5. Created deviation requests and business cases for open POAM items based on monthly Nessus scan results. Tracked POAMs to completion and followed through the daily, weekly, monthly, quarterly and annual Continous Monitoring tasks. Supported ISSO to create SDLC based on NIST 800-64 guidelines. Conducted meetings with Security Engineers and stakeholders for SDLC gate reviews, created Visio diagrams for SDLC phases and system security architecture. Conducted internal audits to identify resource availability and allocation. Tracked and maintained SSL certificates. Collected artifacts for different security controls for the preparation of system and security audits.
2013 : 2016
Datapipe
Operations Analyst
2009 : 2011
Northern Virginia Family Service
HR Analyst
Company:
VMware
About
Information Security professional with experience in Risk Management Framework and NIST Special Publication 800-53, 800-37, 800-39, 800-53A, 800-115 and FIPS 199, 200. Proficiant in requirements elicitation, analysis, and documentation for Information Security practices in cloud-based environments. A proven track record of supporting technical teams and meeting challenging business deadlines. Conduct FedRAMP and FISMA Assessments, provide advisory support to Cloud Service Providers.
Profile Photo
