Information Security Analyst
Current• Assists in the development of assessment procedures. Creates Requirement Traceability Matrix for documentation of artifacts required to demonstrate control objectives. Reviews all policies for each control family.• Implements, manages, monitors and upgrades security measures for the protection of the organizations data, systems and networks.• Performs cybersecurity security assessments (FISMA/NIST 800, RMF, NIST, HIPAA), cybersecurity architectural review, cloud security assessments, vulnerability assessment, and penetration testing, and incident response to cyber-attacks.• Develops project schedules in coordination with all the relevant parties to conduct the full assessments or OSA (Ongoing assessments conducted quarterly) with relevant parties - pen test team, vulnerability scan team and the assessment team• Conducts kickoff meetings with all the stake holders, informs ISSO and ISO of the project, reviews the rules of engagement (ROE), addresses any relevant questions raised by the organization that hosts the system on how the assessment will be conducted.• Develops a security assessment plan (SAP) and the Evidence request list (ERL) of all the controls in scope during that quarter (OSA) or all the controls for a full ATO assessment. • Participates in client interviews to determine the Security posture of the System and to assist in the completion of the Security Assessment Plan using NIST SP 800-53A test required to maintain Company Authorization to Operate (ATO).• Documents all the findings, upon conclusion of assessment into security assessment report (SAR) Template.• Conducts out-brief meetings at the end of security control assessments and documents all the findings, upon conclusion of assessment into POA&M Template for injection in to CSAM.