Grc Analyst
CurrentMar 1, 2021 – PresentSummaryI have 3 years of experience as a Cybersecurity Analyst. I amKnowledgeable in Risk Management Framework (RMF), System Securitysafeguards with adherence to FISMA and NIST Special Publications.Proficient in risk assessment and management, vulnerabilitiesmanagement, System development life cycle (SDLC).Perform risk analysis for supporting customer requirements.• Assess information systems for compliance with the NIST RMF and theassociated security controls.• Review current security assessment, authorization processes, policiesand SOPs, and provide recommendations for improvement.• Conduct Security Impact Analysis as per NIST guidance.• Support the Security Assessment & Authorization team byimplementing appropriate methods to evaluate risk levels associated withimproperly implemented security controls, characterizing aggregate levelsof risk to include recommendations to fix, mitigate, or accept the risk.• Conduct system security categorizations, security control assessments,risk assessments, and provide recommendations to enhance the securityposture of the information system.• Draft agency specific security control assessment (SCA) guidance,procedures, and templates to allow thorough and accurate controlassessments, risk analysis, and final documentation in the SecurityAssessment Report (SAR).• Analyze Interconnection Security Agreements for compliance to NIST800-47.• Develop Security Risk Assessment Reports (SRA, RAR).• Provide support by providing guidance on control requirements andagency implementation.• Assist with migrating system data contained within the System SecurityDocument, Information System Contingency Plan, Service ControlPolicies) into the comprehensive enterprise risk assessment andmanagement solutions Xacta.