Information Security Analyst
CurrentServed as an integral part of a cross-functional team to formulate, assess, and revise security plans based on NIST Special Publications 800-18. Collaborated closely with stakeholders and leadership to develop, implement, and uphold security policies and procedures. Monitored networks for potential threats and safeguarded systems and networks against cyber-attacks and unauthorized access. Guided and supported product leads and cybersecurity teams to secure and sustain Authority to Operate (ATO) packages by following RMF. Performed compliance control testing.• Created Plan of Action and Milestones (POA&M) document to address security-related vulnerabilities and deficiencies identified during security control assessments. • Conducted system categorization and classification using NIST SP 800-60 VOL 1 and FIPS 199 as a reference point, focusing on Confidentiality, Integrity, and Availability (CIA). • Compiled Security Assessment and Authorization (SA&A) packages to ensure management, operational, and technical security controls aligned with NIST SP 800-53 standards. • Effectively recorded and managed risks in compliance with SP 800-30 and SP 800-37 to assess threats, vulnerabilities, and security controls relative to information systems.• Monitored and enforced security policies, conducted risk assessments, and developed security plans to protect against potential threats.• Conducted regular security assessments and audits to ensure compliance with established cybersecurity policies and regulations.