Information Security Consultant| It Auditor
Current*An Information Security professional with diversified experience encompassing Compliance and Risk Management Framework (RMF), Information Security and Assurance, System Development Life Cycle (SDLC), Security Control Assessment, Vulnerability and POA&M Management using different industrial standard frameworks such as OMB, FISMA, FedRAMP, HIPAA, PCI DSS, FIPS 199/200 and NIST 800 SPs (18, 30, 37rev1, 53/53Arev4). * Created and reviewed security artifacts such as System Security Plans (SSP), Contingency Plans (CP), Incident Response Plans (IRP)/Testing, and Configuration Management Plans (CMP), Privacy Impact Assessments and SOPs* Able to develop and implement Technology Controls and Information Security related policies, programs and tools.* Experience documenting technical issues identified during security assessments and recommending improvements in the existing service support tools and "standard findings"* Familiar with network and information system security principles, technologies, and test practices as well as supporting security authorization activities.•Implement step-by-step guidance for client's high risk control to assist in remediating findings. Update risk score baselines to measure remediation over time and help prioritize client's cybersecurity projects• Support client in implementing a Data Loss Protection program• Assist in ensuring that vulnerabilities identified in client's IT security POA&M database are addressed promptly by working with system owners and managers• Assist with creating strategies to achieve cyber-related objectives including due dates, critical paths, and milestones to exceed project goals• Assess the information technology systems, security regulatory risk management and security vulnerabilities; using the NIST SP 800-series and FIPS• Conduct security control assessments and control test of design and operating effectiveness to ensure adherence to customer specific security policy, procedures and industry standards