Security Control Assessor

• Aug 2020 - Present

● Conduct IT risk assessment to identify AWS system threats, vulnerabilities, and generate reports per the customer responsibility matrix (CRM)● Maintain, review and update information security system documentations and review FedRAMP packages; including System Security Plan (SSP), Plan of Action & Milestone (POA&M), Risk Assessment (RA), Contingency Planning, Incident Response Plan and Table Top Exercises (TTE).● Apply appropriate information security control for Federal Information System based on NIST SP 800-53 Rev4 and FIPS 200● Complete Security Assessment Plan (SAP) to facilitate the assessment of security and privacy controls and develop security assessment report (SAR)● Support A&A activities (Categorize, Selection, Implement, Assessment, Authorize, Monitor) using NIST SP 800-37 Rev 1● Perform comprehensive Security Control Assessment (SCA) of management, operational and technical controls● Privacy controls and prepare Security Assessment Report (SAR) detailing the failed and passed controls● Create, update and review System Security Plan, Contingency Plan, FIPS 199, Incident Response Reports from eSOC team via Splunk tool and other system security documents as part of continuous monitoring● Ensure customers are in compliance with security policies and procedures following NIST, FISMA and OMB standards● Participates in assembling ATO package consisting of the SSP, SAR and POA&M and submit to the ISO● Perform security documentation review of systems to ensure quality control of A&A documents and validation process● Assist in developing Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA) to make sure system PII are well documented● Conduct Security controls assessment using NIST 800-53A as a guide and using examine, interview and testing as assessment motives● Ensure cyber security policies are adhered to and that required controls are implemented.● Review raw scans and create monthly Server Compliance Reports