Experience

Serigor Inc
• security control assessor


Wells Vargo Bank

• Security Analyst

  • Nov 2015 - Nov 2018

  • Ensure proper system categorization using NIST 800-60 and FIPS 199; implement appropriate security controls for information system based on NIST 800-53 rev 4 and FIPS 200. • Conduct security assessment interviews to determine the Security posture of the System and to • Perform kick Off Meetings • Apply appropriate information security control for Federal Information system based on NIST 800-37 Rev1. • Facilitate Security Control Assessment (SCA) and monitor activities. Develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company Authorization to Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization. • Reviewing, maintaining, and ensuring all assessment and authorization (A&A) documentation is included in the system security package. • Perform information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements. • Work with system owners to develop, test, and train on contingency plans and incident response plans. • Tests, assess, and document security control effectiveness. Collect evidence, interview personnel, and examine records to evaluate effectiveness of controls. • Review and update remediation on plan of action and milestones (POA&Ms), in organization’s IACS. Work with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M. Show less