Summary
Overview
Work History
Education
Skills
Certification
Section name
Timeline
Generic

Chaltu Amenu

Rockville,MD

Summary

Have 4+ years of extensive experience in IT Security analyst, Risk & Compliance. Have experience in understanding information system requirements, creating security plans, policies, standards, and procedures. Have knowledge in compliance frameworks such as NIST 800-53, HIPAA, ISO 27001, SOC, PCI DSS, HITRUST, SOX, GDPR and Fed RAMP. Proficient in the RMF process and experienced in POAM and vulnerability risk management, third-party risk management, and IT audit. Have excellent customer service experience, communication skills, interpersonal skills, problem-solving skills, and analytical research abilities, and a quick learner.

Overview

4
4
years of professional experience
1
1
Certification

Work History

Third Party Risk Analyst

Language Line Solution
06.2023 - Current
  • Identified required controls for review per vendor risk management policy.
  • Implemented risk-based review of current and prospective vendors, which includes, but not limited to, score card criteria development for automating assessments.
  • Developed assessment criteria for product security testing and analysis.
  • Monitor requests for vendor information via Third Party Risk Questionnaires and artifacts for assessing the security controls of the vendor organization.
  • Provided inputs into building new processes and assessment criteria for opensource software, critical vendors, and service providers.
  • Worked with business units to define and prioritize vendor assessment criteria and define requirements for managing business continuity and disaster recovery requirements.
  • Assisted company to comply with SOC2, ISO27000 series.
  • Performed other duties as assigned.

IT Security Specialist

Federal Credit Union
05.2021 - 05.2023
  • Participated in the development of system security policies and procedures.
  • Performed system registrations based on NIST 800-60 & FIPS 199 Conducted control risk assessments and implementation.
  • Conducted vulnerability scans and penetration testing.
  • Conducted vendor risk solutions and analysis based on NIST800-53, PCI DSS, HIPAA and ISO27001 requirements.
  • Developed and implemented incident response plans.
  • Provided technical support to remediate security incidents.
  • Contributed to the development and implementation of security policies and procedures.
  • Monitored security events and alerts to identify potential security incidents.
  • Conducted investigations and analysis of security incidents to determine the scope and impact.
  • Working with internal auditors for security assessments.
  • Created documentation such as POA&M, SSP.
  • Trained internal staff in security best practice.
  • Performed security monitoring, report preparation and presented to manage.

Education

Bachelor's Degree - Computer Network and Cyber security

University of Maryland Global Campus
01.2020

Skills

  • Compliance: NIST 800-53, ISO27001, SOC, HIPAA
  • RMF process
  • POA&M management
  • Tools: Tenable, Venminder
  • Disaster recovery plan
  • MS office (word, Excel, power
  • Contingency plan point, Team, one note) & Google
  • Vulnerability scan suites
  • User management

Certification

  • CompTIA Security+
  • Certified Information Systems Auditor (CISA) - in progress

Section name

  • Security clearance level : Public trust and US citizens

Timeline

Third Party Risk Analyst

Language Line Solution
06.2023 - Current

IT Security Specialist

Federal Credit Union
05.2021 - 05.2023

Bachelor's Degree - Computer Network and Cyber security

University of Maryland Global Campus

Similar Profiles

CREATE PROFILE
Chaltu Amenu