Dorcas A. Johnson
Information Security Analyst.
Apex,NC
Summary
Objectives Desire for an information technology compliance position in an organization in critical need to secure its operations, processes, and assets. Summary Qualifications Ability to perform privacy, technical, operational and management security control assessments and reviews. Ability to conduct security tests and evaluations (ST&Es) guided by NIST SP 800-53A. Ability to create and update Security Assessment and Authorization (SA&A) documentation in line with company, industry, and national standards. Ability to generate residual risk reports to update the PAO&M. Adequate knowledge of COSO, COBIT, ISO, SSAE 16, PCI-DSS and HIPAA frameworks. Have excellent analytical skills Have excellent inter-personal skills Have effective written and verbal communication skills.
Overview
8
8
years of post-secondary education
5
5
years of professional experience
Work History
Information Security Analyst
Evergreen Information Security & Technology LLC
10.2015 - Current
- Help guide System Owners and ISSOs through the Certification and Accreditation (C&A) process, ensuring that management; operational and technical controls for securing either sensitive Security Systems or IT Systems are in place and are followed according to federal guidelines (NIST 800-53).
- This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.
- Additional responsibilities include assurance of vulnerability mitigation, training on C&A tools, supporting System Test and Evaluation (ST&E) efforts and other support to the IT Security Office.
- Conducted Federal Risk and authorization Management Program (FedRAMP) which provides a standardized approach to security assessment, authorization and continues monitoring for clouds products and services.
- Conducted Privacy Threshold Analysis (PTA), and Privacy Impact Analysis (PIA) by working closely with the Information System Security Officers (ISSOs), the System Owner, the Information Owners and the Privacy Act Officer.
- Conducted a security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented.
- A Security Assessment Report (SAR) was developed detailing the results of the assessment along with plan of action and milestones (POA&M).
- Advised organizations in the development of Information Security Continuous Monitoring Strategy to help in maintaining an ongoing awareness of information security (Ensure continued effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions.
- Developed an E-Authentication report to provide technical guidance in the implementation of electronic authentication (e-authentication).
- Developed a risk assessment report.
- This report identified threats and vulnerabilities applicable to target systems.
- In addition, it also evaluates the likelihood that vulnerability can be exploited, assesses the impact associated with these threats and vulnerabilities, and identified the overall risk level.
Education
Associate of Applied Science - undefined
Chattahoochee Technical College
01.2014 - 01.2018
Diploma - undefined
Woodstock High School
01.2009 - 01.2013
Skills
Risk assessmentundefined
Timeline
Information Security Analyst
Evergreen Information Security & Technology LLC
10.2015 - Current
Associate of Applied Science - undefined
Chattahoochee Technical College
01.2014 - 01.2018
Diploma - undefined
Woodstock High School
01.2009 - 01.2013
Similar Profiles
OREOAGNEY REDCROSSOREOAGNEY REDCROSS
Corporate Safety Director at Scorpion Security Solutions LLC/ StratAir Logistics/ Evergreen EnterprisesCorporate Safety Director at Scorpion Security Solutions LLC/ StratAir Logistics/ Evergreen Enterprises
EVA MENSAHEVA MENSAH
Intern at Information Security and Technology Assurance Division(ISTAD), UITS-KNUSTIntern at Information Security and Technology Assurance Division(ISTAD), UITS-KNUST
Hossain MohammadHossain Mohammad
CCTV & Network Technician at Last Vision for Security Systems and Information TechnologyCCTV & Network Technician at Last Vision for Security Systems and Information Technology