Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Jeniva Malual

Laurel,MD

Summary

Experienced and proficient in Security Assessment & Authorization (SA&A), Risk Management, System Monitoring, Developing and Reviewing Security Assessment Report and artifacts, as well as IT Security Policies, Procedures and Guidelines PCI/DSS, CMMC, FISMA, NIST Cybersecurity Framework (CSF, FedRAMP, ISO 27001, DHS 4300, NIST 800 Series, publications compliance working knowledge.

Overview

15
15
years of professional experience
1
1
Certification

Work History

FedRAMP Team Lead

MindPoint Group
08.2023 - Current
  • Conduct security assessments and audits to identify and mitigate risks.
  • Develop and maintain security documentation, including system security plans (SSPs) and security assessment reports (SARs).
  • Coordinate with various departments to implement security controls and ensure compliance with FedRAMP requirements.
  • Assist in the preparation of compliance reports and documentation for external audits.
  • Provide security training and awareness programs to staff members.
  • Provide security consulting services to clients seeking FedRAMP compliance.
  • Lead a team of security professionals in achieving and maintaining FedRAMP compliance for cloud services.
  • Develop and implement security policies and procedures to ensure compliance with federal regulations.
  • Conduct risk assessments and manage mitigation strategies to address identified vulnerabilities.
  • Collaborate with cross-functional teams, including engineering, operations, and legal, to ensure comprehensive security coverage.
  • Prepare and present compliance reports to senior management and stakeholders.
  • Coordinate with external auditors and third-party assessors for security assessments and audits.
  • Stay updated with the latest FedRAMP requirements and industry best practices to ensure continuous compliance.
  • Conduct gap analyses and develop remediation plans to address compliance deficiencies.
  • Assist clients in developing and implementing security policies and procedures.
  • Conduct security assessments and provide recommendations for improving security posture.
  • Collaborate with clients' IT and security teams to ensure successful implementation of security controls.

Sr. Cybersecurity Specialist

FEDITC LLC
09.2021 - 08.2023
  • Supported in identifying cybersecurity deficiencies in information systems by performing technical assessments of assigned systems and applications to determine the severity of weaknesses.
  • Assisted in the Security Authorization (SA) and Continuous Monitoring (CM) process, following the Risk Management Framework (RMF) guidelines.
  • Documented assessment results using compliance tools such as IACS, CSAM, etc., presenting findings and recommended mitigations in a standard report format.
  • Developed and maintained an overall Security Assessment Schedule to forecast system assignments for contractor and stakeholder staff.
  • Created testing artifacts, including technical assessment plans, Rules of Engagement (ROE), Security Requirements Traceability Matrix (SRTM), and Security Assessment Reports.
  • Updated and maintained testing templates and Standard Operating Procedures (SOP) in alignment with DHS guidelines.
  • Prepared Assessment Guides, including FAQs and Training Materials, to assist stakeholders in preparing for assessments.
  • Conducted or reviewed vulnerability scans, device configurations, and system architecture reviews using tools like Nessus, WebInspect.
  • Provided advisement and recommendations to the Government regarding assessment and security best practices.
  • Arranged for physical access to systems, if applicable, in coordination with System Owners and facility managers.
  • Conducted Assessment Kick-off meetings and check point reviews to ensure compliance and address stakeholder concerns.
  • Executed assessments by reviewing system security documentation, vulnerability scan results, audit logs, and additional materials provided by system stakeholders.
  • Documented assessment results in the draft and Final Security Assessment Reports (SAR), including testing criteria, methods, findings, and recommended mitigations.
  • Ensured compliance with Security Technical Implementation Guides (STIG) by validating required security controls, conducting regular system scans, and addressing identified vulnerabilities to maintain the highest security standards.

Information Systems Analyst

Perspecta Inc.
12.2019 - 12.2021
  • Conducted security assessment interviews to determine the security posture of the system using NIST and CSF framework.
  • Reviewed artifacts for assigned systems such as MOU, ISA, DRP, BIA, and ISA.
  • Reviewed scanner reports to check vulnerabilities, compliance with hardening guides, and accountability for installed software, ports, protocols, and services.
  • Completed audit papers by thoroughly documenting audit tests and findings.
  • Reviewed and updated remediation on plan of action and milestones (POA&Ms).
  • Observed documentation, cyber security operations, and asked questions to gain a better understanding of the operational environment.
  • Ensured hardware and software assets connected to the DHS network were approved on the technical reference model.
  • Prepared working papers, reports, and supporting documentation for audit findings.
  • Reviewed, analyzed, and coordinated remediation of vulnerabilities.
  • Recommended corrective actions and reviewed remediation actions for effectiveness.
  • Ensured compliance with NIST 800-53 and FedRAMP security control frameworks within the organization.
  • Governed internal FedRAMP control activities, ensuring that management, technical, and operational controls were executed flawlessly.
  • Served as an internal subject matter expert on compliance control scope, design, and interpretation, providing guidance to internal teams.
  • Prepared for annual assessments, Significant Change Requests, and customer-requested audits.

IT Security Analyst

Paragon System Inc
10.2017 - 12.2019
  • Ensured proper system categorization using FIPS 199 and NIST 800-60 volume 2; implemented appropriate security controls for information systems based on NIST 800-53 rev 4 and FIPS 200.
  • Drafted and updated security documents such as FIPS 199, System Security Plan (SSP), Contingency Plan (CP), Contingency Plan Testing (CPT), E-Authentication, Incident Response Plan (IRP), Incident Response Plan Testing (IRPT), Privacy Threshold Assessment (PTA), Privacy Impact Assessment (PIA), and Disaster Recovery Plan (DRP).
  • Worked with system owners to develop and review System Security Plans (SSP).
  • Tested, assessed, and documented security control effectiveness.
  • Collected evidence, interviewed personnel, and examined records to evaluate the effectiveness of controls.
  • Worked with system administrators to resolve POA&Ms, gathered artifacts, and created mitigation memos, residual risk memos, and corrective action plans to assist in the closure of POA&Ms.
  • Conducted security assessment interviews to determine the security posture of systems and developed Security Assessment Reports (SAR) in completion of the Security control assessment questionnaire using NIST SP 800-53A, required to maintain Company Authorization To Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.
  • Reviewed, maintained, and ensured all assessment and authorization (A&A) documentation was included in the system security package.
  • Performed information security risk assessments and assisted with the internal auditing of information security processes.
  • Assessed threats, risks, and vulnerabilities from emerging security issues and identified mitigation requirements.
  • Ensured vulnerabilities and risks were efficiently mitigated in accordance with the organization's continuous monitoring plan.
  • Collaborated with ISSO colleagues on the planning and implementation of enhancements to the system's risk management processes.

Information Systems Security Analyst

MVM Inc
06.2011 - 10.2017
  • Prepared and submitted security assessment plan (SAP) to CISO for approval.
  • Reviewed, developed and update security artifacts for assigned system such as: MOU, ISA, DRP, BIA, ISA
  • Provided support in the design and implementation of automation for manual procedures, the development of baseline security configurations, standards, and policy in accordance with industry best standards.
  • Developed and updated security plan (SSP), security assessment report (SAR), and plan of action and milestone (POA&M)
  • Monitored controls post authorization to ensure continuous compliance with security requirements.
  • Created reports detailing identified vulnerabilities and the steps taken to remediate them.
  • Participated in other governance team initiatives, to include development of comprehensive security awareness program, and audit response activities.
  • Implemented company policies, compliance standards (FISMA, NIST 800-18, 53, 53A, 53 Rev4, 30, 37, 60, and 137), and risk and business management into the RMF for information systems.
  • Performed continuous monitoring of security control effectiveness.

Entry-Level Linux System Admin

Timeless Solutions Inc
05.2009 - 06.2011
  • Administered user accounts and passwords.
  • Resolved software and hardware issues.
  • Maintained local area networks.
  • Configured and implemented network interfaces.
  • Mount & unmount shared folders and directories.
  • Used vi EDITOR to edit configuration files.
  • Managed system processes and scheduled processes with the cron utility
  • Experience with Internet technologies including TCP/IP and HTTP, password configurations, process monitoring, boot up and shutdown procedures

Education

Bachelor of Arts -

Ahfad University

Skills

  • Experienced working with NIST 800 series
  • Risk Management Framework
  • Excellent Communication skills
  • Excellent problem-solving abilities
  • Excellent work ethic
  • Analytical skills
  • Experienced with vulnerability Scanning tools such as NESSUS, WebInspect
  • Coaching and Mentoring

Certification

CISSP, CISM, CEH, ScrumMaster, Security+, Linux+

Timeline

FedRAMP Team Lead

MindPoint Group
08.2023 - Current

Sr. Cybersecurity Specialist

FEDITC LLC
09.2021 - 08.2023

Information Systems Analyst

Perspecta Inc.
12.2019 - 12.2021

IT Security Analyst

Paragon System Inc
10.2017 - 12.2019

Information Systems Security Analyst

MVM Inc
06.2011 - 10.2017

Entry-Level Linux System Admin

Timeless Solutions Inc
05.2009 - 06.2011

Bachelor of Arts -

Ahfad University

Similar Profiles

  • Elikem Duse

    Elikem DuseElikem Duse

    Security Control Assessor at MindPoint GroupSecurity Control Assessor at MindPoint Group

  • BRIAN FEWLASS

    BRIAN FEWLASSBRIAN FEWLASS

    Team Lead - Sr. Cybersecurity Engineer at MindPoint GroupTeam Lead - Sr. Cybersecurity Engineer at MindPoint Group

  • Joshua Brink

    Joshua BrinkJoshua Brink

    Lead Insider Threat Analyst at MindPoint Group / Department of JusticeLead Insider Threat Analyst at MindPoint Group / Department of Justice

  • Beth Anne Thompson

    Beth Anne ThompsonBeth Anne Thompson

    Administrative Sales Clerk at Braxton Grant TechnologyAdministrative Sales Clerk at Braxton Grant Technology

  • Peter Kinjo

    Peter KinjoPeter Kinjo

    Large Machine Operator at William T. Burnett & Co IncLarge Machine Operator at William T. Burnett & Co Inc

CREATE PROFILE
Jeniva Malual