Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Chantel Wims

Frederick,MD

Summary

Experienced Security Control Assessor specializing in comprehensive assessments of management, operational, and technical security controls. Strong knowledge of federal regulations such as FISMA and NIST standards. Proven ability in critical thinking, problem-solving, and effective communication. Track record includes enhancing security postures for various organizations through meticulous assessments and tailored recommendations.

Overview

18
18
years of professional experience
1
1
Certification

Work History

Security Control Assessor

United Healthcare Group
Washington , DC
02.2015 - Current
  • Conducted interviews with system owners to determine the type of information stored on their systems, access privileges, and other related information.
  • Performed security control assessments of information systems and networks to ensure compliance with relevant security policies, standards, and procedures.
  • Assessed third-party vendors' compliance with applicable regulatory requirements and industry best practices.
  • Collaborated with stakeholders to ensure that all changes adhere to established security policies and procedures.
  • Perform risk analysis and evaluations to identify potential vulnerabilities that could impact the confidentiality, integrity, and vulnerability of Protected Health Information (PHI).
  • Review and validate implemented security controls against HIPAA standards, focusing on access control, encryption, audit logging, and incident response.

Security Control Assessor

WomanTech IT Consulting Group
Washington, DC
04.2010 - 02.2015
  • Assessed third-party vendors' compliance with applicable regulatory requirements and industry best practices.
  • Conducted periodic reviews of security controls to ensure continued effectiveness over time.
  • Set project scopes, delegated assignments to team members, and oversaw the successful execution of security control assessments, ensuring deliverables were met on time and adhered to regulatory compliance.
  • Planned and executed step 4 of the RMF using NIST SP 800-53A Rev 4/5 and NIST SP 800-30.
  • Developed SAPs, SARs, and entered test cases into a requirements traceability matrix.
  • Reviewed assessment and authorization packages (CP, IRP, SSP, SAR).
  • Reviewed vulnerability scan reports and liaised with stakeholders to discuss identified threats and best assessment practices.

Cybersecurity Analyst

Frederick Memorial
Frederick , MD
03.2007 - 04.2010
  • Devised Plan of Actions and Milestones (POA&M) for addressing vulnerabilities and non-compliant security controls, enhancing system security.
  • Conducted vulnerability scans using automated tools to detect any weaknesses in the system.
  • Assessed information systems using GRC Tool and NIST SP 800-37, providing authorizations.
  • Tested controls using NIST SP 800-53A, Rev 4, and supported vulnerability scans and remediations.
  • Organized and facilitated table exercises, and reviewed and updated policies to reflect regulatory requirements.
  • Performed privacy impact analysis on systems handling PII.
  • Facilitated and led kick-off meetings, and participated in 30+ assessments.

Education

High School Diploma -

Governor Thomas Johnson
Frederick, MD
06-2005

Skills

  • Risk assessment expertise
  • Vulnerability Analysis
  • Compliance auditing
  • Vulnerability Assessment
  • Intrusion Detection
  • Incident Response
  • Cybersecurity frameworks
  • Governance, Risk, & Compliance
  • GRC Tools
  • FISMA documentation
  • Tenable Nessus
  • Active Directory
  • ServiceNow
  • Xacta 360

Certification

CompTia Security +

Timeline

Security Control Assessor

United Healthcare Group
02.2015 - Current

Security Control Assessor

WomanTech IT Consulting Group
04.2010 - 02.2015

Cybersecurity Analyst

Frederick Memorial
03.2007 - 04.2010

High School Diploma -

Governor Thomas Johnson

Similar Profiles

CREATE PROFILE
Chantel Wims