Londale Legrand
New York,NY
Summary
I specialize in FISMA, FedRAMP, Third-Party Vendor Risk, and GRC, with expertise in managing third-party risks through HIPAA, PCI DSS, GDPR, ISO27001, CMMC, and RMF frameworks. Proficient in NIST 800 Series, I've strengthened security programs and advised senior executives on risk management and remediation. A dedicated team player, I bring unwavering commitment, quick learning, and multitasking skills for quality results.
Overview
6
6
years of professional experience
1
1
Certification
Work History
Security Assessor
Blue Cross Blue Shield
05.2019 - Current
- Tracked authorization expirations for over 30 systems, including General Support Systems (GSS) and Major Applications (MA), ensuring compliance
- Conducted and overviewed security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applications, and databases residing within the system boundary.
- Participated in 15+ kick-off meetings and client interviews to complete the Risk Assessment, Security Control Assessment, and Remediation Actions.
- Modified and updated 40+ authorization packages throughout the life cycle of the Major Applications and General Support Systems.
- Supported the Security Assessment and Authorization (SA&A), FISMA compliance, NIST requirements, and continuous monitoring for Security Controls.
- Performed assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.
- Maintains and manages Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, SAR, and other relevant security documentation for the system.
- Performed application controls testing related to data protection, logical access, programming, problem management, contingency planning and backup, data transmission, input, and output and processing controls.
- Performing ongoing continuous monitoring (ISCM) using NIST 800-137 Rev 1 as a guide.
- Adhering to the NIST Risk Management Framework (RMF) to support the A&A process, including analyzing the development of supporting policies, procedures, and plans, designing, and implementing security controls, testing, and validating security controls, and analyzing and tracking corrective action plans
Third Party Vendor Risk Manager
Bank Of America
06.2017 - 04.2019
- Participated in 20+ IT audits for clients within the financial, technology, and information security industry, including the development of risk and controls matrix and audit procedures, execution of testing, and communication of findings to key stakeholders.
- Conduct IT audit fieldwork and walk-through of controls; perform detailed testing, analysis of controls, validations, and creation of clear, accurate documentation of workflows in the IT process and report of test results and exceptions.
- Mobilized, executed, and reported on the audit of a subset of NIST SP 800-53 cybersecurity controls to include interviews, document review, and testing of systems to support compliance audit activities.
- Mobilized, executed, and reported on the audit of a subset of NIST SP 800-53 cybersecurity controls to include interviews, document review, and testing of systems to support compliance audit activities.
- Documented audit findings and developed thorough and creative recommendations for business and process owners to mitigate identified risks.
- Arranged audit plans and reported detailed results of audits; provided written recommendations to clients.
- Applied NIST Cyber Security Framework principles across audits, strengthening information security programs.
- Developed targeted cybersecurity awareness materials, enhancing end-user cyber hygiene
Education
Bachelor of Science - Computer Science
KNUST
Skills
- NIST Guidelines Publications
- Certification and Accreditation (C&A)
- Assessment and Authorization
- HIPAA & PRIVACY ACT training
- PCI DSS
- ISO 27001
- Network Vulnerability Assessment
- Nexpose
- Nessus Vulnerability
- IDS
- IPS
- Symantec Endpoint Protection
- Security Action Plans
- Splunk SIEM
- Requirements Traceability Matrix (RTM)
- Microsoft SharePoint
- Risk Management Framework
- Linux
- Microsoft Excel
- LAN
- WAN
- NIST SP 800-53
- SP 800-53A
- SP 800-37
- SERVICENOW
- Archer
- EMASS
Certification
- CISM - Certified Information System Manager
- CompTIA SECUIRTY+
Timeline
Security Assessor
Blue Cross Blue Shield
05.2019 - Current
Third Party Vendor Risk Manager
Bank Of America
06.2017 - 04.2019
Bachelor of Science - Computer Science
KNUST
Similar Profiles
SONIA OGANDOSONIA OGANDO
Enrollment Specialists at Anthem Blue Cross Blue Cross Blue ShieldEnrollment Specialists at Anthem Blue Cross Blue Cross Blue Shield
Crystal BrownCrystal Brown
Business System Analyst at Blue Cross Blue Cross Blue Shield of Tennessee (Facets Billing)Business System Analyst at Blue Cross Blue Cross Blue Shield of Tennessee (Facets Billing)
Christina FredericChristina Frederic
Medicare Appeals & Grievances Coordinator at Florida Blue - Blue Cross Blue Shield Of FloridaMedicare Appeals & Grievances Coordinator at Florida Blue - Blue Cross Blue Shield Of Florida
Abdo TaressaAbdo Taressa
Customer Service Representative at Florida Blue - Blue Cross Blue Shield Of FloridaCustomer Service Representative at Florida Blue - Blue Cross Blue Shield Of Florida
Norman Trotter IVNorman Trotter IV
Administrator, Participations and Special Projects at Warner Bros. Discovery: Finance, Contract, Reporting & Administration (FCRA)Administrator, Participations and Special Projects at Warner Bros. Discovery: Finance, Contract, Reporting & Administration (FCRA)