RASMATA BAMBARA

Providing system security support and documentation in the effort to meet FISMA requirements at the Centers for Medicare & Medicaid Services (CMS) for Cloud Applications.

• Experience with NIST 800 series special publications
• Evaluate, maintain, and communicate the risk posture of each FISMA system to executive leadership and make risk-based recommendations to the AO.
• Possess knowledge and experience in all areas of the RMF.
• Support the stakeholders in ensuring that all requirements specified by the ARS and the procedures and standards of the RMH are implemented and enforced; serve as an active participant in the system development life cycle (SDLC) / Technical Review Board (TRB); provide requirements; and recommend design tradeoffs considering security, functionality, and cost.
• Ensure information security and privacy testing is performed throughout the SDLC as appropriate and results are considered during the development phase of the SDLC.
• Monitor system security posture by reviewing all proposed information security and privacy artifacts to provide recommendations to the ISSO.
• Provide guidance to stakeholders on required actions, potential strategies, and best practices for closure of identified weaknesses.
• Determine the privacy impacts and manage information security and privacy risk
• Conducting daily research activities and reporting new changes
• Experience with reviewing Federal Risk and Authorization Management Program (FedRAMP) packages

Assessing security controls, while maintaining and providing security system documentation in the effort to meet FISMA requirements at the Nuclear Regulatory Commission (NRC).

• Experience with NIST 800 series special publications
• Developing and ensuring that the following deliverables are annually updated, including System Security Plan (SSP), Privacy Impact assessment (PIA), Privacy Threshold Analysis (PTA), Contingency Test Plan, Security Categorization Report (Sec Cat), Digital Authentication Risk Assessment (DARA), Plan of Action Milestones (POA&Ms), and Master Deviation Spreadsheet
• Developing policy and procedure documents, including Standard Operating Procedures (SOP), Configuration Management Plans (CMP), Templates, and Processes
• Developing pre-assessment packages, to include questionnaires and assessment instructional guides for system owners
• Conducting risk assessments for new system authorizations to identify and analyze agency’s control responsibilities
• Supporting the client in conducting Periodic System Cybersecurity Assessments (PSCAs) for continuous monitoring activities
• Creating deviations and assisting system owners with remediation evidence
• Conducting monthly status meetings to report to the Information System Security Officer (ISSO) and Chief Security Officer (CSO) on individual subsystem, POA&Ms, existing and new ATO conditions
• Tracking and weekly reporting of document delivery dates, annual due dates, Authority to Operate (ATO) statuses and conditions • Conducting daily research activities and reporting new changes
• Experience with reviewing Federal Risk and Authorization Management Program (FedRAMP) packages
• Reviewing and tracking of Memorandum of Understanding (MOU) interconnection agreements between internal offices and other government agencies
• Performing monthly cloud service provider (CSP) high findings and POA&M analysis
• Providing system security expertise to ISSO and system owners

• Performed Risk Management Framework using NIST 800 - 37 as a Confidential guide and FIPS 199 to categorize information systems
• Classified information Systems using RMF processes to ensure system Confidentiality, Integrity, and Availability
• Selected security controls using NIST 800-53 Rev 4 based on system security categorization.
• Reviewed Security Assessment Reports (SAR) in which all weaknesses are reported
• Managed Security Control Assessment schedules for client's systems to ensure systems remained compliant with Confidential and Continuous Monitoring requirements
• Initiated meetings with various System Owners and Information System Security Officers (ISSO), providing guidance on evidence needed for security controls and documenting findings of the assessment
• Monitored controls post-authorization to ensure continuous compliance with Confidential guidelines in Confidential 800-137 for security control continuous monitoring.
• Provided ISSO support and security guidance for IT systems, risk mitigation, and continuous monitoring activities.
• Reviewed findings with ISSO/stakeholders to address weaknesses and POA&Ms development, deviation requests, and remediation artifacts validation.
• Reviewed and interpreted Tenable Nessus Vulnerability and Compliance scans reports.

• Lead team of 7 employees achieve all areas of Small Business Lending including Merchant Services & Treasury management
• Ensure Financial Center achieves Customer Service goals by providing daily, weekly, & monthly coaching to staff
• Implement banking strategies, retail sales metrics and lead branches to meet/exceed branch target goals Increased 70% revenue by meeting client needs and expanding financial relationships
• Provide regular value-added engagement with clients including face-to-face meetings at client's preferred location, consistent communication, community events etc
• Refer opportunities to segment partners where appropriate (Investment, Lending, Small Business and Commercial Partners)
• Manage all roles on branch team to ensure all clients have positive in-branch experience
• Keep accurate log of events and occurrences based on security guidelines.