Summary
Overview
Work History
Education
Skills
Certification
Citizenship
Timeline
Hi, I’m

Ruth Fianoo-Vidza

Cybersecurity Analyst
Cockeysville,Maryland

Summary

An innovative Cyber Security Assurance Analyst with a master’s degree in cyber security technology and proven expertise in FISMA Compliance and vulnerability management. I have over seven years of experience in Information System Security with focus on Risk Management Framework (RMF) NIST 800-37, Assessment and Authorization, vulnerability management and operational policy and procedures. Experience in all phases of preparing and reviewing complete assessment and authorization (A&A) packages for information systems and applications as defined by the Federal Information Security Modernization Act (FISMA 2002). Demonstrated ability to work in fast-paced environments, manage competing priorities, and collaborate effectively with cross-functional teams. Adept at communicating technical concepts to non-technical stakeholders and providing guidance on security best practices. Committed to ensuring the confidentiality, integrity, and availability of organizational assets through continuous monitoring and proactive security measures.

Overview

7
years of professional experience
3
Certifications

Work History

Maryland Department of Health

Information System Security Officer
09.2021 - Current

Job overview

  • Support the team task with the review of security artifacts, assessment reports, and memos for proper implementation and compliance with applicable regulatory requirements, policies and standards
  • Support leadership to identify capability gaps in vulnerability management services by analyzing Plans of Action and Milestones (POA&Ms) associated with the facility or system
  • Conduct analysis and aggregation of Security Control and POA&M evidence from various sources
  • Maintain knowledge of current RMF security trends and be able to clearly communicate them to the client
  • Analyze vulnerability assessment data to identify technical risks to the organization
  • Assist client in identification and reduction of findings at a site and enterprise level
  • Assess the Cyber security risk of IT systems documenting them in formal risk assessments and supporting artifacts associated with the Assessment & Authorization (A&A) process
  • Work with team members to interview, examine, and test client systems to determine compliance with security control descriptions, applicable policies and standards as well as develop security assessment reports and other related deliverables according to established schedules.

Richcroft Inc

Information System Security Officer
07.2019 - 09.2021

Job overview

  • Ensured security policies, procedures; recommendations comply with FISMA, NIST, Organizational guidelines and technical best practices
  • Analyzed and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)
  • Assisted System Owners and ISSO in preparing assessment and authorization (A&A) package for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53, NIST SP 800-171
  • Collaborated with ISSOs of other FISMA systems to ensure continued compliance with security control inheritance conditions
  • Utilized Tenable Nessus Network Security and WebInspect vulnerability scanners to identify system vulnerabilities and assist SO and team to mitigate findings for threat reduction
  • Developed and maintained Continuous-monitoring programs for the CSP solutions in line with organization ISCM policies, FISMA and FedRAMP requirements
  • Represented the organization at the FedRAMP PMO meetings on Risk Assessment Report (RAR)and agency authorization process including Kick-off meetings
  • Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
  • Familiar to vulnerability scanning and GRC/IA tools (Nessus and CSAM)
  • Documented test results, develops and recommends corrective actions, and develops and documents residual risk and risk assessment statements
  • Provided support to the Security Director for maintaining appropriate operation information assurance (IA) posture for the program.

RisGroup LLC

IT Risk & Compliance Consultant
06.2018 - 07.2019

Job overview

  • Facilitated interaction and communication between Information Systems, Internal Audit, and external auditors
  • Provided employee training on risk and compliance related topics, policies, or procedures
  • Provided assistance to internal or external auditors in risk and compliance reviews
  • Keep informed regarding pending industry changes, trends, and best practices and assess the potential impact of these changes on organizational processes
  • Verified that all firm and regulatory policies and procedures have been documented, implemented, and communicated
  • Prepared and reviewed documentation, including risk assessment reports, certification and accreditation (C&A) packages, and plan of actions and milestones (POA&M)
  • Reviewed systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades
  • Supported RisGroup system accreditation and Ongoing Assessment and Ongoing Authorization processes and activities to ensure the implementation of NIST SP 800-53 security controls
  • Participated in ongoing meetings for systems undergoing the ATO (Authorization to Operate) process and the continuous monitoring of systems with full ATO
  • Provided management and Ongoing Authorization (OA) Compliance Support to include Risk Management Framework (RMF) and FISMA compliance, Security Release management, Security Authorization and OA, and DHS policy Directives and Cyber Orders
  • Supported the Risk Management and Compliance Lead by providing support to maintain ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions
  • Recommend improvements on the security risk posture through new SOPs, tools, or methods
  • Maintained, track and report risk, including creation and management of relevant metrics, across the enterprise.

Arc of Baltimore

Information Assurance Analyst
01.2017 - 06.2018

Job overview

  • Conducted kick off meetings to collect systems information (information type, boundary, inventory, etc.) and categorized systems based on NIST SP 800-60
  • Conducted security control assessments to assess the adequacy of management, operational privacy, and technical security controls implemented
  • Security Assessment Reports (SAR) were developed detailing the results of the assessment along with Plan of Action and Milestones (POA&M)
  • Developed system security plans to provide an overview of federal information system security requirements and described the controls in place or to meet those requirements
  • Created and updated the following Security Assessment and Authorization (SA&A) artifacts; FIPS 199, Security Test and Evaluations (ST&Es), Risk assessments (RAs), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, Contingency Plan, Plan of Action, and Milestones (POAMs)
  • Prepared Security Assessment and Authorization (SA&A) packages to ascertain that management, operational and technical security controls adhere to NIST SP 800-53 standards
  • Performed vulnerability assessment, making sure risks are assessed and proper actions taken to mitigate them.

Education

University of Maryland Global Campus UMGC

Master Of Science - Cybersecurity Technology

Morgan State University

Bachelor of Science

Community College of Baltimore County

Associate in arts/General studies

Skills

Cyber Securityundefined

Certification

CompTIA Security+

Citizenship

US Citizen

Timeline

Information System Security Officer

Maryland Department of Health
09.2021 - Current

Information System Security Officer

Richcroft Inc
07.2019 - 09.2021

IT Risk & Compliance Consultant

RisGroup LLC
06.2018 - 07.2019

Information Assurance Analyst

Arc of Baltimore
01.2017 - 06.2018

University of Maryland Global Campus UMGC

Master Of Science - Cybersecurity Technology
5 2023

Morgan State University

Bachelor of Science
5 2014

Community College of Baltimore County

Associate in arts/General studies
5 2010

Similar Profiles

CREATE PROFILE
Ruth Fianoo-VidzaCybersecurity Analyst