Victoria Richards
Alexandria
Summary
Cyber Security Analyst with extensive experience at ManTech International in creating System Security Plans and overseeing POA&Ms. Proficient in IT Risk Management and Compliance Analysis, with a track record of strengthening security frameworks and facilitating stakeholder collaboration for successful ATO results. Effective communicator focused on risk mitigation and compliance assurance.
Overview
4
4
years of professional experience
1
1
Certification
Work History
Cyber Security Analyst
ManTech International
02.2023 - Current
- Collaborate with System Owners and ISSOs through Assessments and Authorizations process to ensure operational, management, and technical controls are in place and being followed according to the Federal Guidelines
- Develop and review/update System Security Plan (SSP), Risk Assessment Report (RAR), PTA/PIA, Configuration Management Plan, Contingency Plan/Test, POA&M, FIPS 199 and other documentations
- Participate in ATO briefing with the Authorizing Official
- Conduct annual self-assessment using NIST SP 800-53 and NIST SP 800-53A in support of continuous monitoring and create standard templates for required security assessment and authorization documents, including RAR, SSP, SAP and SAR, CP, and security authorization packages.
- Examine system documentation for accuracy and updated as necessary and develop and maintain ATO Packages for information systems to include SSP, Plan of Action and Milestones and Security Assessment Report (SAR) for Authorizing Official to make risk-based decision
- Liaise with system stakeholders to review and update supporting security artifacts such as CMP, CP, IRP and MOU/ISA and perform Contingency Plan Test and write After-Action report for systems under my purview
- Collaborate with stakeholders and Privacy Office to develop and review Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA) for compliance with applicable privacy policies and regulations.
- Manage and track POA&Ms and collaborate with technical team until POAM closure; or where required, put in a risk waiver or risk acceptance
- Generate monthly account audits using Splunk and review audit logs to ensure there is no malicious activity. Where one exists, a report is made to the System Owner for investigation
- Continuous monitoring reports submitted by the Vulnerability Management Group and collaborated with System Engineer as needed to address them and ensure all system users and people with security responsibilities receive their annual awareness training. Review and validate user access rights.
- Approve Privilege Access Request and Role-Based Access Request forms for system users. Ensure all system users sign the Rules of Behavior (ROB) before being granted access.
- Participate in the Change Request (CR) process (i.e., reviewing/approving change requests from system engineers before it goes to CCB and conducting impact analyses). Support Change Control Boards as required.
- Manage Security Assessment and Authorization efforts, ensuring compliance with Federal Guidelines such as NIST SP 800-37 Rev2, NIST 800-53A, NIST 800-64, and NIST 800-83 to achieve and maintain annual ATO and assist System Owner, Information Owner, and ISSM in recording, tracking, and remediating all known security weaknesses of assigned information systems in POA&Ms IAW enterprise policy and procedures.
- Create Risk Waivers or Risk Acceptance Memos to assist in the effective management of system risks and perform information type categorization and risk assessments to identify security system categorization for selecting the appropriate security controls to be applied to assigned systems.
- Develop System Security documentation, including FIPS-199 determination, e-Authentication, privacy threshold analysis (PTA), privacy impact assessment (PIA), system security plans (SSP), IA policies, Rules of Behavior, security test and evaluation (ST&E) plans, risk assessment plans and reports, business continuity plans, disaster recovery plans, incident response plans, contingency plan, contingency plan test report, plans of action and milestones (POA&M) development, exception and waiver letters development, annual security control self-assessment, and continuous monitoring activities.
- Assist in various security controls self-assessments (automated and manual) at different frequencies specific to a system and based on an established core control assessment schedule and provide results to include control gaps or weaknesses, risk level, cost-benefit analysis, and impact.
Security Control Assessor
Coalfire Federal, LLC
01.2022 - 02.2023
- As an Assessor, most projects were focused on RMF phase 4 (Assessing security controls).
- Effectively engaged in the assessment processing & preparing for assessment, conducting assessment, communicate assessment results, and maintaining the assessment.
- Coordinated, participated in and attended weekly forums for security advice and updates.
- Created Security Assessment Plan (SAP) to document assessment schedules, control families to be assessed, control tools and personnel, client's approval for assessment, assessment approach and scope, Rules of Engagement (ROE) if vulnerability scanning is involved.
- Used the implementation section of the System Security Plan (SSP) in addressing how each control was implemented (frequency of performing the controls, control types and status) as part of my interview answers during the Security Testing and Evaluation (ST&E) documentation.
- Determined assessment method (examining policies and procedures, interviewing personnel, and testing technical controls), using NIST SP 800-53A as a guide and created Risk Traceability Matrix (RTM) in which to document assessment result (pass/fail).
- Prepared Security Assessment Reports (SAR) in which all the weaknesses are reported, created Plans of Actions and Milestones (POA&Ms) to trace corrective action and resolve weaknesses and findings and set-up and participate in the Assessment Kick-Off meetings.
- Determined threat sources and applying security controls to reduce risk impact and used POA&M tracking tools like CSAM (Cyber Security Assessment and Management), Excel spread sheet to make sure the POA&M is not in delay status.
- Performed security control assessments of information systems and networks to ensure compliance with relevant security policies, standards, and procedures and conducted interviews with system owners to determine the type of information stored on their systems, access privileges, and other related information.
- Developed detailed reports outlining findings from security control assessments and provided recommendations for mitigating identified risks and analyzed system architectures for vulnerabilities and weaknesses to develop appropriate countermeasures.
Data Analyst Jnr. (Part Time)
RIS Group
06.2021 - 01.2022
- Managed client accounts providing status report on the deliverables as per contract agreement with the clients.
- Analyzed company data to keep track of the development and trends in the business growth.
- Constantly engaged with clients to ensure satisfactory performance of contract agreement.
- Authored standards operating procedure (SOP) for the Team to streamline processes and ensure standardization.
- Worked in conjunction with development team in preparation of data mapping reports and business reports.
Education
Bachelors - Communication
Alfred University
Alfred, NYSkills
- Privacy Threshold Analysis
- Privacy Impact Assessment
- IT Risk Management
- POA&M Management
- Configuration Management
- SSP Development
- Assessment Plan
- Assessment and Authorization
- Vulnerability Management
- Compliance Analysis
- CSAM Xacta
- Change Management
- Control Implementation
- Control Assessment
- ATO Package Preparation
- Cybersecurity Frameworks
- Tenable Nessus
- STIG Viewer
- Web Inspect
- DB Protect
- Nessus
- ServiceNow
- Remedy
- Splunk
Certification
CompTIA Security Plus (Sec+), Active
Technology Skills
- Web Inspect
- DB Protect
- Nessus
- ServiceNow
- Remedy
- Splunk
- ACAS
Personal Information
Citizenship: U.S. Citizen (Public Trust)
Timeline
Cyber Security Analyst
ManTech International
02.2023 - Current
Security Control Assessor
Coalfire Federal, LLC
01.2022 - 02.2023
Data Analyst Jnr. (Part Time)
RIS Group
06.2021 - 01.2022
Bachelors - Communication
Alfred University
Similar Profiles
Tiffani AlfordTiffani Alford
Information Systems Security Engineer at Mantech InternationalInformation Systems Security Engineer at Mantech International
Andrew FreamAndrew Fream
Operations Manager at ManTech InternationalOperations Manager at ManTech International
Remington WilliamsRemington Williams
Senior Intelligence Analyst at Mantech InternationalSenior Intelligence Analyst at Mantech International
Cory BlackstonCory Blackston
SENIOR PORTFOLIO MANAGER at Gates HudsonSENIOR PORTFOLIO MANAGER at Gates Hudson
Taher AbdellatiffTaher Abdellatiff
Sr. Executive Assistant at PenChecks TrustSr. Executive Assistant at PenChecks Trust