Anji Roseline
Bowie,MD
Summary
As a proactive and meticulous IT Security Professional, I am well respected for my proven expertise in evaluating technical solutions. Having a 10 years’ experience in information security, cybersecurity, and risk management. Adept at developing, implementing, and managing security policies, procedures, and protocols to safeguard information systems and data. Proven track record in conducting security audits, vulnerability assessments, and ensuring compliance with federal regulations such as FISMA, NIST, and HIPAA, SOC 2 Audits, ISO 27001, PCI-DSS, NIST 800-53rev5, NIST 800-37rev2, NIST 800-171, NIST CSF, HITRUST, NYFS, COBIT, FEDRAMP, GDPR compliance. Ability to lead and work collaboratively with cross-functional teams to enhance overall security posture. Proven ability to conduct privacy impact assessments, develop privacy policies, and manage privacy training programs. Adept at collaborating with cross-functional teams to safeguard sensitive information and enhance data protection measures. GRC tools (Zen GRC, CSAM, eMASS, Xacta360, ServiceNow, GRC Archer), JIRA, Confluence, Box.
Overview
9
9
years of professional experience
1
1
Certification
Work History
ISSO (Information System Security Officer)
Appian
03.2021 - Current
- Acts as the IT Security Point of Contact (ISSO) for designated systems
- Ensuring compliance with FISMA FEDRAMP, OMB, and agency policies
- Implements security measures throughout the entire SDLC, from initiation to conclusion
- Ensures that all systems are operated, maintained, and disposed of according to documented security policies and procedures, including Assessment & Authorization (A&A)
- Manages and oversees relationships for assigned systems that may be contractor-owned and operated, ensuring vendors adhere to agency security and privacy requirements
- Supports the development and upkeep of all ATO security documentations, including the SSP, IRP, DRP, ISCP, FIPS 199, CMP, PTA, PIA, SORN, and BIA etc
- Ensures all system stakeholders have completed their Security, Privacy and Role-based Trainings before granting access to systems
- Conduct SIA on changes submitted by system engineers and also attend change control board meetings with SO, ISSMs and board members
- Schedule and conduct tabletop/full function test on IRP, CP test on assigned systems
- Create, update POA&MS to track remediation of vulnerabilities identified from Scans and control assessments failures
- Conducts research on assigned IT security systems to offer insights into IT security architectures and recommendations
- Analyze SIEM system logs to triage and close security incidents identified from assigned systems
- Ensure Tenable Vulnerability scans, Database scans, Pen Testing and Code scans are conducted on systems and validate remediation efforts with system engineers while tracking in POA&Ms
- Ensures systems are patched and security-hardened at all levels of the stack using DISA STIGS, CIS BENCHMARKS
- Support both Cloud and on-premises systems to implement and maintain ATO
- Prepare systems for SCA by documenting control implementations, gathering evidences and uploading them into CSAM tool
- Perform continuous monitoring (CONMON) on assigned systems to maintain ATO.
ISSO (Information System Security Officer)
Opexus
05.2017 - 09.2020
- Develops and updates information systems security documentation, including the Security Plan, Contingency Plan, Contingency Plan Test, Business Impact Analysis, FIPS-199, E-Authentication, Privacy Threshold Analysis, and others
- Possesses knowledge of Rapid7, HP Fortify, DBProtect, and WebInspect vulnerability scanners
- Ensures systems are properly patched and hardened
- Coordinates the remediation of Plan of Action and Milestones (POA&M) findings with various groups
- Facilitates and supports the Ongoing Authorization Program
- Communicates technical information effectively to non-technical personnel
- Fulfills Information System Security Officer responsibilities, which include approving change requests, reviewing audit logs, reviewing system accounts, and analyzing vulnerability scans
- Develops waivers and exceptions for information system vulnerabilities
- Collaborates with clients to develop capabilities briefings and presentations
- Perform security impact analysis activities and report findings to the ISSM for all configuration management changes within the authorization boundaries
- Creating Defensive Cyberspace Operations and Incident Response Tactics, Techniques, and Procedures to continuously monitor and safeguard the system against cyber-attack
- Ensure assigned Cloud systems such as AWS and AZURE are in compliance with FedRamp/NIST requirements
- Collaborate with stakeholders to identify and address security vulnerabilities and implement security controls in alignment with NIST 800-53rev5
- Prepare, review, and submit all documentation related to the Authority to Operate (ATO) process, ensuring compliance with federal guidelines
- Maintain and update security artifacts to align with current system security policies
- Generate and distribute reports on ATO status and risk findings for CISOs, ISSOs, and other key security stakeholders
Privacy Analyst
BrightPath Associates LLC
10.2015 - 02.2017
- Generate timely, accurate, and comprehensive reports with corrective action recommendations and collaborate with key stakeholders to ensure implementation
- Regular execution of data protection Privacy Impact assessments (DPIAs) and privacy assessments for FISMA Systems to evaluate the impact on data privacy and propose necessary counter measures/migrations
- Develop and update all privacy policies and procedures such as Privacy policies, Data Protection policies, PTA/PIA SOP’s etc
- Ensure PTA, PIA and SORN are completed by all ISSO’s/SO to protect against security and privacy threats
- Regular execution of data protection impact assessments (DPIAs) and privacy assessments for marketed products and services delivered to evaluate the impact on data privacy and propose necessary mitigation
- Present complex technical or legal concepts to non-technical partners in order to promote the value proposition of integrating
- Manage privacy incident response process, including notifications to affected individuals and authorities, and work with affected departments on the remediation plan
- Collaborate cross-functionally with the relevant partners to support and ensure the integration of privacy by design into delivered services and the product development lifecycle
- Address privacy compliance gaps
- Advise on privacy-by-design principles during product development and innovation processes
- Participate in agile project teams to integrate privacy requirements into workflows
Education
Masters - Cybersecurity and information Assurance
Western Governors University
Salt Lake City, UT08-2024
Skills
- Incident and contingency Planning
- Analytical skills
- Risk Management Framework
- Plans of Action and Milestones (POA&M)
- Change Management
- Risk Assessment
- Vulnerability Management
- Patch Management
- Strong Policies and Procedures documentation
- NIST 800 Series
- Microsoft suite (Excel, Word, PowerPoint)
- Good Communication Skills
- SharePoint/shared drive
- Project Management
- Information Security and Privacy
- Excellent problem-solving skills
- Attention to detail
- Lead and work collaboratively
- Access control management
Certification
- CISM
- CRISC
- CompTIA Security +
- CompTIA CYSA
- CISA
- CEH
Clearance
U.S Citizen, Public Trust (Ongoing)
Timeline
ISSO (Information System Security Officer)
Appian
03.2021 - Current
ISSO (Information System Security Officer)
Opexus
05.2017 - 09.2020
Privacy Analyst
BrightPath Associates LLC
10.2015 - 02.2017
Masters - Cybersecurity and information Assurance
Western Governors University
Similar Profiles
Mónica AlarcónMónica Alarcón
Principal Consultant at AppianPrincipal Consultant at Appian
Anup AthavaleAnup Athavale
Senior Manager & Manager of Software Development at AppianSenior Manager & Manager of Software Development at Appian
Kui WangKui Wang
Senior Software Engineer Manager at AppianSenior Software Engineer Manager at Appian