Highly motivated, success - oriented, and dynamic IT Security and FISMA/ Information Systems Security and Compliance Analyst with over five years of progressive experience in System Development Life Circle (SDLC), and FedRAMP. Experienced in using FISMA and applicable Confidential SP 800 series of GSS (General Support Systems) and MA (Major Applications).
- Willing to learn new concepts
- Authentication and Access Control
- Excellent Problem-Solver
- Excellent Communication Skills
- Independent Decision Skills
- Risk Mitigation and Management Skills
- Documentation and IT Best Practices
- System Monitoring & Regulatory Compliance
- Ability to work under pressure
- Ability to Multi-Tasking and Meet Deadlines
Information Security Analyst
- Provide Assessment and Authorization (A&A) support and security guidance in all phases of the System Accreditation and Risk Management Framework processes
- Develop System Security documentation in compliance with Confidential 800 including 800-18, 800-30, 800-53, 800-53A, 800-60 and other Confidential 800 series
- Conduct Security Authorization reviews in compliance with Risk Management Framework (RMF) and present findings/brief to Senior Leadership
- Work closely within small teams, updating and tracking POA&Ms, reviewing vulnerability scan results and working with system owners
- Support the Assessment and Authorization (A& A) process, FISMA Compliance and Continuous Monitoring efforts.
- Use workflows to develop security artifacts.
- Document, organize and implement security control requirements
- Prepare vulnerability test plans and coordinate the testing and result procedures.
- Identify current and new risks
Information Systems Security Officer
- Scheduled and conducted working sessions/interviews with stakeholders to gather and analyze security controls implementation and the information system security posture.
- Knowledge of Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), CMP, and CP
- Developed Assessment & Authorization (formerly known as Certification and Accreditation C&A) packages for compliance with Confidential 800 guidance, including System Security Plans (SSP), System Categorization documents, Risk Assessments, Security Assessment Plan (SAP), System Security Test and Evaluation and Security Assessment Report (SAR) and the Plan of Actions and Milestones (POA&M)
- Tracked and updated Plans of Action and Milestones (POA&M) regarding the mitigation and remediation status. Worked with the Vulnerability Assessment Team (VAT) to analyze the vulnerability scans conducted with Nessus Tenable scans and inform the System Owners and their technical POC to remediate the findings.
- Supported the Security Assessment and Authorization (SA&A), FISMA compliance, Confidential requirements and continuous monitoring for Security Controls.
- Put together ATO package to provide an accurate security posture of systems to assist Authorizing Official (AO) in making ATO decision.
- Participated in kick-off meeting and client interviews to complete the Risk Assessment, Security Control Assessment, and Plan for remediation actions and Security Continuous Monitoring Plan.
- Knowledge in cloud technology using FedRAMP templates
- Updated existing Authorization packages throughout the life cycle of the Major applications and General Support Systems.
Audit Associate Intern
- Timely completion of assigned audits which expedites the season audit to meet deadlines through CaseWare and AuditPro software
- Prepared draft packages and send them to the supervisor for review
- Retrieved confirmations and check registers and upload them on CaseWare tree, and do lockdowns for final audits