We provide IT Staff Augmentation Services!

Business Analyst Resume Profile

5.00/5 (Submit Your Rating)

Objective

Highly motivated professional seeking an opportunity to apply information security and project management skills to a career in the public and private sectors.

Qualification Profile

  • In-depth experience of conducting vulnerability and risk assessments in support of the Certification and Accreditation in accordance with FISMA, FIPS, NIST, COBIT, ISO, SOX, FedRamp and OMB standards/guidelines.
  • Expert knowledge of utilizing a wide array of vulnerability assessment tools to ensure that the appropriate host and network security measures are in position and meet current intelligence community and private industry standards.
  • Demonstrated skill identifying vulnerabilities and providing technical advice to senior government officials and IT stakeholders regarding various aspects of complex IT issues, network exploitation, cyber intelligence, and recommended countermeasures.
  • Associate's Degree in Project Management ESI International/George Washington University .

Professional Experience

Confidential

  • Contributed to the initial authorization of one of Treasury's primary Operational Units OUs
  • Authored documents to include the System Security Plan SSP , Continuous Monitoring Plan, and Contingency Plan
  • Contributed to the OUs Plan of Action Milestone POA M Standard Operating Procedure This effort included the development of logs, dashboards, and SharePoint sites
  • Initiated Cloud Computing and Baseline configuration efforts

Confidential

  • Support the Dept. of Education Federal Student Aid Plan of Action Milestone POAM management team
  • Provide insight and guidance to client regarding threat levels, risk acceptance, and recommended mitigation strategies
  • Produced Standard Operating Procedures SOPs for Weekly POAM Reports, Executive Reports, and in-house applications as required
  • Produced Incident Response notices and Security Incident Reports for the Federal Student Aid program as required

Confidential

  • Support POA M processes and procedure in accordance with National Weather Service NWS standard and produce Weekly POA M reports
  • Conduct annual assessment in accordance with NIST-800-53A guidance for NWS systems as assigned in support of the Security Assessment and Authorization SA A process
  • Review system accreditation packages for vital documentation i.e. System Security Plan, Contingency Plan, Security Control Assessment, etc.
  • Serve as productive and proficient member of NWS OCIO FISMA Compliance Team

Confidential

  • Support 3 FDA centers for production of security documentation to include SSPs, Contingency Plans, Risk Assessments, etc.
  • Conduct annual assessments and POAM reviews
  • Provide customer service support to users as well as the Government appointed Information System Security Officers ISSOs
  • Produced all documentation under NIST 800 series standards and FedRamp consideration for future operations

Confidential

  • Served as Information System Security Officer ISSO Representative for three 3 software applications
  • Conducted Annual Assessment for three 3 applications. This effort included tasks such as:
  • Updated and reviewed System Security Plans SSPs
  • Conducting Risk Assessments
  • Updated Contingency Plans or Disaster Recovery Plans
  • Conducted Privacy Threshold Analysis PTA and corresponding Privacy Impact Assessments PIAs as required
  • Worked with System Owners, User Representatives, Software developers, Database Administrators, etc. to collect necessary artifacts for compliance with NIST 800-53 Revision 3
  • All documentation posted to Cyber Security Assessment Management CSAM database

Confidential

  • Interacted with customers on daily basis to ensure that POAMs were managed efficiently from initiation through closure
  • Member of team managing POAMs for over 160 applications
  • Handling a vigorous timeline and schedule in most case
  • COBIT Case Study for Dept. of Transportation
  • Conducted Authorization and Annual Reviews in support of the C A process This included the review of security documentation to include
  • System Security Plans SSPs
  • Contingency Plans CPs
  • System Characterization Documents SCDs
  • Privacy Impact Assessments PIAs
  • Risk Assessment Reports RARs
  • Security Assessment Reports SARs

Confidential

  • Provide oversight for Continuous Monitoring Program within the Risk Management Framework RMF in accordance with NIST 800-37
  • Conduct Quality Assurance on POAM closures to verify that all Weakness Completion Plan WCP forms are complete and satisfy the requirement
  • This includes validating all required artifacts to ensure that documentation has been provided to meet the necessary security controls
  • Produce various reports to meet client requirements
  • Quarterly Security Reports QSR
  • Weekly Activity Reports WAR

Confidential

  • Review of standard business security documents such as System Security Plans SSPs , Security Test and Evaluation ST E , Privacy Impact Assessments PIAs , etc.
  • Worked in conjunction with the CIT ISSO Team to provide C A support for the various General Support Systems GSS within NIH
  • Conducted security operations for the National Center for Research Resources NCRR in support to of re-accreditation tasks
  • Validation of in-compliance vulnerability assessment scans and results
  • Production of various Accreditation packages for enterprise wide systems
  • Established system baselines for multiple research applications within NIH hardware, software, firmware, etc.

Confidential

  • Updated the Business Impact Analysis BIA for National Weather Service NWS systems to reflect enhanced information security business practices
  • Reviewed System Security Plans SSPs and numerous other security related documents in support of NWS systems In accordance with NIST 800-18, Developing Systems Security Plans for Federal Information Systems
  • Collaborated with multiple levels of staff to revise many security artifacts to include Configuration Management Plans, Disaster Recovery Plans, Interconnection Service Agreements ISAs , etc.
  • Lead security operations to obtain an Interim Authority to Operate IATO extension, so that all remaining Plans of Action and Milestones POAMs could be appropriately addressed
  • Leveraged the accountability principles of the Cyber Security and Assessment Management CSAM tool to track and manage high visibility POAMs
  • Provided oversight for the mitigation of these items in accordance with Continuous Monitoring requirements within the Risk Management Framework RMF NIST 800-37
  • Participated in Configuration Management Board CMB meeting in support of security related change requests
  • Approved changes to the NWS infrastructure i.e. software, hardware, inter-connections, file shares, etc.
  • Served as the Information System Security Officer ISSO for NWS
  • Task included validation of compliance with NIST 800 standards/guidelines
  • Conducted bi-weekly audit log reviews
  • Collaborated with the NWS Project Management Team to introduce new security policy and guidance for the NWS Engineering/Technical Staff

We'd love your feedback!