Business Analyst Resume Profile
5.00/5 (Submit Your Rating)
Objective
Highly motivated professional seeking an opportunity to apply information security and project management skills to a career in the public and private sectors.
Qualification Profile
- In-depth experience of conducting vulnerability and risk assessments in support of the Certification and Accreditation in accordance with FISMA, FIPS, NIST, COBIT, ISO, SOX, FedRamp and OMB standards/guidelines.
- Expert knowledge of utilizing a wide array of vulnerability assessment tools to ensure that the appropriate host and network security measures are in position and meet current intelligence community and private industry standards.
- Demonstrated skill identifying vulnerabilities and providing technical advice to senior government officials and IT stakeholders regarding various aspects of complex IT issues, network exploitation, cyber intelligence, and recommended countermeasures.
- Associate's Degree in Project Management ESI International/George Washington University .
Professional Experience
Confidential
- Contributed to the initial authorization of one of Treasury's primary Operational Units OUs
- Authored documents to include the System Security Plan SSP , Continuous Monitoring Plan, and Contingency Plan
- Contributed to the OUs Plan of Action Milestone POA M Standard Operating Procedure This effort included the development of logs, dashboards, and SharePoint sites
- Initiated Cloud Computing and Baseline configuration efforts
Confidential
- Support the Dept. of Education Federal Student Aid Plan of Action Milestone POAM management team
- Provide insight and guidance to client regarding threat levels, risk acceptance, and recommended mitigation strategies
- Produced Standard Operating Procedures SOPs for Weekly POAM Reports, Executive Reports, and in-house applications as required
- Produced Incident Response notices and Security Incident Reports for the Federal Student Aid program as required
Confidential
- Support POA M processes and procedure in accordance with National Weather Service NWS standard and produce Weekly POA M reports
- Conduct annual assessment in accordance with NIST-800-53A guidance for NWS systems as assigned in support of the Security Assessment and Authorization SA A process
- Review system accreditation packages for vital documentation i.e. System Security Plan, Contingency Plan, Security Control Assessment, etc.
- Serve as productive and proficient member of NWS OCIO FISMA Compliance Team
Confidential
- Support 3 FDA centers for production of security documentation to include SSPs, Contingency Plans, Risk Assessments, etc.
- Conduct annual assessments and POAM reviews
- Provide customer service support to users as well as the Government appointed Information System Security Officers ISSOs
- Produced all documentation under NIST 800 series standards and FedRamp consideration for future operations
Confidential
- Served as Information System Security Officer ISSO Representative for three 3 software applications
- Conducted Annual Assessment for three 3 applications. This effort included tasks such as:
- Updated and reviewed System Security Plans SSPs
- Conducting Risk Assessments
- Updated Contingency Plans or Disaster Recovery Plans
- Conducted Privacy Threshold Analysis PTA and corresponding Privacy Impact Assessments PIAs as required
- Worked with System Owners, User Representatives, Software developers, Database Administrators, etc. to collect necessary artifacts for compliance with NIST 800-53 Revision 3
- All documentation posted to Cyber Security Assessment Management CSAM database
Confidential
- Interacted with customers on daily basis to ensure that POAMs were managed efficiently from initiation through closure
- Member of team managing POAMs for over 160 applications
- Handling a vigorous timeline and schedule in most case
- COBIT Case Study for Dept. of Transportation
- Conducted Authorization and Annual Reviews in support of the C A process This included the review of security documentation to include
- System Security Plans SSPs
- Contingency Plans CPs
- System Characterization Documents SCDs
- Privacy Impact Assessments PIAs
- Risk Assessment Reports RARs
- Security Assessment Reports SARs
Confidential
- Provide oversight for Continuous Monitoring Program within the Risk Management Framework RMF in accordance with NIST 800-37
- Conduct Quality Assurance on POAM closures to verify that all Weakness Completion Plan WCP forms are complete and satisfy the requirement
- This includes validating all required artifacts to ensure that documentation has been provided to meet the necessary security controls
- Produce various reports to meet client requirements
- Quarterly Security Reports QSR
- Weekly Activity Reports WAR
Confidential
- Review of standard business security documents such as System Security Plans SSPs , Security Test and Evaluation ST E , Privacy Impact Assessments PIAs , etc.
- Worked in conjunction with the CIT ISSO Team to provide C A support for the various General Support Systems GSS within NIH
- Conducted security operations for the National Center for Research Resources NCRR in support to of re-accreditation tasks
- Validation of in-compliance vulnerability assessment scans and results
- Production of various Accreditation packages for enterprise wide systems
- Established system baselines for multiple research applications within NIH hardware, software, firmware, etc.
Confidential
- Updated the Business Impact Analysis BIA for National Weather Service NWS systems to reflect enhanced information security business practices
- Reviewed System Security Plans SSPs and numerous other security related documents in support of NWS systems In accordance with NIST 800-18, Developing Systems Security Plans for Federal Information Systems
- Collaborated with multiple levels of staff to revise many security artifacts to include Configuration Management Plans, Disaster Recovery Plans, Interconnection Service Agreements ISAs , etc.
- Lead security operations to obtain an Interim Authority to Operate IATO extension, so that all remaining Plans of Action and Milestones POAMs could be appropriately addressed
- Leveraged the accountability principles of the Cyber Security and Assessment Management CSAM tool to track and manage high visibility POAMs
- Provided oversight for the mitigation of these items in accordance with Continuous Monitoring requirements within the Risk Management Framework RMF NIST 800-37
- Participated in Configuration Management Board CMB meeting in support of security related change requests
- Approved changes to the NWS infrastructure i.e. software, hardware, inter-connections, file shares, etc.
- Served as the Information System Security Officer ISSO for NWS
- Task included validation of compliance with NIST 800 standards/guidelines
- Conducted bi-weekly audit log reviews
- Collaborated with the NWS Project Management Team to introduce new security policy and guidance for the NWS Engineering/Technical Staff
