SUMMARY

• I am an IT Security analyst wif extensive noledge in security tools, technologies and best practices especially in FISMA/NIST and Sarbanes - Oxley 404 (COSO, COBIT, ISO, HIPAA, PCI-DSS) and has much interest in helping organisations secure their information systems.
• I has three years of experience in system security monitoring auditing and evaluation, C&A and Risk Assessment of GSS (General Support Systems) and MA (Major Applications).
• I has teh ability to work under pressure and able to work wif or wifout oversight supervision.
• I demonstrate high level of diplomacy and professionalism at all times and I has a genuine desire to learn and also to make impact in teh in teh organization I work wif.
• I am seeking for an Information System Auditor or Information Assurance position in a growth oriented organization wif focus on FISMA, Sarbanes-Oxley 404, system security monitoring and auditing; risk assessments; audit engagements, testing information technology controls and developing security policies, procedures and guidelines.
• I am specialized in areas such as Certification and Accreditation (C&A), Risk Management, Authentication & Access Control, System Monitoring, Regulatory Compliance, Physical and environmental security, Incident Response, and Disaster Recovery. I am an expert in FISMA and SOX 404 compliance, IT Security Training, developing security policies, procedures and guidelines.
• I am a fast learner and easily adapt to new working environment.
• I has very good analytical and organizational skills. I has teh ability to do multi-task, and can also work independently and also in a team.
• I has a strong verbal and written communication skills and also in technical writing skills.IT

PROFESSIONAL EXPERIENCE

IT Security Analyst

Confidential, Washington DC

Responsibilities:

• Conducted IT controls risk assessments that included reviewing organizational policies, standards, procedures and guidelines.
• Developed a security baseline controls and test plan that was used to assess implemented security controls.
• Developed and conducted ST&E (Security Test and Evaluation) according to NIST SP 800-53A
• Conducted a security control assessment to assess teh adequacy of management, operational privacy, and technical security controls implemented. A Security Assessment Report (SAR) was developed detailing teh results of teh assessment along wif plan of action and milestones (POA&M) to teh Designated Approving Authority (DAA) to obtain teh Authority to Operate (ATO).
• Assisted in teh development of an Information Security Continuous Monitoring Strategy to help Confidential . in maintaining an ongoing awareness of information security (Ensure continued TEMPeffectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions.
• Assisted in teh development of Privacy Threshold Analysis (PTA), and Privacy Impact Analysis (PIA) by working closely wif teh Information System Security Officer (ISSO), teh System Owner, teh Information Owners and teh Privacy Act Officer
• Developed an E-Authentication report to provide technical guidance in teh implementation of electronic authentication (e-authentication)
• Developed a system security plan (SSP) to provide an overview of federal information system security requirements and describe teh controls in place.
• Conduct a Business Impact Analyst (BIA) to identify high risk area where audit effort will be allocated to.
• Performed Certification and Accreditation documents in compliance wif FISMA/NIST and SOX 404 standards.
• Conducted meetings wif teh IT client team to gather evidence, developed test plans, testing procedures and documented test results and exceptions.
• Conducted walkthroughs, formulated test plans, documented gaps, test results, and exceptions; and developed remediation plans for each area of testing.
• Performed IT operating TEMPeffectiveness tests in teh areas of security, operations, change management, and email authentication.
• Developed teh audit plan and performed teh General Computer Controls testing Identified gaps, developed remediation plans, and presented final results to teh IT Management team.
• Initiated and lead information security awareness and training programs.
• Developed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and polices safeguards in order to maintain HIPAA compliance.
• Developed HIPAA compliance reports documenting auditing finding and corrective actions. These reports were submitted to teh ISSO.
• Involved in teh security awareness and training of staff on HIPAA requirements as it related to information technology.
• Conducted Certification and Accreditation (C&A) on general support system and major application using teh six steps of teh Risk Management Framework (RMF) from NIST SP 800-37 in order to meet teh necessary Federal Information Security Management Act (FISMA).
• Developed System Security Plan (SSP), Security Assessment Report (SAR) and POA&Ms that were presented to teh Designated Approving Authority (DAA) in order to obtain teh authority to operate