We provide IT Staff Augmentation Services!

Information Assurance Analyst Resume

Rockville, MD

SUMMARY:

  • With a MS in Conflict Resolution and over 6 years in Information Technology and Assurance, works with key government clients on projects for Confidential.
  • Demonstrates experience supporting system owners in the A&A process including development of System Security Plan (SSP) and Security Controls from Confidential SP 800 - 37, 800-53, and 800-70. Proficient working with system owners, software, system, ISSOs and program management personnel to address POA&M items through resolution.
  • Accountable to manage large security projects with cross-functional teams of 150 people and a budget of $200M. Key advisor and collaborator to stakeholders, system design, development, network security and application on information security policies, procedures, program requirements and key project decisions throughout the System Engineering Lifecycle process. Interprets and evaluates proposed legislation, directives, regulations and broad-based policies concerning information technology.
  • Organized and accountable to ensure corporate security policies comply with industry best practices including, FISMA. Verifies user compliance with security policies and procedures as well as making sure the organization always conforms with the latest security mandates. Conducts risk assessment programs identifying potential application vulnerability.
  • Builds climate of trust with clients, leadership and engineers with unique ability to deliver shared vision. Efficiently translates complex information advising key players. Makes resourceful and confident decisions.
  • Experienced in implementing perimeter and data security for a cloud environment, includes FedRAMP security approvals and certifications. Practiced with AWS, MS Azure in IaaS and PaaS.
  • Cyber Security, Health, Government IT

SKILLS INVENTORY:

  • Security Categorization (FIPS 199)
  • Privacy Threshold Analysis (PTA)
  • E-Authentication
  • Security Test & Evaluation
  • Confidential SP 800-53A
  • Enterprise Security Posture System (ESPS)
  • Computer Communication Systems (CCS)
  • Information Security
  • Information Assurance
  • Integration
  • System Lifecycle
  • Risk Management
  • Deliverables
  • Business Process
  • Remediation
  • Jointly owned Risk
  • Perimeter and data security
  • Cloud Environment
  • Control Environment
  • Access Controls
  • Physical Access
  • System Access
  • Security Assessments
  • Network Access Controls
  • Authentication Systems
  • Vulnerability Assessments
  • Penetration Testing
  • Risk Assessments for networks
  • Email Security
  • Architecture Reviews
  • Policy Implementation
  • Security Event Monitoring
  • IDS/ Confidential
  • IT security multi-factor identification
  • Applications strategic services micro-segmentation methodology
  • Compliance
  • Encryption identity/access management (IAM)
  • IT audit internal audit
  • DLP
  • FW
  • IDS/ Confidential
  • PKI forensics/consulting
  • Web Application Security/Firewall privacy and regulatory requirements
  • IOT/OT/ICS/SCADA security.
  • Certification and Accreditation (C&A) software defined security solutions
  • Authority to Operate (ATO)
  • Plan of Action & Milestone (POA&M) reports
  • Assessment and Authorization (A&A)
  • DNS
  • Information Systems Security Officer (ISSO) Guide, V10
  • HIPPA
  • Cloud
  • Amazon
  • Microsoft Azure
  • IaaS
  • PaaS
  • SaaS
  • FedRAMP
  • Project Management
  • Organizational
  • Motivated
  • Collaborator
  • Positive
  • Feedback
  • Creative
  • Flexible
  • Builds Dynamic Teams
  • Networker
  • Confidence
  • Mentor
  • Coach
  • Adaptability
  • Change Management
  • Organizational Design
  • Management
  • Retention
  • Multi-cultural
  • Sensitivity
  • Written Communication
  • Oral Communication
  • Analytical
  • Critical Thinking
  • Prioritization
  • Evaluating
  • Qualifying
  • Root Cause Analysis
  • Data Collection
  • Mitigate & Recommend
  • Logical
  • Detail Oriented
  • Word
  • Excel
  • PowerPoint
  • MS Access
  • MS Project
  • MS Outlook
  • MS Sharepoint
  • MS Publisher
  • Adobe Acrobat
  • JIRRA
  • CSAM
  • JSTOR
  • LexisNexis
  • Mobile Technologies
  • Social Media Technologies

WORK EXPERIENCE:

Information Assurance Analyst

Confidential, Rockville, MD

Responsibilities:

  • Adviser to system development teams and stakeholders on information security and project decisions throughout the System Engineering Lifecycle process. Supplies leadership and cross functional teams of 150+ people and budget of $200M with security questions and concerns. Offsets business needs with security concerns expressing issues to leaders.
  • Focused, organized and accountable to assure corporate security policies and recommendations comply with industry best practices like Confidential, FISMA and organizational guidelines. Similarly verifies user compliance with security policies and procedures and that the organization always conforms with the latest security mandates. Creates, updates and assesses compliance of system Authority to Operate (ATO) packages.
  • Maintains Plan of Action & Milestone (POA&M) reports, tracks security vulnerabilities and risk assessment based on findings assessed and remediated through monthly updates. Employs the Cyber Security Assessment and Management (CSAM) to record, manage and assess common threats, vulnerabilities and JIRA to create and track issue and tasks.
  • Recommends efforts to enhance systems security and reliability, develops long-range plans to minimize risk, mitigates vulnerabilities to prevent security incidents, approves security contingency, incident response plans and disaster recovery.
  • Analyzes, troubleshoots and resolves network security system engineering issues systems applications like Intrusion Detection Systems/Intrusion Protection Systems (IDS/ Confidential ), Firewall, Security Proxy, Email Security and Vulnerability Scanning Solutions. Achieved vulnerability scanning on web applications and databases identifying security threats, vulnerabilities and recommended ways to minimize the threat.
  • Develops, updates and reviews required security artifacts in the Information Assurance Manager according to the best practices per the Information Systems Security Officer (ISSO) Guide, V10.
  • Ensures proper access controls are implemented for both system access and physical access to data processing facilities.
  • Presented data gathering techniques (e.g. interviews and document reviews) in preparation for assembling Certification and Accreditation (C&A) to Assessment and Authorization (A&A) packages to stakeholders.

Confidential, Lanham, MD

Information Assurance Analyst

Responsibilities:

  • Supported ISSO tasks for IT systems in accordance with Confidential SP 800-37 requirements. Performed information assurance certification, accreditation analysis, security assessments and made recommendations to bring their systems compliant.
  • Documented findings, developed POA&Ms or requests prepared for Acceptance of Risk (AoR).
  • Maintained security posture status in the Government via FISMA Scorecard, where the information can be reviewed by Approval Authorities and other external IA organizations when necessary.
  • Support Federal client and team in areas of POA&M tracking, Vulnerability Management, Ongoing Authorization and Service Level Agreement compliance.
  • Prepare, review and assist with analysis and reporting in areas of POA&M tracking, vulnerability management, and ongoing authorization.

Information Assurance Analyst

Confidential, Washington, DC

Responsibilities:

  • Collaborated with cross functional teams of 75 people, aligned to the best practices driven in the ISSO Guide, V10, when developing, updating, or reviewing required security artifacts in the Information Assurance Manager.
  • Ensure proper access controls are implemented for both system access and physical access to data processing facilities.
  • Created, updated and assessed compliance of system ATO packages.
  • Provided information security expertise to development teams throughout the System Engineering Lifecycle process.
  • Ensured POA&M reports are maintained and that security vulnerabilities are tracked and remediated. Updated POA&M and Risk Assessment based on findings assessed through monthly updates. Employed the CSAM to record, manage and assess common threats and vulnerabilities. Tracked and managed POA&M in CSAM.
  • Ensured security policies, and recommendations comply with industry best practices like Confidential, FISMA, organizational guideline and technical best practices.
  • Performed vulnerability scanning on web applications and databases to identify security threats and vulnerabilities and recommended ways to minimize the threat.
  • Performed data gathering techniques (e.g. interviews and document reviews) for assembling C&A/A&A packages.

Assistant to Wage & Hour Administrator

Confidential, Washington, DC

Responsibilities:

  • Conducted research on wage and hour issues including working mothers, people with disabilities, and immigrants.
  • Planned and coordinated conferences with stakeholders including members of US Congress, diplomats, high ranking department officials, White House officials, private industry, labor groups, special interest groups and general public. As well, coordinated public speaking engagements and stakeholder outreach for the Acting Administrator.
  • Coordinated and tracked special projects as assigned by Acting Administrator, including IT business modernization, and liquidated damages roll out in the regions; Accountable to coordinate and manage the acting administrator’s daily calendar.

Assistant to Director & Deputy Director

Confidential, Washington, DC

Responsibilities:

  • Accountable to manage, organize and coordinate all incoming and outgoing correspondence and daily calendar for Director and Deputy Director offices for Biological and Radiological Devices.
  • Project Manager assistant for post-approval studies program; Organized conferences and meetings with stakeholders.

Language Specialist

Confidential, Washington, DC

Responsibilities:

  • Interpreter for the Immigration and Naturalization Service Court System
  • Provided simultaneous translation from English to target languages, like French and West African Kreole and vice versa.
  • Translated technical and non-technical material using correct syntax and idioms.

Hire Now