I have an excellent amount of experience in information security which include but not limited to change management, contingency planning; policies and procedures, NIST SP 800 - 53, NIST SP 800-37, FIPS, FISMA and FEDRAMP.
Standards: COSO/COBIT, Sarbanes-Oxley Act, SAS-70, ISO 17799, NIST 800-Series, FIPS, FISMA, FEDRAMP
Software/Platform/Artifacts: MS Office Suite (PowerPoint, Excel, Access), Fips199, NIST 800-37
SORN, E: Authentication, PTA, PIA, RA, SSP, CP, CIPT, ST&E, SAR, POA&M, ATO, NIST 800-53A, ISA
Information Security Analyst
- Perform analysis on, and maintain, security requirements dealing with application authorization, ID provisioning and ID management to minimize access control issues and segregation of duty (SOD) concerns
- Use established processes to promote security changes following documented procedures
- Configure and manage identity and access management tools
- Contribute to the IAM Security Administration team meeting target SLA’s, audit compliance, and management defined performance metrics.
- Monitor all aspects of IAM processes for security violations.
- Respond to incidents opened to the IAM Security Administration Team
- Assist in establishing minimum security baselines according to level of risk
- Assist in deploying Security Controls
- Defining a process for certifying that information systems meet minimum security requirements and for obtaining management authorization to operate an information system
- Monitoring compliance with information security requirements
- Implementing a program for provision of security awareness and training
- Ensuring that services provided by third-parties adhere to information security policy
- Involves in several phases of implementing application security
IT Security Analyst
- Hold kick-off meetings with CISO and system stakeholders prior to assessment engagements.
- Prepared and submitted Security Assessment Plan (SAP) to CISO for approval.
- Experience in using NIST SP 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems
- Experience working with the NIST SP 800-53 Security and Privacy Controls for Federal Information Systems.
- Developed and conducted Contingency Plan and Test
- Developed and updated system security plan (SSP), plan of action and milestone (POA&M).
- Monitored controls post-authorization to ensure continuous compliance with security requirements.
- Knowledge of vulnerabilities assessment tools such as Retina, Nessus and MBSA vulnerability scanners use to detect potential risks on a single and multiple assets across the enterprise network.
- Creates reports detailing the identified vulnerabilities and the step taken to remediate them.
Information Security Administrator
- Analyzing and defining security requirements for a variety of IT issues.
- Designing, developing and implementing solutions to IT security requirements at various levels of the agency’s System Development Life Cycle (SDLC).
- Gathering, analyzing and organizing technical information about systems, existing security products and ongoing programs.
- Performing risk analysis that also include risk assessments.
- Performing vulnerability checks and assessment
Junior Fraud Analyst
- Reviewed and conducted in-depth analysis on regulatory and legal changes that affected the company.
- Prepared written reports and analyzed for compliance management.
- Assisted on projects, audits, and other tasks as assigned. Managed projects required to implement regulatory and legal changes, which included the implementation of project goals, coordination of efforts between multiple departments and monitoring for effectiveness.