OBJECTIVE:

Seeking an Information System Security Officer or Information Assurance position in a growth - oriented organization with focus on monitoring NIST standards, System Certification & Accreditation, System Security monitoring and auditing; risk management and assessments; audit engagements, and testing internal IT Controls.

TECHNICAL SKILLS:

• Participate in the FIPS 199 process in which security categorization takes place, and selecting the technical, operational and managerial controls using NIST SP 800-60 guidelines.
• Working Knowledge of NIST SP 800-37, Sp 800-60, Sp 800-53 Rev 3, Sp 800-18, Sp 800-30, Sp 800-53A during documentation review and update.
• Review and update the System Security Plan (SSP) using NIST SP 800-18 guidelines.
• Review and update Risk Assessment (RA) using NIST SP 800-30 guidelines.
• Have working knowledge of Microsoft Office Suite.
• Ability to develop POA&M (Plan Of Action & Milestones) document to take corrective actions resulting from ST&E (System Test & Evaluation).
• Review and update Contingency Plan (CP) using NIST SP 80-34 guidelines.
• Develop the following documents: Risk Assessment Report, E-Authentication, Security Assessment Plan, System Security Plan, Contingency Plan, Security Assessment Report, PO&AM’s
• Excellent mathematical skills
• Work effectively in a team environment and participate in collaborative initiatives that foster the mutual exchange of knowledge and expertise
• The ability to organize a variety of filing systems
• Knowledge of accounting and cash handling software
• Ability to communicate effectively to build and maintain customer satisfaction and express conclusions in a clear, technically sound manner on matters associated with IT security
• Ability to multi-task, works independently and as part of a team, shares workloads, and deal with sudden shifts in project priorities
• Excellent interpersonal skills and verbal/written communication skills
• Ability to use GRC (RiskVision) Platform

PROFESSIONAL EXPERIENCE:

Confidential,Arlington VA

Information Assurance Analyst

Responsibilities:

• Used data to understand business patterns and trends in information assurance.
• Analyzed internal and external data through quantitative research.
• Communicated findings through standard and ad hoc reports.
• Promoted best practices in Authority to Operate (ATO), Assessment and Analysis (A&A), and Continuous Monitoring.
• Collaborated with cross-functional teams and stakeholders.
• Developed and/or enhanced standard operating procedures (SOPs) or processes.
• Prepared and reviewed ATO packages.
• Provided recommendation for improvement in existing process and process integration.
• Provided weekly activity report to the project manager.
• Used GRE (RiskVision) platform to run reports.

Confidential,Washington,DC

Information Security Fisma Analyst

• Part of C&A team responsible for coordinating the certification and accreditation process of the General Support Systems for field sites and telecommunications.
• Perform in a fast-paced environment where project deadlines were critical and multiple projects ran in parallel while being self-managed and self-motivated.
• Assessed system security controls using 800-53A.
• Identify security risks, threats and vulnerabilities of networks/systems/applications.
• Conduct vulnerability scans in mutli-platform and enterprise environment using various tools and monitors progress of resolving any findings in scans.
• Conduct security awareness training and expected rules of behavior for end-users.
• I participated in the FIPS 199 process of Categorization using SP 800-60.
• Documented and finalized Security Assessment Report (SAR).
• Documented and managed Risks in accordance with SP 800-30 and SP 800-37 using nine steps to evaluate the threats, vulnerabilities, and security controls surrounding the information system as well as the likelihood of an exploit and the impact it will have to the system operations.
• Work in an Integrated Project Team (IPT) environment requiring interaction with other security analysts, users, and client managers in identifying requirements, specifications and project planning activities
• Identified and evaluated the technical, management, and operational security controls.
• Develop and implement penetration testing and procedures.
• Responsible for the administration of network security devices to include intrusion detection systems, vulnerability scanners and other monitoring devices.
• Create and implemented all security documentations required for the certification and accreditation, and took the system through full accreditation.

Confidential,Washington,DC

Cyber Security Analyst

• Testing and implementing customized software templates for various environments and customers.
• Deploying software and tools within enterprise systems and ensuring efficiency and effectiveness of the these tools by continuously monitoring and User awareness/training.
• Demonstrated Technical IA leadership in the planning and implementation of over 300 requirements/safeguards tailored specifically for each Mission purpose and risk assessment
• Successfully analyzed over 800 security Questionnaire responses and completed ICD 503 documentation within a 45 day period in compliance with NIST 800-53 rev 4.
• Transferred over 200 Projects within Xacta Risk Management tools to meet stringent deadlines and constraints while ensuring data integrity.
• Subject matter expertise in integrating various Security controls, policies & procedures, Workflow enforcement, Access permissions, reverse engineering business process to facilitate enterprise compliance and efficiencies.
• Development/implementation of automated web based applications for enterprises.