OBJECTIVE

Highly motivated Cyber Security Professional with over 5 years of experience and exposure with focus on the Federal Information Security Management Act (FISMA) Compliance, NIST Cyber Security Risk Management Framework (RMF), System Security Monitoring and Auditing, Risk Assessments, Security Control Assessment (SCA) and Developing Security Policies and Procedures with reference to NIST Standards and guidelines.

SUMMARY

• Daily working knowledge of the entire Risk Management Framework (RMF) process using NIST 800 - series SPs: 18, 37r1, 137, 128, 30r1, 34, 63, 64r2, 53r4, 53Ar1, 60 Vol 1&2, FIPS 199, FIPS 200 publications and standards with Federal and private agencies for FISMA compliance.
• Understanding and experience with the System Development Life Cycle (SDLC)
• Possess in-depth ability of creating, reviewing and updating security artifacts and documentation such as SSP, SAP, SAR, POA&M, PIA, PTA, CP & CPT.
• Very acquainted with vulnerability scanning and penetration testing tools (Nessus) as well as POA&M automated tracking tools (CSAM), GRC Archer, TAF.
• Team Player, quick learner, very dependable, proactive, pays attention to detail and can work under difficult conditions to meet deadlines and make the client happy.
• Excellent communication, customer service, analytic, problem solving, writing/documentation, time management and interpersonal skills.

PROFESSIONAL EXPERIENCE

Cyber Security Analyst

Confidential, Washington DC

• Perform ongoing Assessment and Authorization projects in support of client security systems and ensuring quality control of A&A documents.
• Conduct risk assessments and collaborate with clients to provide recommendations regarding critical infrastructure, network security operations and Continuous Monitoring processes.
• Extensive knowledge in Categorizing Information Systems (using FIPS 199 as a guide)
• Create, update and revise System Security Plans, FISMA, Contingency Plans, Incident Reports and Plan of Action & Milestone.
• Review Privacy Impact Assessment (PIA) document after a positive PTA is created and ensure PII findings are recorded in the System of Record Notice (SORN)
• Determine security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).
• Evaluate threats and vulnerabilities based on tenable reports and also Implement Risk Management Framework (RMF) in accordance with NIST SP 800-37.
• Classification and categorization of information Systems using the RMF processes to ensure system Confidentiality, Integrity and Availability.
• Provide audit briefings to agency and Information Systems Security Officer’s (ISSO), to assist in the preparation of independent audit assessments with the agency's goal of improving their operational effectiveness and ensuring that all findings are documented as Plan Of Action & Milestones.
• Generate, review and update System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements.

Security Control Assessor (SCA)

Confidential, Bethesda, Maryland

• Performs security controls assessments using NIST SP 800-53A as a guide by means of the assessment methods such as Interview, Examination and Testing.
• Determines Technical, Operational and Management security controls effectiveness by assessing whether controls are implemented correctly, operating as intended, and meeting security requirements.
• Schedule assessment kick-off meetings with assessors and Security Control Interview meetings with the ISSO, System Owners and Common Control Providers.
• Creates Requirement Traceability Matrix (RTM) and documents whether controls being assessed passed or fail using NIST SP 800-53A as a guide.
• Creates and finalizes Security Assessment Report (SAR) and give recommendations to ISSO on how to mitigate or remediate reported weaknesses and vulnerabilities.
• Reviews A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT)

Information assurance Analyst

Confidential, New York

• Served on a team of information security professionals in the development of security policies and procedures, security assessment and authorization (A&A) packages using NIST 800 series SP for FISMA compliance.
• Evaluated threats and vulnerabilities based on Tenable reports and also Implement Risk Management Framework (RMF) in accordance with NIST SP 800-37R1.
• Created/generated, reviewed and updated A&A Packages: System Registration, System Security Categorization, eAuthentication Assessment CP, CPT, SSP, SAP, SAR, and POA&M
• Ensures all POA&M actions are completed and tested in timely fashion to meet client’s deadlines.
• Reviewed Privacy Impact Assessment (PIA) document after a positive PTA is created and ensure PII findings are recorded in the System of Record Notice (SORN) 
• Continuously monitored security controls effectiveness using NIST SP 800-137r1 as a guide.
• Utilized the Cyber Security Assessment and Management (CSAM) to record, manage and assess common threats and vulnerabilities. Tracked and managed POA&M in CSAM.