SUMMARY:

Obtain Security Control Assessor, C&A or A&A Analyst full - time 100% remote/telework position

PROFESSIONAL EXPERIENCE:

Compliance Specialist/Security Control Assessor

Confidential, Washington, DC

Responsibilities:

• Managed accreditation process from inception to Confidential for Confidential systems/applications. Reviewed and evaluated system security artifacts and assembled security authorization package for Authorizing Official (AO) submission after implementing compliance approval. Evaluated and monitored plan of action and milestone (POA&M) activities/tasks ensuring proper and timely remediation actions were taken for identified weaknesses and suspensed dates for each IS based on findings and recommendations for SAR. Reviewed and verified artifacts for POA&M closure uploaded in Confidential automated tool resulting in accurate and updated POA&Ms leading to ease in development of accurate Confidential and Dashboard reporting.
• Provided advice, briefings, assistance and counsel recommending/implementing established and new policies, standards/guidelines in response to new Federal IT regulations or unexpected IT requirements for cyber security coordinating with senior management officials establishing cyber security policy. Analyzed changes between Confidential SP 800-53 revision three and Confidential SP 800-53 revision four, and provided detailed summary of each change and recommendations on how to implement these changes in risk management tool: Xacta Information Assurance Manager.
• Coordinated with internal and external stakeholders conducting activities enhancing cyber security resolving problems. Integrated systems development lifecycle and change management with continuous improvement component assuring confidentiality, integrity and availability of information and automated processes.
• Conducted comprehensive assessment of management, operational and technical security controls employed within, inherited by Information System (IS) and overall effectiveness of the controls. Executed, examined, interviewed, and tested procedures in accordance with Confidential SP 800-53A Revision 4 and reviewed NESSUS scan results/findings. Developed recommendations associated with findings on how to improve security posture in accordance with Confidential controls. Provided severity of weaknesses/deficiencies discovered in IS and its environment of operation and recommended corrective actions to address identified vulnerabilities. Prepared final Security Assessment Report (SAR) containing results/findings.
• Performed risk assessments and made recommendations implementing continuous and network monitoring activities managing security control and Confidential compliance resulting in swift corrective action in addressing findings/issues/problems. Advised AO, Office of Chief Information Officer (OCIO) and/or Program Security Officer (PSO) on assessment methodologies and processes. Evaluated certification documentation and provided written recommendations for accreditation to Federal Program Managers.
• Ensured security testing and evaluations were completed and documented. Evaluated threats/vulnerabilities to ascertain if additional safeguards were needed. Assessed changes in systems, its environment and operational needs that could affect accreditation. Conducted periodic testing of security posture of AIS and ensured configuration management (CM) security-relevant AIS software, hardware and firmware were properly documented.
• Presented SARs and briefings to senior and executive management, outline risk and deficiencies and provided recommendations to correct/address critical/high findings immediately. Coordinated with Confidential IT System stakeholders to fix these critical/high findings before Confidential expiration, leading to smooth AO adjudication review and Confidential approval.
• Implemented processes or support operations ensuring compliance with security assessments and authorizations applying Confidential 800-53A. Guided and advised IT System stakeholders in recommendations in mitigation and remediation of issues and findings from SAR by creating POA&Ms.
• Used my expertise in federal laws, regulations and policies in discipline of IT systems security to analyze impact with regard to Confidential ’s operational needs, cost, resources and consequences resulting in swift approval of POA&Ms, faster AO approval of ATOs, decreasing number of open POA&Ms Agency-wide.
• Expanded and improved agency’s information assurance and compliance programs; reduced non-compliance from nearly 80% to less than 20% across the agency within 6 months.
• Integrated best practices, orchestrated efforts to achieve Confidential agency requirement to certify and accredit systems and programs; successfully met Confidential guidelines.

Assessment and Authorization Analyst

Confidential, Washington, DC

Responsibilities:

• Managed accreditation process from inception to Confidential for Confidential systems/applications.
• Reviewed and evaluated system security artifacts and assembled security authorization package for AO submission after implementing compliance approval.
• Evaluated and monitored POA&M activities/tasks ensuring proper and timely remediation actions were taken for identified weaknesses and suspensed dates for each IS based on findings and recommendations for SAR. Reviewed and verified artifacts for POA&M closure uploaded in Confidential automated tool resulting in accurate and updated POA&Ms leading to ease in development of accurate Confidential and Dashboard reporting.
• Experienced in successfully fostering, developing and maintaining relationships with employees and contractors in obtaining cooperation and support resolving information gaps and acquiring information from stakeholders within and outside my work area. Prepared system security plans, security assessment reports, risk assessments and authorization letters submitted to AO for adjudication, resulting in swift Confidential approvals increasing Confidential scorecard.
• Coordinated with internal and external stakeholders conducting activities enhancing cyber security resolving problems. Integrated systems development lifecycle and change management with continuous improvement component assuring confidentiality, integrity and availability of information and automated processes.
• Collected, compiled and analyzed data on types/scopes of cyber security programs, resulting in improved customer service and performance.
• Served as liaison between System Owners, Information System Security Officers and Office of Information Security initiating and maintaining contact. Fostered and cultivated an environment of open communications to mitigate issues overseeing development and maintenance of security documentation resulting in creation and management of current and accurate system security documentation for faster Confidential approvals.
• Built and led a peak-performing team that processed 100% of annual assessments on 200 different security controls for over 20 computer system applications.
• Played a key role in streamlining and improving certification and accreditation (C&A) package development; reduced delivery time by approximately 7 days.
• Reduced IT support delivery time by up to seven days by streamlining procedures for C&A package development, upon implementation, produced C&A deliverables for two computer application systems 9 days ahead of schedule.
• Led team in completing contingency plan testing for approximately 20 systems within only 2 months.

Supervisory IT Specialist

Confidential, Washington, DC

Responsibilities:

• Developed/enhanced cyber security systems ensuring compliance with Department of Labor ( Confidential ) Agency and Confidential .
• Developed information security mission, vision, strategic plans, resource plans, technical gap analysis and staffing plans integrating best practices in safeguarding national security information by streamlining and improving RMF process.
• Lead project manager responsible for developing complete set of documents/artifacts for Confidential evaluation.
• Experienced in successfully fostering, developing and maintaining relationships with Federal government personnel and contractors in obtaining cooperation and support resolving information gaps and acquiring information from stakeholders within and outside my work area. Prepared system security plans, security assessment reports, risk assessments and authorization letters submitted to AO for adjudication, resulting in swift Confidential approvals increasing Confidential scorecard.
• Provided guidance and counsel to CIO and key members of DSS leadership team. Fostered and cultivated an environment of open communications throughout the staff and with federal customers.
• Delivered products and services that aligned with and anticipated customer needs via request fulfillment processes.
• Worked closely with senior officials to define objectives for information security, while building relationships and goodwill.
• Developed checklists, questionnaires and surveys to solicit information from customers, then leveraged results to enhance customer service and technical support.
• Assessed security controls by reviewing evidence, including NESSUS scan results/findings, and determining compliance to Confidential and Confidential .
• Reviewed and verified artifacts uploaded in automated tool resulting in accurate and updated POA&Ms leading to ease in development of accurate Confidential and Dashboard reporting.
• Presented SARs and briefings to senior and executive management, outlined risk and deficiencies and provided recommendations to correct/address critical/high findings immediately. Coordinated with Confidential IT System stakeholders to fix these critical/high findings before Confidential expiration, leading to smooth AO adjudication review and Confidential approval.
• Directed workgroups in efforts related to IT Security, compliance and risk management, fostered and cultivated an environment of open communications to mitigate issues overseeing development and maintenance of security documentation resulting in current and accurate system security documentation for faster Confidential approvals.
• Tracked plans of action for remediation and adjudicated evidence validating artifacts in automated tool. Remediated issues and findings for Confidential IT systems resulting in 100% near real-time continuous monitoring activities ensuring compliance to Confidential, which aided in swift adjudication of authorization decision from AO.
• Spearheaded launch of customer service website feedback feature, providing faster resolutions of issues and problems and easier and more accessible customer ticketing system; generated 12 online sales during first 3 months.
• Developed a searchable database of customer records, providing easier access to customer histories and more accurate percentage discounting; saved an average of $35K annually.

Cyber Security Analyst

Confidential, Chevy Chase, MD

Responsibilities:

• Oversaw network vulnerability and risk assessments, identifying vulnerabilities and managed implementation of remediation and countermeasures to findings. Evaluated current system security posture, monitored activities and assessed security controls to minimize system weaknesses and vulnerabilities. Security improved and system capability increased significantly without negative impacts on total throughput.
• Coordinated security assessments and audits of major DSS IT systems integrating systems security, implementing continuous and network monitoring activities managing security control and Confidential compliance resulting in swift corrective action in addressing findings/issues/problems.
• Evaluated and monitored POA&M activities ensuring proper and timely remediation actions taken and all system security-related documentation was current and accessible to authorized individuals.
• Provided guidance and counsel to CIO and key members of leadership team, working closely with senior officials defining objectives for information security while building relationships and goodwill collaborating in analysis, devising solutions and gaining acceptance of recommendations suitable for leadership strategizing sessions.
• Managed integration of information security requirements in DSS SDLC ensuring security capabilities were built in federal information systems by organizing assigned tasks and plans. Recommended rapid prototyping approach for rollout of new IT system for incident tracking management and demonstrated viability through simultaneously security testing and rollout. Resulted in no downtime and product delivered before three weeks of scheduled due date and within budget.
• Led major improvements in organizational performance, resulting in improved morale and customer service: next three customer service surveys documented a 15% improvement in performance.
• Wrote original policies to C&A systems and programs and to improve overall information security; decreased timeline of C&A effort by streamlining critical processes and procedures.
• Expanded and improved information assurance and compliance programs; reduced non-compliance from nearly 50% to less than 20% across the agency within 6 months.