SUMMARY:

• Over 14+ years of combined experience in Business Analysis, Information Assurance (IA), and Information Security ( Confidential ) across numerous vertical markets, enterprise and agency - wide projects.
• Work experience include IT Security Strategic Planning, Information Assurance (FISMA, Confidential ), Security Authorization (C&A), security architecture review, security assessments, policy formation, e-discovery, vulnerability assessment, change management, technical and process documentation, presentations, project management, portal design, and Business Process Modeling/Management (BPM).
• Managed IV&V assessment to assist federal government agency with being the first to authorize MS Office 365 EaaS in full compliance with FedRamp mandates.
• Conducted Business Analytics to include: research, development, communication and implementation of IT plans and processes, assessment and recommendation of IT “best practices” that support business and technology strategies, defining future business/technical environments review and analysis of business systems and user needs using Six Sigma/DMAIC and, SIPOC.
• Ensured federal clients met their Federal Information Security Management Act (FISMA) and Office of Management and Budget (OMB) requirements while increasing productivity, reducing costs and achieving organizational objectives.
• Experience with (but not limited to) Raven Flow, MS Office, MS Project, MS VISIO, Enterprise Architect, GFI Languard, NESSUS, NMAP, Appian Enterprise BPM, BEA Weblogic BPM.

PROFESSIONAL EXPERIENCE:

Cybersecurity SUBJECT MATTER EXPERT

Confidential

Responsibilities:

• Maintain Confidential system boundaries’ ATO and security documentation.
• Analyze, track and report information system vulnerabilities and work with system stakeholders for remediation.
• Manage and report Confidential information system’s Plan of Action and Milestones.
• Manage and report Confidential risk acceptance waiver and exception process in support of the Confidential .
• Develop Confidential risk acceptance waiver and exception SOP.
• Conduct system Security Impact Analysis (SIA).
• Review and recommend approval for Confidential information systems going through the Enterprise Architecture Review Board (EARB) process.
• Support Confidential with EARB review process.
• Perform as-needed ad-hoc information security requests in support of the Confidential .

FISMA Cybersecurity SUBJECT MATTER EXPERT

Confidential

Responsibilities:

• Assisted with development of Confidential security authorization and assessment process flow.
• Manage system access, approval and authorization process for the departments Cyber-Security Assessment Management tool (CSAM).
• Manage CSAM Inquiries and Troubleshooting Process (CSAM SME).
• Development of CSAM Contingency Plan.
• Assisted with CSAM Recovery Process and Annual Contingency Plan Testing.
• Update and development of Confidential Common Controls in accordance with Confidential 800-54 Rev-4.
• Assisted with development and update of Confidential Standard Operation Procedures Confidential guide for security authorization and assessment activities.
• Assisted with development of intranet website for Confidential agencies to obtain pertinent information about: Confidential, CSAM Online Assistance, Contingency Planning Templates, PII, Contacts, etc.
• Development/update of CSAM User Access and System Profile request documentation in order to streamline request process.
• Manage Confidential system retirement process to ensure compliance with Confidential guidelines regarding the decommissioning of enterprise systems.
• Developed/Finalized Helpdesk ticketing system process flow in order to streamline CSAM access requests. This also includes working with Confidential ASOC to develop ticketing system using Identity Manager.

SR Information ASsurance Analyst

Confidential

Responsibilities:

• Manage and perform security authorization and assessment activities for the Confidential Office of the Inspector General ( Confidential ) information systems.
• Analyze, track and report information system vulnerabilities and work with system stakeholders for remediation.
• Manage and report information system’s Plan of Action and Milestones.

Sr Security Compliance support specialist

Confidential

Responsibilities:

• Manage and expand Office of Biometric Identity Management’s ( Confidential ) Incident Response Program by developing a structured process and investigative techniques.
• Conduct policy compliance monitoring of federal and contract staff in support of Confidential Rules of Behavior enforcement. Identify violators and issue warnings.
• Conduct security configuration analysis of all configuration changes proposed for Confidential ’s highly sensitive biometrics Identity management system (IDENT). Assure configuration changes do not compromise confidentiality, integrity, and availability for this system.
• Analyze and track enterprise system Change Requests (CRs) through Confidential ’s Change Advisory Board (CAB) process.
• Development of Confidential Media Sanitization and Verification Directive.
• Development of Confidential Chain of Custody Directive.
• Other responsibilities include FISMA support.

Information system security representative

Confidential

Responsibilities:

• Assist the Information System Security Manager (ISSM) in ensuring that Information System Security Officers ( Confidential ) are following customer and Federal information assurance policies and guidelines for securing information systems.
• Act as liaison between ISSM and Confidential in ensuring day-to-day information assurance policies and guideline are followed by Confidential .
• Ensure all Information Systems (IS)s are operated, maintained, documented, and disposed of in accordance with security policies and practices outlined in the customer's Certification and Accreditation (C&A) handbook.
• Respond to Electronic Communications (ECs) for waiver and exception requests to policy and procedures.
• Ensure that all users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before they are granted access to the IS.
• Initiate protective and corrective measures when a security incident or vulnerability is discovered.
• Ensure Configuration Management (CM) compliance for security-relevant IS software, hardware, and firmware is documented and maintained.
• Support site certification/accreditation activities throughout the C&A process.

Primary certifier

Confidential

Responsibilities:

• Provides IT security consulting to information system security officers ( Confidential ) and system owners for, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans; and other related certification and accreditation documents
• Work closely with ISSOs to navigate the TSA Certification & Accreditation process and produce all appropriate accreditation documentation.
• Identify, develop, track and mitigate outstanding plan of action and milestone (POA&Ms)
• Responsible for development of ST&E reports, Security Assessment Reports, Vulnerability Assessments and POA&M mitigation strategies.
• Worked with project stakeholders and system SME’s to guide them through all phases of the certification and accreditation process.