Highly motivated information security professional, who is able to work independently with little to no supervision. Excellent skills in reviewing and implementing internal control procedures to protect and prevent unauthorized access to information and mitigate risks.
Information Assurance Analyst
Confidential, Fairfax, VA
- Facilitate kick off meetings with System application owners, and all stakeholders prior to security assessment to collate pertinent information systems according to Confidential requirements.
- Perform the FIPS 199 Security Categorization using the Confidential 800 - 60 Vol.1 Rev1 as Confidential guide to select the provisional impact level assigned to the Confidentiality, Integrity and Availability (CIA) based on the information type.
- Implemented appropriate security controls for information system based on Confidential 800-53 rev 4 and FIPS 200.
- Participate in the system authorization process by working with the key stakeholders to create complete and accurate Risk Management Framework (RMF) packages.
- Led in the development of Privacy Threshold Analysis (PTA) and Privacy Impact Analysis (PIA) by using Confidential privacy handbook, and also working closely with the Information System Officers (ISSO's), the System Owners (SO), and the Information Owners (IO).
- Conduct Security Test and Evaluation ( Confidential & Confidential ) using Confidential 800 53A. Rev 4 and develop supporting documentation to the result based on security control requirement.
- Support Security Assessment and Authorization ( Confidential & Confidential ) activities by preparing the complete Confidential package for the authorization official to make accreditation decision.
- Review and update System Security Plans (SSP) using the Confidential 800-18 as Confidential guide.
- Collect, review, and update, and maintain IT Supporting artifacts.
- Perform security assessment of the Federal systems and applications by using Confidential 800-54A Rev.4 as guidance for current federal directives and policies.
- Ensure that system documents are created for POA&Ms and approved by ISD no later than 60 days prior to POA&M expiration.
- Provide reporting on POA&M remediation for all systems upon request using the XACTA tool as repository for all POA&M documents.
- Worked with system owners to develop, test, and train on contingency plans and incident response plans.
- Tested, assessed, and documented security control effectiveness.
- Reviewed and updated remediation on POA&M using cyber security assessment and management (CSAM) as Confidential tool.
- Worked with system administrators to resolve POA&Ms by gathering artifacts, creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M.
- Conducted security assessment interviews to determine the security posture of the System and to develop Confidential security Report (SAR) in the completion of the Security Test and Evaluation ( Confidential & Confidential ) questionnaire using Confidential SP 800-53A required to maintain Company Authorization to Operate ( Confidential ), the Risk Assessment, System Security Plans, and System Categorization.
- Reviewed, maintained, and ensured all assessment and authorization ( Confidential & Confidential ) documentation is included in the system security package
- Ensured vulnerabilities and risks are efficiently mitigated in accordance with the organization monitoring plan.
- Collaborated with ISSO colleagues on the planning and implementation of enhancements to the system's risk management processes.
- Performed vulnerability assessment by compiling and analyzing scan (Nessus) results for weaknesses and vulnerabilities and recommend remediation processes to the identified weaknesses and vulnerabilities.
- Performed FISMA continuous monitoring related activities.
- Managed POA&M for accuracy and currency.