SUMMARY:

• IT Security, Assurance, Audit and Business Professional; 15+ years professional experience
• Provide IA Security and Risk Advisement using the Risk Management Framework
• Prepare, review, update and maintain IT Security supporting artifacts like SSPs, A&A, implementing NIST (800 - 37, 800-53), OMB, FISMA, best practices and Enterprise Cyber-Security policies & procedure
• Create all security documents required to complete all NIST Risk Management Framework (RMF); update security documentation and establish and execute POA&Ms.

PROFESSIONAL EXPERIENCE:

Information System Security Officer

Confidential

• Perform as Information System Security Officer (ISSO) to provide senior information assurance, security specialist and risk advisor work using the Risk Management Framework.
• Certification and Accreditation (C&A) process and Systems Security (SSP) plan development; document control, compliance reviews, tracking, continuous monitoring and assembling C&A packages.
• Splunk Enterprise implementation project/SIEM tools
• Execute technology risk assessments and demonstrating strong knowledge and industry best practices/frameworks (NIST, COBIT 5, ISO 27002) for IT processes - cyber/information security, technical privacy, technical resiliency and business continuity, incident/problem management, data management, configuration/change management, and systems development/deployment (SDLC), for technology platforms and solutions (Cloud Computing, Unix/Linus, Oracle, Windows, etc.).
• Demonstrated use of security principles; risk assessment policies and standards; information security best practices, products and technologies; and network technologies, control design assessments, identify key risks, controls and gaps, and process efficiencies while delivering documentation of the process and controls in narrative form, supporting flow diagram, and mapping of risks and controls.

Information System Security Officer

Confidential

• Perform as Information System Security Officer (ISSO) to provide senior information assurance, security specialist and risk advisor work using the Risk Management Framework. Prepare, review, and/or update, and maintain IT Security supporting artifacts including System Security Plan (SSP) and other Authorization and Accreditation documents. Review and provide comments on, and implement NIST (including 800-37, 800-53), OMB, FISMA, best practices and Enterprise Cyber-Security Division IT security policies, procedures, & other authoritative IT security guidance. Implement/support Continuous Monitoring Plan & Strategy Plan.
• Create all security documents required to complete NIST Risk Management Framework (RMF) steps 1, 2 and 3. Update security documentation throughout NIST RMF step 6. Establish plans of action and milestones (POA&M) and manage remediation. Generate POA&M reports.
• Determine the classification of information systems and advice stakeholders on status as a major application, general support systems, minor application or subsystem. Ensure that security requirements for the assigned major application or general support system are being. Report IT security incidents in accordance with established procedures.
• Plan, develop, implement, and maintain an Incident Response and Audit Program for events of interest and address POAMs in continuous monitoring; utilize XACTA.
• Provide IT security guidance to Authorizing Officials, Information System Owners, and the Contracting Officer's Representative and work with various stakeholders including IT Support teams and business owners and users.
• Plan, schedule, coordinate, prepare, execute, document the results of test plans and test scripts, and provide lessons learned for incident response, contingency, and continuity of operations drills, exercises, and activities. Plan, coordinate, support, and assess system vulnerability (Nessus and Web Inspect) scans and assessments, and assist in completing remedial actions.
• Provide IT System Security consultation for major application change/development efforts, as required, including but not limited to, attending meetings with development.
• IT Security Analyst Consultant - wrote IT Policy. Working as part of NCI/Computech Security Team to drive security initiatives for modernization of Information Systems, focusing on Cyber Security policy and IT Principles and Practices in developing, delivering and supporting.
• Assess and align documentation including SOW’s for adherence to FISMA, OMB Circular A-130, NIST 800-37, NIST FIPS 200, NIST 800-53 and other NIST SP’s as well as ITIL and CMMI implementation for information assurance. Review and promote Risk Management Framework. Interim Public Trust Clearance.

SECURITY Consulant

Confidential

• C&A (Certification and Accreditation) Senior Consultant in Security Assessment and Authorization Team conducting Security Authorization packages in compliance with NIST 800-53 for system security plans (SAP), security assessment reports (SAR), Plan of Action and Milestones (POAM) summaries and a continuous monitoring plan/assessment schedule and present executive briefing to the client management.
• Ensure security risk assessments are conducted as appropriate on any system upgrades, software/hardware changes for security controls to cost effectively mitigate risk and protect information, and processes. Audit Notification of Finding and Recommendation are documented and agreed upon with entered into CSAM as a (POAM).
• Ensure Component system appropriate milestones, accurate description of the weaknesses and remediation, task owners, estimated cost to completion and realistic due dates across control families including risk assessment, disaster recovery and business continuity.

IT AUDITOR

Confidential

• Consultant working as part of KPMG Team to conduct Audit Readiness for Department of Navy (DON) FMO (Financial Management Office) information systems by assessing FISCAM IT Controls for application, database and operating system levels conducting audit tests of design and effectiveness. Interim Secret Clearance.
• Assess controls for Security Management, Access Control, Change Management, Segregation of Duties, Contingency Planning, Business Process, and Interface Controls. Perform Scoping, Guidance for audit Process, Planning, /Testing and Reporting, Walkthroughs, Document and Meeting Requests Lists, Work papers, Test of Design and Test of Effective, System of Understanding Document (SUD), Technical Report, Issues Tracking and Corrective Action Plans (CAPs.)

Management Consultant

• IT Project Manager ( Confidential ) - Project management & coordination with vendors for Disaster Recovery Infrastructure setup - move, installation and test. Business Continuity Planning documentation and DR systems implementation.
• IT Project Manager ( Confidential ) - Project management of IBM GERS (Travel and Entertainment) updates; working with vendor (IBM) and international staff to drive implementation for various worldwide locations including Australia & Europe.
• IT Project Manager ( Confidential ) - 2 month engagement - Implementation for SALESFORCE platform using Agile/SCRUM principles including Agile testing approach (daily sprints, sprint review meetings, sprint retrospective meetings) for credit operations project. Achieved getting project back on track in agreement with business stakeholders & IT Governance, PMO, SDLC.

IT Project Manager E - Trade

• Lead various IT & business teams through SDLC - scope, system/business analysis, technical integration & design, development, deployment of software application systems, and manage & document all project activities throughout all phases of the SDLC; using Agile and traditional waterfall methodologies.
• Assist in development of IS policies and procedures to address risk assessment and resiliency.
• Prepared business cases and justifications for resource requirements to support IT program development, testing & training. Ensure IT Governance & controls. Reporting for project portfolio.
• Work with all related IT (including engineering, network, SAN storage, Disaster Recovery, DBA’s) & Business teams (Trade Desk, Accounting, Settlements, Finance, Legal, HR) to plan, schedule & drive project tasks/milestones to completion.
• Manage all project deliverables, lead meetings and keep teams accountable to deliver on schedule. Report project status with timely communication to all team members, business owners, stakeholders. Collaborated with Technology Manager and IT domains to generate IT solutions.
• Work across IT cross-functional groups to ensure database build; drive migrations; CITRIX/Softgrid packaging & OOB and customized upgrades. Coordinate system testing functions. BCP escalation and mitigation & DR exercises.
• Also as part of Corporate PMO, Manage/coordinate program budgets, forecasts, tasks, schedules, and change management to support effective program decisions.
• Key projects include assessment of end-to-end IT Broadbridge implementation solution; CRM and ERP solutions and SAS to Oracle conversion; AGILE/Scrum implementation for regulatory compliance projects. Offered production support & service management for applications & web based portals. Led daily resolution meetings, monitored change requests, tickets and e-mails.
• Resolved issues between IT teams & business users; reviewed contracts and managed SLA’s. Established & maintained relationships w/ vendors & stakeholders. Work with external vendors & internal business teams on cross project dependencies and schedule coordination.

CONSULTANT (ASSOCIATE DIRECTOR)

Confidential, Washington, DC

• Provided interim support primarily to Fortune 1000 companies during critical times of need.
• IT Risk Management, IT Audit Consulting Services, & Project Management, - SOX Controls Testing, IT Controls, SDLC reviews and IT Governance for new enterprise-wide web based application for higher learning institution; ERP - PeopleSoft, Oracle, Oracle Campus Solutions & existing legacy systems/Great Plains.

SR. IT AUDITOR / SR. PROJECT MANAGER

Confidential

• Reduced G&A/project costs by 20% without increasing headcount or jeopardizing quality customer service & reporting. Signed off certifications/reviewed transactional accounting for financial reporting/attestation. Managed eight direct reports and 50 contractors; staff & career development & performance evaluations. Managed project budget for system releases for software development over financial reporting. Conducted oversight of SOX process for security access.
• Implemented upgrades to restatement and get current accounting systems on schedule, as Project Manager for operational aspects of ongoing projects, serving as liaison between project management, project team and business unit management. Enhanced problem solving - conveyed business requirements in representing business users by analyzing & critiquing systems development and database design, user-interface, & system generated reports. Oversaw developer code. Managed IT staff testing efforts - Ensure quality via testing - User Acceptance Testing (UAT), unit, parallel, performance and regression testing. Coordinated DR exercises for unit.
• Developed and executed project plans & status reports. Ensured IT compliance for system projects; IT Asset Management & vendor contract compliance and FHFA & HUD compliance.
• Recognized as Subject Matter Expert for (SDLC). Successfully conducted audit plans - performed design assessments, audits of information technology systems, identified inherent risk/controls, wrote audit procedures, ensured compliance with standards, assessed risk exposure. Coordinated work assignments & reviewed work papers: SOX, COBIT, COSO, FFIEC, FISMA, SAS 70, NIST 800-53, ISO for IT Governance, application development, access & application controls, info security, contingency planning/disaster recovery for MHA/ HASP / HAMP program.

AUDIT MANAGER

Confidential

• ‘Hit the ground running’ Consultant at Confidential - Performed quality IT SOX reviews & ‘walkthroughs’ for internal controls engagement. Evaluated documentation for Change Management evidence- compliance with section 404-Sarbanes Oxley; achieved year-end goal. Researched/created planning materials/proposals for procurement & contract participation.
• Audit Team Lead for Department of Veteran’s Affairs (VA) engagement which was 2 months late. Lead compliance reviews- internal control structure at 4 national VA centers for Funds Management. Conferred with client management & staff; planned nature, timing & testing procedures to provide assurance of compliance with regulations/internal policies. Tested internal controls as designed and operating effectively over financial reporting for OMB Circular A-123, Mang’s Responsibility for Internal Control. Reviewed work papers of cash receipts & disbursements, certifying officials, SF-224 and FMS 6652, GOALS - OMB A-123, Appendix A; (FFMIA), SAS 70, and GAO’s Standards for Internal Control in Federal Government, (JFMIP), CFO Act, CAS, FAR. Successfully completed engagement, documentation and reports before tight fiscal year-end deadline.

SR. PROJECT MANAGER

Confidential, McLean, Virginia

• Developed & monitored strategies to achieve project goals; recommended actions as People Manager for the Rules Management Team who used Ilog rules engine for Confidential Project Enterprise Selling System for prompt loan delivery to external customers. Managed schedules & resource allocation, status reports, deliverables of UAT, developers - reviewed code in FoxPro, SQL and other DBMS databases, also oversaw QA, IT and production support. Built business area partner relationships. Achieved critical year-end IOP; cut delivery time to customers by 15%.
• Awarded Encore Award for demonstrating leadership effective behaviors. Coached/led eight FTEs & matrix staff; conducted objective setting, performance assessments, made hire decisions. Handled procurement, space & technology needs; led communication/presentation needs & prepared Disaster Recovery Planning and participated in exercises. Documented BCP Strategies.
• Conducted SOX Compliance Activity: performed Risk Control Matrix, narratives, key controls, test plans, workflows, & documentation. Tracked performance measures-Business Performance Management Reports, KPIs, KRIs, Flash reports, risk and compliance metrics. Managed dept’s internal controls, implemented documented processes & procedures. Owned risk items - developed remediation for deficiencies & action plans, followed items through to resolution.
• Managed corporate consolidation for budgeting & forecasting for $700 million G&A Budget. Monitored and ‘rolled up’ the individual divisions & corporate results for initiatives and core/baseline operations across Lines of Business. Tracked all initiatives from strategy through phases and implementation to close via monthly and quarterly reviews. Provided CFO recommendations & worked with director to re-prioritize initiatives. Supervised budget analysts and PeopleSoft Accounting entries.
• Policy expert - spearheaded review of Finance division projects in compliance w/GAAP: SOP 98-1 & FAS 86 for computer software. Identified 10% accounting journal entries requiring correction. Drafted corporate cost accounting policy; received favorable assessment by Internal Audit for internal controls. Streamlined quarterly G & A activity based costing models.