SUMMARY

• As an experienced IT/Cyber Security professional, I am seeking the position of a Managerial/Senior Consultant role in a reputable company to apply my skills and expertise to help achieve enterprise - wide information risk goals and objectives . I possess strong strategic planning skills along with decision-making and managerial skills. Proven ability to lead and direct, solve problems creatively, and make strategic decisions in fast-paced environments.
• I am an enthusiastic, self-motivated, energetic, and effective Cyber Security/ Information Assurance subject matter expert, constantly empowering my team members through coaching, motivation and guidance. I have vast experience in Information Security Risk Management with focus on FISMA and FedRAMP, System security evaluation, monitoring, Risk assessments and Audit engagements.
• Security Assessment & Authorization services (RMF/ NIST SP 800-*, FIPS 199 & 200), developing and testing SAP Documentation, evaluating NIST 800-53 r4 controls in compliance with (FISMA, Fed RAMP, HIPAA), performing Risk Assessments, Vulnerability Scanning/Management, Penetration testing, POA&M (Plan of Action & Milestones) Management and recommendations to secure networks and systems. Vast knowledge in Risk Management Tools (CSAM, Risk Vision-GRC Agiliance, Nessus/Splunk) and Software (Microsoft Office Tools).

PROFESSIONAL EXPERIENCE

Confidential, Chantilly, VA

Senior Information Assurance Expert- Lead

Responsibilities:

• Lead the performance of analytical changes based on client needs and work with clients to improve delivery of service. Develop strategies and processes in a cross-functional team to drive a higher level of service delivery across our global customer base.
• Enhance key relationships with clients during site visits, identifying gaps in their security strategy and facilitating enhancements to service while increasing customer satisfaction.
• Lead a team of Cyber Security/Information Assurance analysts and C&A members of the Continuous Readiness in Information Security Program (CRISP) project in the planning and deployment of a secure, collaborative IT environment for the Department of Veterans Affairs.
• Cultivate relationships with system stakeholders and internal resources to support time-sensitive security activities, integrating risk management into their daily activities for optimal enterprise wide risk objective while serving as a dedicated analysis point of contact for clients.
• Work closely with client’s System owners and security teams to oversee the preparation of a Comprehensive and Executive Certification & Accreditation (C&A) packages for Cloud systems; generate, review and update System Security Plans (SSP) against NIST 800-18 and NIST 800-53 requirements.
• Conduct verification and validation for information systems, products, and components and provide recommendations for new network architectures.
• Review Authorization to Operate (ATO) packages (SSP, RA, CMP, ISCP, DRP, IRP, PIA, and MOU\ISA) for both Cloud and FISMA systems and facilities using NIST publications.
• Lead POA&M teams to remediate vulnerabilities ranging from critical to low impact systems within various Veteran Affairs entities. Ensure all POA&M actions are completed and tested in timely fashion to meet client deadlines.
• Lead the development and delivery of information security risk related training and awareness programs covering cross-team coordination and communication, reporting procedures, security requirements, team-specific processes and individual responsibilities.
• Periodic travels to client sites to assist with pre-OIG task, remediate open and pending POA&Ms on systems that require mitigations and walk hand-in-hand with facility CIOs, ISOs, and IT staff to ensure controls remain in place, operate as intended, and produce the desired results.
• Risk Compliance Manager - Monitor and track remediation progress in Risk Vision GRC.

Confidential, Stafford, VA

Senior Information System Specialist

Responsibilities:

• Guided System Owners and ISSOs through the Certification and Accreditation (C&A) process.
• Performed information security risk assessments on key vendors based on type, service and weighted on risk, potential threats, vulnerabilities and exposures associated with confidentiality, integrity and availability of information
• Assisted in the development of information security, privacy, and data integrity processes and procedures in regards to all company policies, applicable laws, and regulatory requirements.
• Ensured that appropriate steps are taken to implement information security assurance requirements for IT systems throughout the System Development Life Cycle
• Monitored IT assets using logs from firewalls, servers, workstations, and other input points to assess overall security risks and possible exposure.
• Performed monthly vulnerability scans using Nessus to identify vulnerabilities and provide solutions for the systems.
• Conducted walkthroughs, formulated test plans and testing procedures, document gaps, test results, and exceptions and developed remediation plans for each area of testing
• Supported client’s Business Continuity Plan (BCP) and Disaster Recovery (DR) processes by evaluating resilience, recovery capabilities and risks inherent in their IT infrastructures for strategic purposes based on NIST Special Publications 800-34 series
• Orchestrated updates and changes in the client’s enterprise, and provided expert advice on how to effectively sustain full operational continuity to protect critical resources.

Confidential, Herndon, VA

Information Security Analyst

Responsibilities:

• Maintained and updated A&A package documentations, Risk Assessment Reports and evaluated existing documents and their accuracy
• Performed Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), e-Authentication with business owners and selected stakeholders
• Ensured that selected applicable controls for securing IT systems are in place and followed according to federal guidelines (NIST 800-53)
• Evaluated the design and operation effectiveness of system controls such as access controls, business process controls, key controls and IT general controls
• Involved in creating System Test & Evaluation (ST&E) documents and helped review and update existing ones for multiple information systems
• Performed comprehensive Security Assessment Controls (SAC) and wrote reviews of management, operational and technical security controls for audited applications and information systems
• Developed, reviewed and maintained Security Plan based on NIST Special Publications 800-18 series
• Created POA&Ms and developed mitigation strategies as required
• Conducted IT risk management steps in accordance with Federal guidelines and documented Key controls
• Developed Audit Plans and performed General Computer Controls testing of Information Security and Business Continuity Planning and Relationship with Outsourced Vendors
• Participated in security team meetings and rendered support to IT security office, which included ensuring appropriate steps are taken to implement information security requirements for all IT systems

Confidential

Network System Administrator

Responsibilities:

• Provided system administration support for Windows systems including servers, routers, switches and workstation upgrades, backup and disaster recovery monitoring and security administration.
• Performed daily, weekly, monthly maintenance, backups/restorative exercises, reviewing server logs for prospective issues, as well as ensuring that anti-virus software and security patches are routinely updated and functioning
• Troubleshot network device connectivity issues including IP addressing, DNS, gateway, and reverse proxy issues.
• Assisted in Architectural and implementing new Firewalls at different locations across the country for connectivity to replace aging firewalls in the production environment.
• Supervised the technical staff to troubleshoot complex issues faced by system users
• Ensured daily activities are aligned with Network operations priorities and objectives
• Prepared and delivered system performance statistics and reports weekly (disk usage, forefront reports)
• Supported and maintained network hardware, network operating systems and system applications
• Reviewed multiple computer systems capabilities, workflow and scheduling limitations in order to increase productivity
• Conducted meetings with IT teams to gather documentation and evidence about their control environment
• Documented test results, exception handling process and remediation plans