TECHNICAL SKILLS:

• PIA
• Risk Assessment Report
• System Security Plan
• Contingency Plan
• Emass
• ST&E
• NIST SP 800 - 53A
• Security Assessment Report
• POA&M
• NIST Risk Management Framework
• NIST 800-53
• NIST 800-53A
• NIST 800-30
• NIST 800-37
• NIST 800-34
• NIST 800-18
• FIPS
• FISMA
• ATO
• Microsoft Office Suite

PROFESSIONAL EXPERIENCE:

Confidential

Information Assurance Specialist

Responsibilities:

• Responsible for Federal Information Security Management Act (FISMA) compliance for the ongoing security authorization activities for over ten (10) systems in accordance with National Institute of Standards and Technology (NIST) 800 series (NIST 800-53A rev4 and 800-37 Rev 1) under Risk Management Framework (RMF).
• Assessed program and security controls using Organization IT Security Policy Handbook .
• Participated in security team meetings and rendered other support to IT Security office, which included ensuring appropriate steps are taken to implement information security requirements for all IT systems
• Responsible for monitoring compliance with information security policies by coaching others within the organization on acceptable uses of information technology and how to protect organization systems.
• Conducted the IT Risk Assessment and documented key controls.
• Investigated possible security breaches identified through review of audit reports and follows up accordingly with departments / management
• Performed annual security reviews and compliance self-assessments to ensure compliance for (5) applications.
• Managed and updated Plan of Action and Milestones (POA&M) to evaluate risk analysis and provide findings to record compliance, list vulnerabilities and schedule of completion of resolutions.
• Facilitate meetings between agency departmental heads band RMF team by PowerPoint presentation or conference call meetings.
• Develop system POA&Ms in response to reported vulnerabilities
• Ensure compliance with annual FISMA deliverables and reporting.
• Investigate any information technology or system security incidents
• Assesses and mitigates system security threats/risks throughout the program life cycle; determines/analyzes and decomposes security requirements at the level of detail that can be implemented and tested; reviews and monitors security designs in hardware, software, data, and procedures,
• Perform system certification and accreditation planning and testing and liaison activities; supports secure systems operations and maintenance.
• Perform security engineering analysis, risk and vulnerability assessment, etc. Monitor and analyze security functional tests. Prepare C&A documentation such as SSP, SCONOPS, ST&E reports, etc.

Confidential

Information Security Analyst

Responsibilities:

• Ensure that assigned information systems are operated, maintained and disposed of in accordance with approved security policies and practices
• Ensure that system security requirements are addressed during all phases of the IS lifecycle.
• Develop and maintain SSPs and all other system security documentation, reviewing and updating them at least annually for all assigned systems
• Author or coordinate the development of other required system security plans: Configuration management (CM), Contingency Plan (CP), Continuity of Operations (COOP), Disaster Recovery Plan (DR) and Incident Response Plan (IRP).
• Created C&A presentations for System Owners, Project Managers, System Engineers and other stake holders to achieve an authorize to operate (ATO) using Microsoft Word, Excel, Power Point, Visio and Project.
• Performed Security Assessment and Authorization (A&A) process based on FISMA guidelines and compliance using NIST 800-53 as a guide.
• Develop and maintain Plan of Action and Milestones (POA&MS) of all accepted risks upon completion of Assessment and Authorization (A&A) process to satisfy NIST requirement.
• Held kick-off meeting with CISO and systems stakeholders prior to assessment engagement.
• Conducted audit interviews, control testing for (800-53) to create and produce Security Assessment and Risk Assessment.
• Determine security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).
• Conducted risk assessments regularly; ensured measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37
• Perform system certification and accreditation planning and testing and liaison activities; supports secure systems operations and maintenance.

Confidential

Administrative Specialist

Responsibilities:

• Prepares, reviews, interprets, compiles, and analyzes a variety of complex information, data, forms, records, business correspondence, budget information, and/or reports; makes recommendations based on findings.
• Coordinates day-to-day office operations which includes preparing Board agendas; taking meeting minutes; monitoring an operational budget; and performing related duties.
• Drafts and types a variety of business documents, including letters, memos, contracts, and/or other related documents. Utilizes desktop publishing.
• Responds to requests for information, in person, via e-mail, and over the phone; takes and transmits messages; answers department questions and provides information; directs visitors to appropriate locations.
• May prioritize and assign work to student workers and/or part-time staff; monitor the performance of staff; and train students and/or staff on work methods and procedures