SUMMARY:

About five years of Cybersecurity and Information Assurance experience with unique combination of passion in security, project development and management, research, interdisciplinary team management concepts and practice privacy. Concentrations on enterprise Security Risk Management with in - depth knowledge in, implementing and auditing Information Systems. Versed with Health Information Management, Healthcare Risk Management, Project Management, OSHA for healthcare and HIPAA Security. Provide security solutions for Data and Networks using best practices and customized solutions. Knowledge of DoD Information Assurance 8570 including, FISMA, NIST, STIGs, DHS-RMF, FedRAMP, DHS4300.

TECHNICAL SKILLS:

Operating Systems: Unix-Based Systems (Solaris, Linux, BSD); Windows (all)

Networking: LANs, WANs, VPNs, Routers, Firewalls, TCP/IP

Software: MS Office (Word, Excel, Outlook, Access, PowerPoint), CSAM (Certified Software Asset Manager), SharePoint application

Programming Language: HTML

PROFESSIONAL EXPERIENCE:

Confidential Washington, DC

Environment: Accreditation and Authorization.

Information Security Analyst

Responsibilities:

• POA&M (Plan of Action and Milestones) management, POA&M Aging Report metrics development, creating charts/graphs depicting trends for Information Security Continuous Monitoring efforts, Vulnerability and Compliance POA&Ms.
• Develop and update documents for Major Applications and General Support Systems such as ROB, AU, AT, CP, CPT, IR, MP, AC, PTA, PIA, RTM, Risk Assessment, E-Authentication Questionnaire, Disaster Recovery Plan, Disaster Recovery test Results, Security Test and Evaluation (ST&E) Plan, Incidence Response Plan/SOP, Data Management Plan, Account Management SOP, Incidence Response SOP, IR Test/exercises, etc.
• Familiar with NIST SP 800-37 (RMF), SP 800-53, and NIST SP 800-53A, FIPS 199, NIST SP 800-60 Vol 2, NIST SP 800-18 (SSP), NIST SP 800-30, NIST SP 800-137 (Continuous Monitoring)
• PowerPoint presentation of security updates to Federal Client, writing and distribution of meeting notes, participate in face-to-face discussions of security posture with customer.
• Maintain awareness of cyber trends, threats, and vulnerabilities
• Support security assessments (continuous monitoring activities) of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities.
• Familiar with the Security Technical Implementation Guide (STIG) and Security Readiness Review (SRR)
• Develop and maintain security accreditation artifacts to include the Security Requirements Traceability Matrix (SRTM), System Security Plan (SSP), Security Impact Assessments (SIA), and others.

Confidential

Environment: Accreditation and Authorization.

Cyber Security Analyst Senior

Responsibilities:

• Develop system security plans (SSPs) under guidance of NIST Framework
• Manage project FISMA Plan of Actions & Milestones (POAM) and associated activities
• SIAs- Security Impact Assessments- determine the extent to which changes to the information system will affect the security state of the system, etc.
• Provide significant input during the annual risk assessment and audit planning processes
• Participates with the client in the strategic design process to translate security and business requirements into technical designs
• Support security assessments and audits. Maintains awareness of cyber trends, threats, and vulnerabilities
• Supports audits and third-party assessments by providing evidence and artifacts
• Promote awareness of security issues among management and ensures sound security principles are reflected in organizations’ visions and goals
• Develop and implement SOPs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures.

Confidential, MD

Environment: Accreditation and Authorization.

Security Control Analyst

Responsibilities:

• Provide extensive knowledge of the US Government Information Assurance Security Processes for healthcare systems.
• Familiarity with the Security Technical Implementation Guide (STIG) and Security Readiness Review (SRR)
• HIPAA Security Mapping to NIST SP 800 53 Rev 4 Controls
• Provide comprehensive advice to assigned departments regarding compliance risks with respect to Federal and State regulations and contract provisions.
• Conduct security assessments of system security plans to help ensure that plans provide security controls for information systems that meet stated security requirements.
• Conduct comprehensive assessments of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls.
• Experience utilizing CSAM (Cyber Security Assessment and Management) tool.
• Ensure compliance of security configurations for IT systems and aid in providing clear and concise processes and procedures for the implementation and enforcement of system security configurations.
• Support the risk management process by helping to determine and assign risk impact ratings in accordance with standard guidelines and methodologies and by aiding in the development and maintenance of Plans of Action and Milestones (POA&Ms) for IT systems identified in the Risk Management Framework (RMF) process and annual security assessments of IT systems.
• Obtaining assessment evidence by interviewing personnel, reviewing artifacts, and executing testing procedures
• Provide assessments of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities and prepare the security assessment reports containing the results and findings from system security assessments.
• Knowledge of Information Assurance policies and procedures, and processes.
• Communicate with the system owner, senior leadership, and developer regarding security considerations of the system engineering life cycle
• Develop and maintain security accreditation artifacts to include the Security Requirements Traceability Matrix (SRTM), System Security Plan (SSP), Security Impact Assessments (SIA), and others.

Confidential, Baltimore MD

Environment: Network Security.

Information Assurance Analyst

Responsibilities:

• Provide Information Assurance support to the Information Assurance Division (IAD) and Certification and Accreditation Branch (CAB)
• Develop security accreditation documents and artifacts to include the System Security Plan, Continuity of Operations Plan (COOP), Computer Network Defense and Incident Response.
• Register the systems to make sure that they are FISMA compliant and support the RMF process for C&A.
• Support C&A process by making sure systems are properly developed and maintain as required.
• Conduct Risk assessments at client sites as recommended.
• Register ports and protocols in the Ports and Protocols System Management (PPSM).
• Manage system Plan of Actions and Milestones (POA&M) including the drafting of expectations and waivers as appropriate
• Conduct assessments of system safeguards and controls and respond to external audits as required
• Interview system administrators and support personnel to extract system functionality narratives.
• Control, label, virus scan and appropriately transfer data (upload/download) between information systems at varying classification levels
• Conduct research and perform security analysis on the impacts of system designs, modifications, and technological initiatives.
• Write and validate NIST 800-53Rev 4 control responses based on system documentation