SUMMARY:

An Information Security Analyst with vast experience in Managing and Protecting Enterprise Information Systems, Network Systems and Operational processes through Information Assurance Controls, Compliance Verifications, Risk Assessment, Vulnerability Assessment in accordance with NIST, FISMA, OMB and industry best Security practices.

SKILL:

• Strong skills in Corporate Security Control Assessment (Information and Physical Security)
• Experience in Identity Access Management.
• Organization, problem solving and communication skills.
• Motivated to tackle challenging problems; have excellent organizational skills; be able to work meticulously with careful attention to detail; strong customer collaboration skills.
• Auditor for ISO 27001 Information Security Management System conformity.
• Experience using MS office tools such as Excel, Word and Visio.

PROFESSIONAL EXPERIENCE:

Information Security Analyst

Confidential, VA

Responsibilities:

• Conduct kick - off meetings to collect systems information and categorize systems based on NIST SP . Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort
• Identify key stakeholders in A&A efforts and ensure system documentation reflect current system security configurations including hardware and software components, data flow, interconnections, and ports, protocols, and services.
• Develop Security Assessment Plan (SAP) to initiate Security Assessment for low, moderate and high control information systems.
• Interview ISSOs, System Owners System Engineers and review existing system documentations in order to make an objective assessment if the system complies with established standards.
• Put together Authorization Packages (SSP, POA&M and SAR) for Information systems to the Authorization Officer.
• Conduct FISMA compliant security control assessments to ascertain the adequacy of management, operational, technical privacy controls. Communicate the security posture of systems through designated reporting mechanism
• Identify potential risks associated with system configurations and advise on mitigation strategies by working with Security engineering to review vulnerability using Nessus.
• Conduct Security Control Assessment on General Support Systems (GSS), Major Applications and Systems to ensure that such Information Systems are operating within strong security posture.
• Develop, review and update Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with NIST, FISMA, OMB, NIST SP and industry best security practices.
• Perform Privacy Impact Analysis (PIA), System Security Test and Evaluation ( Confidential &E) and develop Plan of Actions and Milestones (POA&M). Document residual risks and provide the cybersecurity risk analysis and mitigation determination results
• Designate systems and categorize its C.I.A using FIPS 199 and NIST SP .
• Develop policy and procedural controls relating to Management, Operational and Technical Controls for the Organization.
• Update IT security policies, procedures, standards, and guidelines according to department and federal requirements.
• Carry out continuous monitoring after authorization (ATO) to ensure continuous compliance with the security requirements of the information systems.
• Reviewed Functional roles of users or groups with Resource Managers to obtain feedback and approval.
• Provide Information Security related recommendations regarding client information system infrastructure components (communications, physical security, data access, computer hardware/software and data confidentiality, integrity, and availability).
• Assist with reviews of current and new systems and applications, including changes to existing applications/systems, to assure compliance with Information Security policies and standards.
• Familiar with NIST publications, specifically RMF and NIST controls
• Familiar with dealing with defense-in-depth, and other information security and assurance principles and associated supporting technologies

Information System Security Analyst

Confidential, MD

Responsibilities:

• Conducted kick-off meetings to collect systems information and categorize systems based on NIST SP .
• Developed security control baseline and tested plan used to assess and implement security controls.
• Created and updated the following Security Assessment and Authorization (SA&A) artifacts; FIPS 199, Risk Assessments Report (RAR) Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), Contingency Plan, Security Test and Evaluations ( Confidential &Es), E-Authentication, Plan of Action and Milestones (POA&M).
• Assisted to develop and implement detailed test plans and review findings from self-assessments to determine readiness for independent validation and verification (IV&V) assessment
• Met with the system team to collect evidence, developed test plans and procedures and documented test results.
• Designed and conducted walkthroughs, formulated test plans, tested results and developed remediation plans for each area of the testing.
• Conducted FISMA compliant security control assessments to ascertain the adequacy of management, operational, technical privacy controls.
• Examined event logs for irregularities. Identified irregularities are then reported as incidents. The incident response is then initiated to mitigate these irregularities.
• Involved in security incident management in order to mitigate or resolve events that have the potential to impact the confidentiality, availability, or integrity of information technology resources.
• Created and maintained security metrics in order to help senior management to make decisions.
• Experience in regulatory compliance (PCI, GLBA).

Helpdesk Support

Confidential, Maryland

Responsibilities:

• Proficient technical skills in Windows and Microsoft applications.
• Perform Software/Hardware installation, Maintenance, repair, and update.
• Installed and configured Microsoft Office Suites on multiple machines.
• Installed, configure, and maintain desktop systems, copy and scan documents.
• Provided support to internal and external teams in gathering evidence to validate information system security controls.

Financial Auditor

Confidential

Responsibilities:

• Plan financial audits by understanding organization objectives, structure, policies, processes, internal controls, and external regulations; identifying risk areas; preparing audit scope and objectives; preparing audit programs.
• Assess compliance with financial regulations and controls by executing audit program steps; testing general ledger, account balances, balance sheets, income statements, and related financial statements; examining and analyzing records, reports, operating practices, and documentation.
• Assess risks and internal controls by identifying areas of non-compliance; evaluating manual and automated financial processes; identifying process weaknesses and inefficiencies and operational issues.
• Complete audit work papers and memoranda by documenting audit tests and findings.
• Communicate audit progress and findings by providing information in status meetings; highlighting unresolved issues; reviewing working papers; preparing final audit reports.
• Update job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
• Applied Legislative Acts in conducting Payroll Audit and report on deviations and variances.
• Perform Procurement Audit to establish whether public institutions followed Public Procurement Act in acquiring goods and services.
• Analyze key finance performance indicators/trends, to establish financial benchmarks of acceptable performance and comparing the actual results to budget and recommend remedial actions.