We provide IT Staff Augmentation Services!

Information System Security Officer Resume

Washington, DC

Hire Now

SUMMARY:

  • A Cyber Security Analyst/Information Security Analyst, with exceptional experience looking for an opportunity, that will not only utilize my knowledge but also give me an opportunity to grow in the knowledge of leading - edge technologies.
  • Excellent problem-solving ability.
  • Excellent communication skill (oral and writing).
  • Managing multiple projects simultaneously.
  • Team player and a quick learner.
  • Expert in risk management and mitigation.
  • TI systems Administration.
  • Knowledge of Microsoft word, Power Point, Publishers and Excel and Visio.
  • Involved with the planning and engineering an enterprise infrastructure.
  • Experienced in Service Now and HP Service Manager Ticketing Systems.
  • Experienced in Federal Government Contracts.
  • Understanding of FISMA standards and the Certification and Accreditation Process and have developed appropriate documents
  • Experienced in documentations.
  • Experienced with ticketing tools.

PROFESSIONAL EXPERIENCE:

Confidential, Washington DC

Information System Security Officer

  • Conduct IT-Security standards/compliance audits and assessments using NIST, RMF (Risk Management Framework).
  • Create and disseminate monthly security reports and trend analysis to the CISO.
  • Create a security dashboard for executive stakeholders to utilize for accurate and up to date incident response information on demand.
  • Developing and updating security authorization packages in accordance with the client’s requirement and compliant with FISMA.
  • Drafting and updating Core documents such as the System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan.
  • Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
  • Develop and maintain the Plan of Action and Milestones and support remediation activities.
  • Validate that protective measures for physical security are in place to support the systems security requirements.
  • Developing, coordinating, testing and training on Contingency Plans and Incident Response Plans.
  • Support Incident Response and Contingency activities.
  • Perform security control assessment in using NIST 800-53A guidance.
  • Conduct Independent scans of the application, network and database (where required).
  • Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner.
  • Draft Organizational policies, SOP&s and guidelines.
  • Assess security controls through document reviews, interviews and tests to ensure compliance with FISMA and NIST standards.
  • Working knowledge of duties required implementing information security controls and leading information security initiatives.
  • Ability to translate business requirements into control objectives.
  • Analyzed security requirements to determine if they meet government-mandated security policies.
  • Assisted in the development of an information security continuous monitoring strategy.
  • Developed Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action & Milestones (POAM).
  • Developed a security baseline controls and test plan that was used to assess implemented security controls using NIST 800-53 r4.
  • Developed System Security Plan (SSP) to provide an overview of the system security requirements.
  • Conducted Security Controls assessment to identify system threats, vulnerabilities and risk, and generate security assessment reports.

Confidential, Alexandra, VA.

Cyber Security Analyst/Assessor

  • Perform initial and ongoing Security Assessment and Authorizations in support of client's on-premise, FedRAMP Cloud Authorized (leveraged authorizations) and Shared Services (multi-agency) information systems while ensuring quality control of A&A documents.
  • Completed numerous risk assessments and collaborated with DOC System Owners, and IT support staff to provide recommendations regarding critical infrastructure, network security operations and continuous Monitoring processes and improvements.
  • Extensive knowledge and experience with the Risk Management Framework (RMF). Created, updated and revised System Security Plans, Contingency Plans, Incident Response plans/reports, and Plan of Action & Milestone.
  • Developed and completed Security Assessments Kick-off Meetings Briefings and populated the Security Requirements Traceability Matrix (SRTM) and Document Request Lists (DRLs) per NIST SP 800-53
  • Reviewed Privacy Impact Assessment (PIA) and PTA and ensured System of Record Notice (SORN) were published.
  • Assembled Security Assessment Packages to include Security Assessment Reports (SARs), Risk assessment Reports (RARs), Security Controls Assessments (SCA) Reports and POA&Ms.
  • Briefed Authorizing Official on information systems risks and vulnerabilities in support of the Security assessment and Authorization process.
  • Participated security controls assessment efforts to determine effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).
  • Evaluated vulnerabilities and risks based on Tenable, Nessus and HP Inspect scans reports.
  • Executed Security Impact Analysis/Risk Assessments/Subsystem Addendums in support of new on-premise and Cloud based applications/application systems.
  • Participated in Configuration Management (CM) activities and weekly Change Control Board (CCB) Meetings in support of changes to the authorized baselines for information systems.
  • Provide audit Pre-briefings to agency and Information Systems Security Officer's, to assist in the preparation of independent and FISMA audits.
  • Supported POA&M Management and Artifacts Management via the use of CSAM.
  • Developed NIST-compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses.
  • Monitored controls post authorization to ensure continuous compliance in accordance to FISMA guidelines.
  • Ensured all POA&M actions are completed and tested in timely fashion to meet client deadlines.
  • Participated and attended weekly ISSO forums for security advice and updates and, conduct meetings with the IT team to gather documentation and evidence about their control environment.
  • Applied appropriate information security control for Federal Information System based on NIST SP 800-53, FIPS 199, FIPS 200 and OMB A-130 Appendix III.
  • Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4.
  • Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network .

Confidential, Beltsville MD.

Information Security Analyst

  • Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network.
  • Monitored security controls post authorization to ensure continuous compliance with the security requirements.
  • Created, updated and revise System security Plans, FISMA and FISCAM audits, Contingency Plans, Incident Reports and Plan of Action & Milestone.
  • Authored recommendations associated with findings on how to improve the customers security posture in accordance with NIST controls.
  • Proven ability to support the full life-cycle of the Assessment and Authorization (A&A) process.
  • Supported client security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring.
  • Reviewed and updated some of the system categorization using FIPS 199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SSP, SAP& POA&M.
  • Ability to translate business requirements into control objectives.
  • Assess security controls through document reviews, interviews and tests to ensure compliance with FISMA and NIST standards.
  • Assisted in the development of an information security continuous monitoring strategy.
  • Developed contingency planning and Tabletop Exercise for Disaster Recovery testing of an information system.
  • Analyzed the Security Assessment Reports (SAR) and provided artifacts to assessors to justify each passing failing security controls.
  • Maintained security information records - the System Security Plan (SSP), Business Impact Analysis (BIA), Privacy Impact Analysis (PIA), and Privacy Threshold Analysis (PTA) for the annual Continuous Monitoring Assessment (CMA).

Hire Now
Client Services
Job Seekers
Visa Sponsorship