We provide IT Staff Augmentation Services!

Information System Security Officer Resume

Washington, DC

SUMMARY:

  • A Cyber Security Analyst/Information Security Analyst, with exceptional experience looking for an opportunity, that will not only utilize my knowledge but also give me an opportunity to grow in the knowledge of leading - edge technologies.
  • Excellent problem-solving ability.
  • Excellent communication skill (oral and writing).
  • Managing multiple projects simultaneously.
  • Team player and a quick learner.
  • Expert in risk management and mitigation.
  • TI systems Administration.
  • Knowledge of Microsoft word, Power Point, Publishers and Excel and Visio.
  • Involved with the planning and engineering an enterprise infrastructure.
  • Experienced in Service Now and HP Service Manager Ticketing Systems.
  • Experienced in Federal Government Contracts.
  • Understanding of FISMA standards and the Certification and Accreditation Process and have developed appropriate documents
  • Experienced in documentations.
  • Experienced with ticketing tools.

PROFESSIONAL EXPERIENCE:

Confidential, Washington DC

Information System Security Officer

  • Conduct IT-Security standards/compliance audits and assessments using NIST, RMF (Risk Management Framework).
  • Create and disseminate monthly security reports and trend analysis to the CISO.
  • Create a security dashboard for executive stakeholders to utilize for accurate and up to date incident response information on demand.
  • Developing and updating security authorization packages in accordance with the client’s requirement and compliant with FISMA.
  • Drafting and updating Core documents such as the System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan.
  • Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
  • Develop and maintain the Plan of Action and Milestones and support remediation activities.
  • Validate that protective measures for physical security are in place to support the systems security requirements.
  • Developing, coordinating, testing and training on Contingency Plans and Incident Response Plans.
  • Support Incident Response and Contingency activities.
  • Perform security control assessment in using NIST 800-53A guidance.
  • Conduct Independent scans of the application, network and database (where required).
  • Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner.
  • Draft Organizational policies, SOP&s and guidelines.
  • Assess security controls through document reviews, interviews and tests to ensure compliance with FISMA and NIST standards.
  • Working knowledge of duties required implementing information security controls and leading information security initiatives.
  • Ability to translate business requirements into control objectives.
  • Analyzed security requirements to determine if they meet government-mandated security policies.
  • Assisted in the development of an information security continuous monitoring strategy.
  • Developed Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action & Milestones (POAM).
  • Developed a security baseline controls and test plan that was used to assess implemented security controls using NIST 800-53 r4.
  • Developed System Security Plan (SSP) to provide an overview of the system security requirements.
  • Conducted Security Controls assessment to identify system threats, vulnerabilities and risk, and generate security assessment reports.

Confidential, Alexandra, VA.

Cyber Security Analyst/Assessor

  • Perform initial and ongoing Security Assessment and Authorizations in support of client's on-premise, FedRAMP Cloud Authorized (leveraged authorizations) and Shared Services (multi-agency) information systems while ensuring quality control of A&A documents.
  • Completed numerous risk assessments and collaborated with DOC System Owners, and IT support staff to provide recommendations regarding critical infrastructure, network security operations and continuous Monitoring processes and improvements.
  • Extensive knowledge and experience with the Risk Management Framework (RMF). Created, updated and revised System Security Plans, Contingency Plans, Incident Response plans/reports, and Plan of Action & Milestone.
  • Developed and completed Security Assessments Kick-off Meetings Briefings and populated the Security Requirements Traceability Matrix (SRTM) and Document Request Lists (DRLs) per NIST SP 800-53
  • Reviewed Privacy Impact Assessment (PIA) and PTA and ensured System of Record Notice (SORN) were published.
  • Assembled Security Assessment Packages to include Security Assessment Reports (SARs), Risk assessment Reports (RARs), Security Controls Assessments (SCA) Reports and POA&Ms.
  • Briefed Authorizing Official on information systems risks and vulnerabilities in support of the Security assessment and Authorization process.
  • Participated security controls assessment efforts to determine effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).
  • Evaluated vulnerabilities and risks based on Tenable, Nessus and HP Inspect scans reports.
  • Executed Security Impact Analysis/Risk Assessments/Subsystem Addendums in support of new on-premise and Cloud based applications/application systems.
  • Participated in Configuration Management (CM) activities and weekly Change Control Board (CCB) Meetings in support of changes to the authorized baselines for information systems.
  • Provide audit Pre-briefings to agency and Information Systems Security Officer's, to assist in the preparation of independent and FISMA audits.
  • Supported POA&M Management and Artifacts Management via the use of CSAM.
  • Developed NIST-compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses.
  • Monitored controls post authorization to ensure continuous compliance in accordance to FISMA guidelines.
  • Ensured all POA&M actions are completed and tested in timely fashion to meet client deadlines.
  • Participated and attended weekly ISSO forums for security advice and updates and, conduct meetings with the IT team to gather documentation and evidence about their control environment.
  • Applied appropriate information security control for Federal Information System based on NIST SP 800-53, FIPS 199, FIPS 200 and OMB A-130 Appendix III.
  • Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4.
  • Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network .

Confidential, Beltsville MD.

Information Security Analyst

  • Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network.
  • Monitored security controls post authorization to ensure continuous compliance with the security requirements.
  • Created, updated and revise System security Plans, FISMA and FISCAM audits, Contingency Plans, Incident Reports and Plan of Action & Milestone.
  • Authored recommendations associated with findings on how to improve the customers security posture in accordance with NIST controls.
  • Proven ability to support the full life-cycle of the Assessment and Authorization (A&A) process.
  • Supported client security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring.
  • Reviewed and updated some of the system categorization using FIPS 199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SSP, SAP& POA&M.
  • Ability to translate business requirements into control objectives.
  • Assess security controls through document reviews, interviews and tests to ensure compliance with FISMA and NIST standards.
  • Assisted in the development of an information security continuous monitoring strategy.
  • Developed contingency planning and Tabletop Exercise for Disaster Recovery testing of an information system.
  • Analyzed the Security Assessment Reports (SAR) and provided artifacts to assessors to justify each passing failing security controls.
  • Maintained security information records - the System Security Plan (SSP), Business Impact Analysis (BIA), Privacy Impact Analysis (PIA), and Privacy Threshold Analysis (PTA) for the annual Continuous Monitoring Assessment (CMA).

Hire Now