Information System Security Officer Resume
5.00/5 (Submit Your Rating)
Washington, DC
SUMMARY:
- A Cyber Security Analyst/Information Security Analyst, with exceptional experience looking for an opportunity, that will not only utilize my knowledge but also give me an opportunity to grow in the knowledge of leading - edge technologies.
- Excellent problem-solving ability.
- Excellent communication skill (oral and writing).
- Managing multiple projects simultaneously.
- Team player and a quick learner.
- Expert in risk management and mitigation.
- TI systems Administration.
- Knowledge of Microsoft word, Power Point, Publishers and Excel and Visio.
- Involved with the planning and engineering an enterprise infrastructure.
- Experienced in Service Now and HP Service Manager Ticketing Systems.
- Experienced in Federal Government Contracts.
- Understanding of FISMA standards and the Certification and Accreditation Process and have developed appropriate documents
- Experienced in documentations.
- Experienced with ticketing tools.
PROFESSIONAL EXPERIENCE:
Confidential, Washington DC
Information System Security Officer
- Conduct IT-Security standards/compliance audits and assessments using NIST, RMF (Risk Management Framework).
- Create and disseminate monthly security reports and trend analysis to the CISO.
- Create a security dashboard for executive stakeholders to utilize for accurate and up to date incident response information on demand.
- Developing and updating security authorization packages in accordance with the client’s requirement and compliant with FISMA.
- Drafting and updating Core documents such as the System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan.
- Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
- Develop and maintain the Plan of Action and Milestones and support remediation activities.
- Validate that protective measures for physical security are in place to support the systems security requirements.
- Developing, coordinating, testing and training on Contingency Plans and Incident Response Plans.
- Support Incident Response and Contingency activities.
- Perform security control assessment in using NIST 800-53A guidance.
- Conduct Independent scans of the application, network and database (where required).
- Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner.
- Draft Organizational policies, SOP&s and guidelines.
- Assess security controls through document reviews, interviews and tests to ensure compliance with FISMA and NIST standards.
- Working knowledge of duties required implementing information security controls and leading information security initiatives.
- Ability to translate business requirements into control objectives.
- Analyzed security requirements to determine if they meet government-mandated security policies.
- Assisted in the development of an information security continuous monitoring strategy.
- Developed Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action & Milestones (POAM).
- Developed a security baseline controls and test plan that was used to assess implemented security controls using NIST 800-53 r4.
- Developed System Security Plan (SSP) to provide an overview of the system security requirements.
- Conducted Security Controls assessment to identify system threats, vulnerabilities and risk, and generate security assessment reports.
Confidential, Alexandra, VA.
Cyber Security Analyst/Assessor
- Perform initial and ongoing Security Assessment and Authorizations in support of client's on-premise, FedRAMP Cloud Authorized (leveraged authorizations) and Shared Services (multi-agency) information systems while ensuring quality control of A&A documents.
- Completed numerous risk assessments and collaborated with DOC System Owners, and IT support staff to provide recommendations regarding critical infrastructure, network security operations and continuous Monitoring processes and improvements.
- Extensive knowledge and experience with the Risk Management Framework (RMF). Created, updated and revised System Security Plans, Contingency Plans, Incident Response plans/reports, and Plan of Action & Milestone.
- Developed and completed Security Assessments Kick-off Meetings Briefings and populated the Security Requirements Traceability Matrix (SRTM) and Document Request Lists (DRLs) per NIST SP 800-53
- Reviewed Privacy Impact Assessment (PIA) and PTA and ensured System of Record Notice (SORN) were published.
- Assembled Security Assessment Packages to include Security Assessment Reports (SARs), Risk assessment Reports (RARs), Security Controls Assessments (SCA) Reports and POA&Ms.
- Briefed Authorizing Official on information systems risks and vulnerabilities in support of the Security assessment and Authorization process.
- Participated security controls assessment efforts to determine effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).
- Evaluated vulnerabilities and risks based on Tenable, Nessus and HP Inspect scans reports.
- Executed Security Impact Analysis/Risk Assessments/Subsystem Addendums in support of new on-premise and Cloud based applications/application systems.
- Participated in Configuration Management (CM) activities and weekly Change Control Board (CCB) Meetings in support of changes to the authorized baselines for information systems.
- Provide audit Pre-briefings to agency and Information Systems Security Officer's, to assist in the preparation of independent and FISMA audits.
- Supported POA&M Management and Artifacts Management via the use of CSAM.
- Developed NIST-compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses.
- Monitored controls post authorization to ensure continuous compliance in accordance to FISMA guidelines.
- Ensured all POA&M actions are completed and tested in timely fashion to meet client deadlines.
- Participated and attended weekly ISSO forums for security advice and updates and, conduct meetings with the IT team to gather documentation and evidence about their control environment.
- Applied appropriate information security control for Federal Information System based on NIST SP 800-53, FIPS 199, FIPS 200 and OMB A-130 Appendix III.
- Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4.
- Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network .
Confidential, Beltsville MD.
Information Security Analyst
- Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network.
- Monitored security controls post authorization to ensure continuous compliance with the security requirements.
- Created, updated and revise System security Plans, FISMA and FISCAM audits, Contingency Plans, Incident Reports and Plan of Action & Milestone.
- Authored recommendations associated with findings on how to improve the customers security posture in accordance with NIST controls.
- Proven ability to support the full life-cycle of the Assessment and Authorization (A&A) process.
- Supported client security policies and activities for networks, systems and applications including Vulnerability Management, Incident Reporting, Mitigation, and Continuous Monitoring.
- Reviewed and updated some of the system categorization using FIPS 199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SSP, SAP& POA&M.
- Ability to translate business requirements into control objectives.
- Assess security controls through document reviews, interviews and tests to ensure compliance with FISMA and NIST standards.
- Assisted in the development of an information security continuous monitoring strategy.
- Developed contingency planning and Tabletop Exercise for Disaster Recovery testing of an information system.
- Analyzed the Security Assessment Reports (SAR) and provided artifacts to assessors to justify each passing failing security controls.
- Maintained security information records - the System Security Plan (SSP), Business Impact Analysis (BIA), Privacy Impact Analysis (PIA), and Privacy Threshold Analysis (PTA) for the annual Continuous Monitoring Assessment (CMA).