Innovative and highly motivated IT professional with over 10 years of progressive experience in implementation and development of system application databases, project and operational management, change management, and project implementation to support clients.
AWS (Amazon Web Services) | McAfee Orchestrator Policy Ethical Hacking applications | Kali - Linux | Wireshark | Metasploit | NMAP | Kane & Abel | Nessus | MS SQL | Jira | Wiki | Microsoft Project | Microsoft Office Suite| Service Now | Yellow Fin Business Service Intelligence Application Tools| CSAM|DHS Xacta IA Manager |DHS Continuum
Information Assurance Systems Security Engineer
Confidential, Fort Belvoir, VA
- Provide Cybersecurity guidance and expertise as it pertains to adherence with Government cybersecurity policies and procedures for any new-starts/developments to include on-premise, off-premise or cloud-based solutions.
- Maintain the security documentation for information systems under their purview, to include System Security Plans (SSP), Plans of Action & Milestones (POA&M), and hardware and software baselines.
- Initiate and Plan RMF A&A for information systems under their purview to include:
- Categorization of the systems IAW Committee on National Security Systems (CNSS) 1253 to determine the Confidentiality, Integrity, and Availability (CIA) impact
- Selecting initial set of baseline security controls and relevant overlays for the Information System IAW DoDI 8510.01, Risk Management Framework (RMF) for DoD IT.
- Developing and documenting a system-level strategy for continuous monitoring of employed security controls effectiveness.
- Implementing the security controls specified in the security plan IAW DoD and Confidential implementation guidance.
- Conducts risk assessment testing procedures for assessment of the Assessment & Authorization (A&A) of (RMF) packages.
- Manage POA&MS & ATO Package within Emass
- Responsible for ingesting STIG files and checklist into SCAP Viewer to determine the Target of Evaluation and also to validate the in the files are auto-checked or manually run.
Information Systems Security Officer
Confidential, Bethesda, MD
- Participate in Continuous Monitoring of Government- Accredited MCA Systems, Assist/ Lead with and Accreditation/ Re-accreditation of all systems
- Maintain enterprise-wide Information Security policies, standards, and procedures.
- Technical lead for continuous monitoring of accredited systems.
- Design, develop or recommend integrated system solutions ensuring proprietary/confidential data and systems are protected.
- Configure and validate secure systems, test security products/systems to detect computer and information security weakness.
- Research and maintain proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
- Perform duties in support of in-house and external customers.
- Analyze and define Information Security requirements.
- Analyze government and industry trends, laws and standards and recommend methods to meet
- Execute and deliver project activities according to the project plan/scope of work, on time within budget.
- Analyze security risks, threats and vulnerabilities and recommend strategies to prevent security exposures and detect intruders.
- Present Information Security status and issues at MCA client meetings.
- Comply with all State and Federal regulations and abide by company policies and procedures.
- Analyzing of application vulnerability scan reports
- Analyzing of antivirus scan reports
- Analyzing of system patch reports
Information Technology Manager
Confidential, Washington, DC
- Provides technical assistance to remediate critical vulnerabilities and security weaknesses through the completion of Plans of Action and Milestones (POA&Ms), Designed Contingency Plans, Business Impact Analysis as well Configuration Management Plans, Conducting table top exercises, Ensuring all systems are developed maintained based on the approved Configuration and Release Management policies and procedures
- As part of the NIST rev 4 control RA-05 I ran monthly vulnerability scans using Nessus to scan the network and multiple applications for any vulnerabilities, XSS, CSRF
- Responsible for ensuring all applications meet and followed the Risk Management Framework Security Life Cycle
- Prioritized Security Risk based off Security Assessments and implemented security controls
- Developed detailed project schedule, including SA&A task and milestones, task dependencies, and personnel resources
- Conduct SA&A activities sand tasks and obtain Authorization to Operate (ATO) in line with NIST and client guidance and directives.
- Determining the baseline IT Security requirements for IT Systems, identifying system boundaries, determining information categories, assisting with FIPS-199.
- Ensured that IT Systems are operated, used, maintained, and disposed of in accordance with internal security policies and practices.
- Enforce security policies and safeguards on all personnel having access to the IT System
- Review and generate SA&A and system documentation as needed.
- Selecting baseline controls for the IT System using common, hybrid, specific controls to tailor security controls as appropriate.
- Implement security controls based on IT System FIPS categorization.
- Develop and document all required artifacts for the SA&A package.
- Conduct Contingency Plan Test (CPT) for systems.
- Review and monitoring system security and audit logs with in AWS Cloud Watch environment
- Develop and maintain Plan of Actions and Milestones (POA&Ms) for IT systems in CSAM Repository
- Updated SA&A documentation and artifacts on a regular basis annually, after approved change
- Successfully implemented a Business Intelligence application responsible for building custom views and automated dashboards
- Led and managed the efforts to implement ServiceNow (Internet Technology Service Management) application
- Successfully Managed a 1.3 million IT operating budget and saved $250,000 in operating expenses
- Served as liaison between ancillary departments and the it department
- Collaborated with Confidential internal users and external users in various departments and established working group settings to document the common technical and functional requirements for web applications; facilitated meetings with project stakeholders to elicit requirements
- Successfully manage a Development Team as well as a Functional Team
- Developed lifecycle documents in Jira such as Use Cases, Functional Requirements, UAT Scenarios, Implemented the Agile Methodology to provide faster deliverables through Sprint Iterations
- Provided, Organized and facilitated weekly IT Team meetings as well web systems meeting for various applications and functions
- Supervised two IT functional staff members as well as the day to day POC for four IT institutional contractors. Completed employee evaluations in a timely manner, approved timesheets as well as leave request provide efficient and timely customer support, currently looking at ways to streamline IT processes such as issue management systems
SR. Systems Analyst/ Applications Manager
Confidential, Washington, DC
- Performed research and gathered data information to support HIPPA Security Rules and the Confidential act on current cybersecurity and risk issues impacting healthcare, Designed and built the quality and risk management application
- Provided EHR Senior Systems Analyst support
- Lead UMC’s Computerized Physician Order Entry program; supports team of Physicians; served as the IT Project Manager on the Implementation of the Scanning and Achieving module in the EHR; responsible for the software development, life cycle, planning, designing, building, testing and implementation; provides maintenance of the EHR software to ensure the proper documentation meets the standard of Joint Commission as well as patients understanding and privacy
- Ongoing and maintenance support and for the physicians to ensure proper use of the EHR system; train and provide support for all Clinicians (Physicians, Nurses, PA) on effective use of EHR system; provided support, custom builds, and workflow analysis for the following departments: Health Information Management, Quality Management, Performance Improvement to ensure the Electronic Chart are in accordance with the Hospital and DOH standards; created custom templates, screens, order sets to improve workflows for better documentation and safety of patients
- Fostered positive relationship among Clinicians and senior leadership; Part of the final decision process which had direct impact on the healthcare organization clinical and non-clinical applications
- Served as the technical expert for a variety of special projects and ongoing activities including database development, programmatic management information, and software development required to accomplish these activities
- Reviewed and monitored system tests of database segments of new systems or systems modifications; Served as a technical lead and provided highly technical expertise in the development, design, implementation, safeguard, operations, maintenance, and control of database management systems
- Responsible for the implementation, administration and maintenance of network and software throughout end users support' application and data requirements
- Identified, analyzed, and reported on emerging trends in the adoption and use of health information technology and other related trends in healthcare delivery
- Consulted with customers and stakeholders to identify and specify system requirements; Worked as part of a team to study and improve IT systems and/or business processes
SR. Clinical Systems Analyst/ Project manager
Confidential, Staten Island, NY
- Served as the Project Manager for Patient and Consumer Health Portal implementation managed the Core Project Teams which consisted of nurses, residents, attending physicians, and other member from Ancillary Departments created and maintained the project implementation plan, work flow docs, issue list, and project tracking guide; remarkable experience in all applications in 5.64,5,5.65,5.66 CS; served as the Project Manager for the Hi-tech and Meaningful Use Stage 1 to ensure the hospital are meeting requirements for menu, core and CQM measures
- Secured a total of 6.8 million dollars from Medicare, Medicaid as a result of becoming Confidential and Meaningful Use certified
- Lead and executed system testing activities, including end-user acceptance testing, for modified and new systems, and other post-implementation support; designed NPR reports and Confidential (Customer Defined Screens); increased productivity and workflow through all departments in the hospital
Information Technology Project Manager
Confidential, Menlo Park, CA 40
- Served as IT Project Manager directed and managed project development & planning full lifecycle; defined project scope goals and deliverables that support business goals in collaborative effort with senior managers identified and managed project delivery risks, project plans, and critical path activities by producing workflow documents and project dashboard plans developed and maintained project issues lists and drive the issues to resolution; developed, maintained, and managed project plans for customer implementations and internal projects from Confidential to Go Live; provided support to business subject matter experts and business leaders, and act as a resource to them, to document and track business and project scope decisions; served as support for new systems.
Business Consultant/ Trainer
Confidential, New York, NY
- Served as Business Consultant for several projects go-live support in the command center, units and analyst; provided Eclipsys Sunrise Acute Care 5.5 go- live support to the physicians and nurses and other staff members trained Nurses on how to customize and update their patient list, flag management within the software also to give them a thorough understanding of flow sheet process worked with Physician, registrar, RN, medical students, to show them the process of entering patient orders order entry workflow Confidential .