Information Assurance Security Specialist Resume
5.00/5 (Submit Your Rating)
Greenbelt, Md
SUMMARY:
- An Information Technology professional with multiple years of experience in managing and protecting enterprise information system, through Assessment and Authorization(A&A) in accordance with the Federal information Modernization Act of 2014 (FISMA), with in - depth knowledge of Risk Management Framework (RMF) using NIST SP 800-18, 800-30, 800-37, 800-53 re5, 800- 60 and 800-137
PROFESSIONAL EXPERIENCE:
Confidential, GREENBELT MD.
Information Assurance security Specialist
- Prepared and reviewed Authorization Packages; Security Assessment Plan (SAP), Security Assessment Report. (SAR), and Security Control Assessment (SCA).
- Assisted System Owners in preparing Assessment and Authorization packages for Information Technology Systems, ensuring that implementation of security controls were being done in accordance with FISMA and NIST 800-53 Rev4 requirements.
- Interviewed ISSO, System Owners and reviewed existing system documentation to determine if reviewed systems complied with established standards.
- Conducted periodic status update meetings with key management personnel to discuss status and issues identified during different audits and assessments.
- Assisted in the planning and execution of IT general and transaction-level control assessments (e.g., strategy, change management, security and IT operations), and the evaluation of IT control environments.
- Developed and maintained best-in-class dashboards containing leading practice benchmarks for specific service offerings (e.g., Cyber Security, Disaster Recovery etc.)
- Performed risk assessments of IT and business processes based on multiple regulatory frameworks, to assess risks; identified and implemented remediation plans and secured stakeholder sponsorship to help ensure seamless execution and sustainable results.
Confidential, Bowie MD
Information Systems Security Officer
- Coordinate, and tracks remediation of security of weakness as they are identified, through Plan of Action and Milestone (POA&M) and provide management with weekly report.
- Develops and reviews information system categorization with the used of FIPS 199 and NIST SP 800-60 to determine if the categorization is adequate with the data it processed.
- Review and update System Security Plan (SSP) using NIST 800-53Rev4 requirements.
- Achieve FISMA compliance and Authorization to Operate (ATO) base on the guidance from the NIST 800-37 Risk Management Framework (RMF).
- Provides Stakeholder with recommendation on how to remediate identified issues based upon NIST guidelines and industry best practices.
- Ensure that the artifacts are maintained and update in accordance with NIST guidelines and organizational polices.
- Review and analyze risk report from vulnerability scans and advise management on remediated actions.
- Develop, review and update information security system policies, System Security Plans (SSP) and security baseline accordance with NIST SP 800-18, FISMA, and industry best practices.
- Develop and update System Security Plan (SSP), Privacy Impact Analysis (PIA), System Security Test and Evaluation (ST&E) and Plan of Action and Milestone (POA&M).
- Put together Authorization Packages (POA&M), and SAR for information Authorization officer.
- Update IT security policies, procedures, standards and guidelines according to department and federal baseline requirement.
Confidential
Junior Systems Administrator
- Collaborated with systems owners to secure corporate proprietary information in accordance with federal standards ( NIST 800-60) .
- Performed Software/Hardware installation, update and testing. Provided support to internal and external audit teams in gathering evidence to validate controls.
- Trained and monitored employees in the use of IT corporate systems.
- Used incident and configuration management tools to track, record and transfer change request orders.
TECHNICAL SKILLS
- Software, Standards, Guides & Tools; FIPS 199 System Security Categorization, Assessment & Authorization, NIST800-37 Risk Management Framework (RMF), NIST 800-53 Rev4, System Security Plan (SSP), Security Assessment Report (SAR), Continuous Monitoring (CM), Plan of Action and Milestones (POA&M), Microsoft Office, Unix/Linux, Share point, Vulnerability Scan (NESSUS, Web Inspect, App Detective, CSAM, RSA Archer, BigFix, Serena Team Track, SIEM TOOL (Splunk and ArcSight)
- Strong presentation of verbal and written communication skills.
Privacy Policy
Resume Categories
- .NET Developers/Architects Resumes
- Java Developers/Architects Resumes
- Informatica Developers/Architects Resumes
- Business Analyst (BA) Resumes
- Quality Assurance (QA) Resumes
- Network and Systems Administrators Resumes
- Help Desk and Support specialists Resumes
- Oracle Developers Resumes
- SAP Resumes
- Web Developer Resumes
- Datawarehousing, ETL, Informatica Resumes
- Business Intelligence, Business Object Resumes
- MainFrame Resumes
- Network Admin Resumes
- Oracle Resumes
- ORACLE DBA Resumes
- Other Resumes
- Peoplesoft Resumes
- Project Manager Resumes
- Quality Assurance Resumes
- Recruiter Resumes
- SAS Resumes
- Sharepoint Resumes
- SQL Developers Resumes
- Technical Writers Resumes
- WebSphere Resumes
- Hot Resumes
