SUMMARY:

• Skilled and detail - oriented Security Analyst with 5yrs experience in Security and Vulnerability Management Lifecycle. Well experienced in using FISMA and applicable NIST Special Publications including but not limited to FIPS 199/200, /SP 800-30, 800-37, 800-53 rev4/53A, 800-60, and 800-137. Experienced in FEDRAMP. Worked in high-availability production and development, 24x7 environments with strong communication, organization and problem-solving skills. A good team player, also possess a strong ability to work efficiently, independently and under pressure.

TECHNICAL SKILLS:

• Hands-on experience assessing, developing, and/or updating security documents /artifacts including but not limited to System Security Plans (SSP), Configuration Management Plans (CMP), Information System Contingency Plans (ISCP), Incident Report Plans (IRP), Business Impact Analysis (BIA), Control Tailoring Workbook (CTW), e-Authentication Risk Assessment, Plan of Action and Milestones (POA&M), Security Assessment Plans (SAP), Security Assessment Reports (SAR), Privacy artifacts in accordance with FedRAMP, NIST and applicable Federal regulations, guidelines, and the best practice for a variety of Information Systems.
• Experienced on security administration functions pertaining to analysis, study and defining requirements and postures for Defense in Depth (DiD) architectures and configurations, in compliance with FedRAMP, NIST, the directives and guidance including but not limited to SP 800-30, SP 800-37, SP 800-53 Rev 4, SP 800-53A, SP 800-60, SP 800-137, FIPS 199, FIPS 200, OMB Circular A-123, and OMB Circular A-130.
• Familiar with Information Security tools and solutions including, Vulnerability Scanners (e.g. Nessus, Qualys), Security Information and Events System (e.g. ArchSight, Splunk), Data Protection/Encryption System, Network Devices (e.g. Firewalls, Intrusion Detection/Prevention System) and Antivirus solution, Systems Management Software/Solutions (e.g. BigFix), and Assessment and POA&M tracking tools (e.g. Trusted Agent FISMA (TAF), DOJ’s Cyber Security Assessment Management (CSAM)
• Experienced developing, tracking, and oversight to Plan of Action and Milestones (POA&M) process as part of continuous monitoring and A&A.
• Microsoft Office Suite (Word, Excel, PowerPoint, Visio, Outlook)
• Proficient using Windows 2000, 2003, 2008, Windows 7, and XP
• Proficient using Remedy, Macintosh Computers, Nessus Tenable Vulnerability Assessment.
• Expertise with Telecommunications Fundamentals System Forensics, NIST SP 800 Series, FISMA, FIPS Publications
• POA&M, FedRAMP, OMB, ST&E, FISMA, Risk Management Framework 800-37, SSP, Risk Assessment, FIPS 199, IT Security Controls, DISA compliance, Sarbanes-Oxley Compliance (SOX 404), Contingency Planning, Change Management, Security Gap Analysis, Configuration Management, STIG’s, HIPAA, SDLC, C&A, System Monitoring & Regulatory Compliance, Trusted Agent FISMA (TAF).
• Pursuing IAM Level III certification, Certified Information Systems Auditor (CISA).

PROFESSIONAL EXPERIENCE:

Snr Information Assurance Analyst

Confidential, Washington, DC

• Ensures proper system categorization using NIST 800-60 and FIPS 199
• Implements appropriate security controls for information system based on NIST 800-53 rev 4 and FIPS 200.
• Develops System Security Plans (SSPs) to provide overview of federal information system requirements and describe the controls in place to meet these requirements.
• Reviews and updates remediation on plan of action and milestones (POA&Ms), in agency’s Cyber Security Assessment and Management (CSAM) tool. Works with system administrators to resolve POA&Ms, gathers artifacts and creates mitigation memos and corrective action plans to assist in the closure of POA&Ms.
• Guides System Owners and system teams through the ATO process, using NIST 800-37.
• Creates, modifies, and reviews Contingency Plan (CP) and POA&M for review and approval by Authorization Official
• Develops a variety of Assessment & Authorization deliverables including; System Security Plan (SSP), FIPS 199 Categorization, PIA, ST&E, SAP, DRP, IRP, ISCP, CMP.
• Sets up POA&M ATO follow up pre-brief meetings with the System Owner, ISSO and other key stakeholders for each system with open POA&Ms prior to the official follow-up briefs and as directed by the Client.
• Analyzes and updates System Security Plan (SSP), Risk Assessment Reports (RAR), Privacy Impact Assessment (PIA) and the Plan of Actions and Milestones (POA&M)
• Coordinates with the agency’s Privacy, Records, and Information Governance Divisions related to compliance documentation and other requirements
• Conducts Contingency Plan tests using the table top and/or functional method at least annually and updating the plan
• Devises plans to certify and accredit assigned Information system or information systems
• Ensures Configuration Change Management processes are followed to guarantee that any changes do not introduce new security risks
• Responds to emerging requirements or policies as set by legislation, regulation or policy
• Supports annual assessments in accordance with guidance in the DOJ Information Security Performance Plan
• Creates Waivers and/or Risk Acceptance Memos to assist in the effective management of system risks

Security Control Assessor

Confidential, Bethesda MD

• Conducted systems risk assessment through risk analysis, assesses assets within system boundaries, and identify all possible vulnerabilities within systems.
• Assessed security controls in accordance with the assessment procedures defined in the security assessment plan (SAP) through examination, interviews, and testing.
• Conducted security assessments by reviewing System Security Plans (SSP) to create Kick-Off Presentation Slides, Security Assessment Plans (SAP), and Security Control Assessment (SCA) matrices.
• Drafted Security Assessment Reports (SAR) to provide stakeholders information regarding the security posture of their systems in accordance with the controls outlined in NIST SP 800-53 Rev. 4
• Conducted meetings with various system teams to gather evidence, developed test plans, testing procedures and documented test results and exceptions.
• Reviewed POA&Ms and enforced timely remediation of audit issues
• Reviewed Tenable Nessus vulnerability and compliance scans and WebInspect application scans as part of security control assessments.
• Performed FISMA continuous monitoring-related activities
• Provided support for documentation initiatives as related to System Security Plans (SSPs), Security Assessment Plans (SAP), Continuity of Operations Plans (COOP), Incident Response Plans(IRPs), and Information System Contingency Plans (ISCP)
• Responded to various executive data calls.

Security Analyst

Confidential - Richmond, VA

• Identified and documented IT internal control deficiencies and provided clear and concise recommendations to client management regarding the elimination or mitigation of control deficiencies.
• Performed independent verification of the closure of control deficiencies.
• Assisted client with the planning and methodology of future IT regulatory compliance assessment and/or audit activities.
• Monitored management’s remediation of identified issues and tested the effectiveness of the remediation.
• Provided consultative advice to business and IT management on current and emerging Information & Technology risk, control and governance matters.
• Provided input and feedback on Corrective Action Plans (CAP) as well as produce a summary assessment of CAPs.
• Served as a liaison for the team to multiple other groups and functions including interfacing with the central governance function, compliance advisors, business risk offices, business lines, internal audit, and other areas of Risk Management.

Senior Ops Coordinator

Confidential - Richmond VA

• Tasked with managing and coaching colleagues deemed to be lower in performance numbers
• Completes financial counseling and advising to customers
• Resolves customer issues while providing a high level of customer satisfaction
• Sales and recommendations to customers in order to exceed department goals
• Coordinates and reviews quality assurance for domestic relations between international third-party agents and US customers