We provide IT Staff Augmentation Services!

Information System Security Officer Resume

Baltimore, MarylanD

TECHNICAL SKILLS:

IT Controls - Frameworks: IT Audit Standards: Confidential 800-53, Confidential 800-53A, Confidential 800-30, Confidential 800-37, Confidential 800-34, Confidential 800-18, FIPS, FISMA, FEDRAMP, SaaS, PaaS, IaaS, Confidential RMF. Confidentiality, Integrity, Availability, Access Control, Audit and Accountability, Certification and Accreditation, General Computer Controls, Application control, Testing, Compliance Testing, Vulnerability Scans, Penetration testing Risk Assessment, Change Management, Configuration Management, Security Maintenance, Contingency Planning; Policies and Procedures, Implementation, Incident Response, Media Protection, Physical Security, Privacy Controls, Computer operations, Environmental Security, Network Security, System Security, Personnel Security, OMB Circular A-130 Appendix III

Software /Hardware /Platform: Microsoft Windows 2006,2008 & 2010, LAN/WAN Wireless Network, Kali Linux, Tenable Nessus, Oracle Enterprise Manager, MS Office Suite, PeopleSoft, Power Point, Splunk, WebInspect, Visio, Tripwire, Syslog(Ca3ultra), Qualys, eMASS, CSAM, Confidential Viewer and Confidential IA Manager.

PROFESSIONAL EXPERIENCE

Confidential, Baltimore, Maryland

Information System Security Officer

Responsibilities:

  • Prepared Certification and Accreditation (C&A) packages for various systems as well as develop, review, and update packages and Authority to Operate documentation for systems hosted and owned by USAID in accordance to Confidential SP-800 Series 800-26, 800-18, 800-53, 800-53A,800-137).
  • Worked closely ISSOs and System Owners as a third -party assessors on both cloud and no-cloud systems n the SA&A process and provide appropriate accreditation documentation based on assessment timeline.
  • Worked closely in coordination with AWS, Google cloud, Blackberry and Azure cloud systems in the FEDRAMP ATO process.
  • Managed InfoSec Program POA&MS that uses Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS).
  • Assisted System Owners in performing internal security assessments, conducting security testing, and evaluating results for mostly cloud and non-cloud based systems.
  • Developed, reviewed, maintained, and ensured all assessment and authorization (A&A) documentation (such as SSP, Security Assessment Report, POA&M, Incident Response Plan, Configuration Plan etc.) is included in the security authorization package.
  • Performed information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and identified mitigation requirement.
  • Performed independent verification and validation agency systems internally which includes cloud and non-cloud systems based on the ROE as well as provide authorization recommendation based on risks to AO, Confidential and Top management through presentations or out briefs.
  • Served as the system administrator in charge of risk assessment, user support tasks, Microsoft Windows operating system and server administration (Windows server 2008 & 2010) to support day-to-day system performance, and prevent data loss and unauthorized access.
  • Created and reviewed Rules of Engagement (ROE), Security Assessment Plans (SAPs) and Security Assessment Reports for both the cloud and non-cloud systems depending on the SOW.
  • Utilized the Risk Management Framework (RMF) processes as such system categorization, security controls implementation (considering FEDRAMP Controls), security assessment plan and contingency plan to safeguard the information system.
  • Requested and reviewed vulnerability scans as well as monitor and track remediation progress in DOJ CSAM tool.
  • Developed, reviewed and updated System Security Plan (SSP), Contingency Plan, Incident Response Plan and System Security test and Evaluation (ST&E), Security Assessment Report, Confidential Review policy, E-authentication, Risk Assessment, Technical Control Plan and the Plan of Actions and Milestones (POA&M) to ensure FISMA Compliance.
  • Conducted assessment per Confidential SP 800-53A and document findings and remediation actions in the POA&M.
  • Prepared and conducted kickoff meetings and outbriefs for CIO, AO and SO of systems prior to security assessment, post assessment and ATO meetings.

Confidential, Mclean, VA

Information System Security Officer

Responsibilities:

  • Prepared Certification and Accreditation (C&A) packages for various systems as well as develop, review, and update packages and Authority to Operate documentation for systems hosted and owned by Confidential in accordance to Confidential SP-800 Series 800-26, 800-18, 800-53, 800-53A,800-137).
  • Authored or coordinated the development of other required system security plans: Configuration management (CM), Contingency Plan (CP), Continuity of Operations (COOP), Disaster Recovery Plan (DR) and Incident Response Plan (IRP).
  • Developed risk assessments, security plans and risk mitigation plans to identify security risks for systems and architectures.
  • Assisted in the development of agency’s IT Security policies, standards, guidelines and procedures.
  • Applied and reviewed multiple STIGs across numerous information systems components as part of key requirement in the RMF Assessment and authorization (A&A) Process.
  • Performed pre-audit activities (e.g., review prior year audit issues and ensures corrective actions, system documentation is current, procedures are being followed, Plan of Action and Milestones are up-to-date, etc.).
  • Worked with teams to identify and resolve issues discovered during audit and review process.
  • Reviewed POA&M, enforced timely remediation of audit issues, and update system security plans (SSP) using Confidential SP 800-18 guidelines.
  • Analyzed vulnerabilities, POA&M and other findings as well as maintained a vulnerability management process for Confidential .
  • Assisted in the development of agency’s IT Security policies, standards, guidelines and procedures such as Breach and Privacy procedures for Confidential Privacy Department which was done in accordance with OMB guidelines.
  • Audited and reviewed most Confidential systems for ATO authorization depending on the expiration of their ATOs and which year it expires with the help of the Confidential tool.
  • Provided administrative support to Confidential users such as Confidential systems POCs.
  • Performed system certification and accreditation planning and testing and liaison activities; supports secure systems operations and maintenance.
  • Assisted in the preparation, presentation, delivery, and follow-up of briefings.

Confidential, Fairfax, VA

Information Assurance Analyst

Responsibilities:

  • Assisted in establishing the RMF as best practice for the Federal Election Commission which included kick off meetings and coordination with the Confidential, ISSO, Infrastructure and Application teams.
  • Performed security assessments, developed, reviewed, and updated Certification and Accreditation (C&A) packages and Authority to Operate (ATO) documentation for systems hosted and owned by Confidential .
  • Maintained and managed the required systems security documentation on the SBA adopted DOJ - Cyber Security Assessment and Management (CSAM) system. Minimum documentation includes: System Categorization Worksheets (SCW), Privacy Impact Assessments (PIA), Security Control Assessments (SCA), System Security Plans (SSP), Risk Assessments (RA), Contingency Plans(CP) and testing, FIPS 199 Security Categorization, Security Test & Evaluation (ST&E), Certification, Disposition plans, Annual and Quarterly Security Documentation review and testing, ATO certifications and re-certifications, Security Self Assessments (SSA), Memoranda of Understanding (MOU), Interconnection Security Agreement(s).
  • Assisted system owners and representatives with use of CSAM as it pertains to the management of their system’s security documentation.
  • Assisted system owners and representatives with the migration of controls from Confidential SP 800-53 Rev 3 to Rev 4 in the CSAM.
  • Created and developed security policy documents and relevant artifacts to support compliance.
  • Assisted in performing vulnerability scans for Confidential systems as part of internal vulnerability assessments.
  • Created and reviewed Rules of Engagement (ROE), Security Assessment Plans (SAPs) and Security Assessment Reports for both the cloud and non-cloud systems depending on the SOW.
  • Worked hand in hand with ISSO and Confidential offices in conducting weekly scans and reviewing based on severity with mitigations with assistance from SOC team, system administrators and DBAs.
  • Coordinated with Departmental agency staff as necessary to provide guidance on the process of conducting risk analysis and computer security reviews, security assessments, the preparation of Disaster Recovery Plans in the Continuity of Operations (COOP) plans, security plans, and the processes involved in the Confidential required activities for the Certification and Accreditation of Major Information and General Support Systems ( Confidential .
  • Conducted reviews on Information Systems security documents for all hosted systems to minimally include: Plan of Action & Milestones (POA&Ms), Security Test & Evaluation (ST&E)

Confidential, Fairfax, VA

Information Security Analyst

Responsibilities:

  • Works with project managers to ensure in corporation of security activities in all ongoing projects and to identify security impact of new releases.
  • Prepare security authorization(C&A) documentation including system security plan (SSP), risk assessment (RA), Contingency Plan (CP), Privacy Impact Analysis (PIA), and other artifacts required for the ATO package.
  • Support the remediation actions to correct assessment findings and develop supporting Plan of Action and milestone (POA&M) reports and update System Security Plan.
  • Supporting Security Test and Evaluation (ST&E) efforts and other support to the IT Security Office.
  • Conducted the IT risk assessment and documented the control, conducted meetings with the IT client team to gather evidence, developed test plans, testing procedures and documented test results and exceptions.
  • Operational and technical controls for securing either sensitive Security Systems or IT Systems are in place and are followed according to federal guidelines ( Confidential 800-53).
  • Ensured that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.
  • Reviewed POA&M, enforced timely remediation of audit issues, and update system security plans (SSP) using Confidential SP 800-18 guidelines.
  • Used and applied knowledge of Security Assessment & Authorization (SA&A) policies, guidelines and regulations in the assessment of IT systems and the documentation and preparation of related documents.
  • Conducted Systems Risk Assessment through Risk Analysis, assessed the various Assets within the systems boundaries and rigorously identifying all the possible vulnerabilities that exist within the system.
  • Identified gaps, developed remediation plans, and presented final results to the IT Management team.

Confidential

Information Technology Specialist

  • Works with top management to ensure in corporation on new security tools and equipment needed for efficiency and effectiveness purposes of all ongoing projects.
  • Conducted research on the National Institute of Standards and Technology ( Confidential ) Special Publications and how best the knowledge can improve IT as a whole
  • Developed the audit plan and performed the General Computer Controls testing of Information Security, Business Continuity Planning, and Relationship with Outsourced Vendors.
  • Inspected configuration, checked configuration compliance, test IT Controls functionality and inspected logs.
  • Performs and oversees basic to complex security analysis, standards design, and security gap analysis
  • Coordinates, develops, and evaluates security programs for an organization. Recommends information assurance/security solutions to support customers' requirements
  • Researched on the overhaul of spearheading Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), and Security Technical Implementation Guide ( Confidential ) engineering and analysis activities.

Hire Now