SUMMARY:

• A Security control Assessor with vast experience in Managing and Protecting Enterprise Information Systems, Network Systems and Operational processes through Information Assurance Controls, Compliance Verifications, Risk Assessment, Vulnerability Assessment in accordance with NIST, FISMA, OMB and industry best Security practices. Applied knowledge of FISMA, National Institute of Standard and Technology (NIST) Risk Management Framework (RMF), NIST Special Publication 800 series, and FIPS 199 and 200 system classification and security categorization guidance. Able to thrive in fast - paced and challenging environments where accuracy and efficiency matter.

TECHNICAL SKILLS:

• Risk Management Framework (RMF)
• Assessment and Authorization Certification and Accreditation
• POA&M Management
• Vulnerability Assessment
• Security Controls Assessment
• Policy and Procedures
• Risk Management
• IT Project Management
• Cybersecurity Framework (CMF)
• Effective Customer Service
• Strong Written and Verbal Skills
• Excellent Communicator
• Strong Problem Solving and Critical Thinking Skills

PROFESSIONAL EXPERIENCE:

Confidential, Washington, DC

Information Assurance Analyst

• Develop, review and update Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with NIST, FISMA, OMB, NIST SP 800-18 and industry best security practices.
• Performs comprehensive Security Control Assessments (SCA) and wrote reviews of management, operational and technical security controls for major applications and information systems.
• Develop, review and update Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with NIST, FISMA, OMB, NIST SP 800-18 and industry best security practices.
• Identifies and recommends resolution of processing problems.
• Developed Security Assessment plan (SAP) according to NIST SP 800-53A.
• Assisted the system owners with the Security Assessment Report (SAR) and Authorization to operate (ATO) for the approval of the authorizing officer, for my assigned
• Developed Requirement Traceability Matrix (RTM) to document the results of the assessment
• Met with the system team to collect evidence, develop test plans and procedures and document test results.

Confidential, Rockville, Md

Security Control Assessor

• Conducted kick-off meetings to collect systems information and categorize systems based on NIST SP 800-60
• Developed security control baseline and tested plan used to assess and implement security controls
• Created and updated the following Security Assessment and Authorization (SA&A) artifacts; FIPS
• 199, Risk Assessments Report (RAR) Privacy Threshold Analysis (PTA), Privacy Impact Analysis
• (PIA), Contingency Plan, Security Test and Evaluations (ST&Es), E-Authentication, Plan of Action and Milestones (POAMs).
• Met with the system team to collect evidence, develop test plans and procedures and document test results.
• Designed and Conducted walkthroughs, formulated test plans, tested results and developed remediation plans for each area of the testing.
• Conducted FISMA complaint security control assessments to ascertain the adequacy of management, operational, technical privacy controls.
• Examined events logs for irregularities. Identified irregularities are then reported as incidents. The incident response is then initiated to mitigate these irregularities.
• Involved in security incident management in order to mitigate or resolve events that have the potential to impact the confidentiality, availability, or integrity of information technology resources.
• Created and maintained security metrics in order to help senior management to make decisions.
• Provide support to internal and external audit teams in gathering evidence to validate controls
• Interviewed ISSOs, System Owners System Engineers and reviewed existing system documentations in order to make an objective assessment if the system complied with established standards.

Confidential, Washington, DC

Information Security Specialist

• Served as the principle advisor to the information System Owner and Authorizing officer on all matters involving security of the information systems
• Assisted in the development of and updates to system security documentation.
• Developed Security Authorization for compliance with NIST 800-37 Rev 1 while applying Risk Management Framework to Information Systems guidance such as System Security Plans (SSP), Security Assessment Report (SAR) and plan of Action and Milestones (POA&M).
• Maintained and manages the security aspects of an information system and responsible for its day-to-day operation.
• Reported in close coordination with the ISO and play an active role in the monitoring of systems and their operational environments.
• Developed and updates the security artifacts; managing and controlling changes to the system, assessing the security impact of those changes while participating in audits of the system
• Maintained POA&M and assists in the remediation of identified weaknesses.
• Performed security, analyses and risk/vulnerability assessment.
• Performed update to system Security Plan, Security Assessment Report, Risk Assessment, Contingency Plan based on Continuous