SUMMARY:

• Information security and risk management expert with10+ years of IT experience and 8+ years of information assurance, security assessment and authorization (SA&A) experience with federal information systems. Extensive knowledge of the Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), security life cycle and vulnerability management using FISMA, OMB, HIPAA and applicable NIST standards. Proven enterprise experience in security management, aptitude for good Confidential service, leadership, and excellent communication and presentation skills. Ability to interact with various teams to support security assessments and continues monitoring for government and commercial clients.

TECHNICAL SKILLS:

Systems Security Plans (SSP)| Risk Management Framework (RMF) | Systems Security Test and Evaluation Security Control Assessments | Privacy Impact Assessment |FIPS 199/FIPS 200 | Security Categorization Vulnerability Management CSAM, TAF, Xacta, Risk Vision. |

PROFESSIONAL EXPERIENCE:

Confidential

• Create Security Assessment Plans (SAP), and registration documents (FIPS 199, e - Authentication and system inventory) prior to conducting security control assessments
• Independently conduct security control assessments for Authorization to Operate (ATO) on Moderate baseline systems based on the National Institute of Standards and Technology (NIST) Security Publications such as NIST 800-34, 37,39, 47, 53, 53A, 60, and FIPS 140, 199 and 200.
• Conduct vulnerability scan on the information systems that are under assessment
• Prepare and distribute the SAR, Provided by Client (PBC) list and the vulnerability scan report.
• Present findings and recommendation to the Authorizing Official (AO)
• Provide guidance to the CISO as requested

Confidential

Cyber Assurance Analyst

• Ensure Security documentations (System Security Plan, Contingency Plan, Risk Assessments and Incident Response Plan) are reviewed, maintained and up to date for FISMA Compliance.
• Work with a team of Information Security Owners, Developers and System Engineers to select, implement, and tailor security controls to safeguard system information.
• Conduct self-assessments of security controls on various impact systems in accordance with agency guidelines to ensure compliance with NIST 800-53a.
• Plan and execute POA&M remediation efforts to mitigate system vulnerabilities and prepare authorization packages for ATO (Authorization to Operate).
• Responsible for conducting Security Control Assessments (SCA) on Major and Minor Applications Systems to ensure that systems are operating within appropriate security posture.
• Preparing systems for ATO, provide support during ATO assessments, providing evidence as needed or assisting during interviews.
• Perform Annual Self-Assessment ensuring each system completes the annual self-assessment requirements in accordance with the CSH and organizational guidance.
• Perform ATO assessment on Cloud systems and work with cloud service providers like Appian, AWS, Salesforce, and Service Now etc.
• MOU/ISA- Ensure MOU/ISA are maintained and up to date. Assist where needed on IT Security parts ONLY.

Confidential

Security Control Assessor

• Applied appropriate information security control for Federal Information System as specified by NIST 800-37, SP 800-53 rev4, FIPS 199, FIPS 200 and OMB Circular 130 Appendix III.
• Maintained and Updated security software to prevent database security threats.
• Maintained incident response plan essential for system preparation, Identification, containment, investigation, eradication, recovery and follow-Up.
• Assessed network intrusion detection systems IDS/IPS and artifacts including logs, system images and packet captures to enable mitigation of network incidents.
• Configured and maintained firewall and checkpoint asset information by analyzing rules vulnerabilities, documentations and traffic management
• Prepares audit reports for distribution to management and upper management documenting the results of the audit performance.
• Analyzed a variety of network and host-based security appliance logs (Firewalls, NIDs, HIDS, and System Logs etc.) to determine the correct remediation actions and escalation paths for each incident.
• Updated IT Security policies, procedures, standards and guidelines according to department and federal requirements.
• Reviewed SAR post assessment created and completed POA&M's milestones to remediate findings and vulnerabilities.

Confidential

Information Security Analyst

• Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security Test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).
• Assisted System Owners and ISSOs in preparing system packages, ensuring that management, operational, and technical controls are implemented adequately as specified in NIST SP 800-53 Rev4.
• Developed templates for required security documents: including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.
• Conducted IT controls risk assessments that included reviewing organizational policies/procedures and provided advice on their adequacy, accuracy and compliance.
• Assisted with quarterly security awareness training program to educate employees and managers on security threats and vulnerabilities.
• Updated IT Security policies, procedures, standards and guidelines according to department and federal requirements.