Fisma/sa & A Analyst Resume
3.50/5 (Submit Your Rating)
OBJECTIVE:
Skilled and detail - oriented Security Assessment & Authorization (SA & A) professional with unparalleled problem solving and project management skills and strong background in Risk Management Framework and Vulnerability Management using FISMA and applicable NIST standards to achieve organizational security compliance goals.
EXECUTIVE SUMMARY:
- Working knowledge of NIST 800 series
- Highly skilled and performance-driven SA & A Analyst with strong background in System Security monitoring, auditing and evaluation
- Extensive experience in Security Assessment and Risk Assessment of GSS (General Support Systems and MA (Major Applications)
- Solid track record in creating and updating Security Assessment and Authorization (SA & A) documentation in line with company, industry and national standards
- Energetic, highly adaptive team player recognized as a quick learner with exceptional people skills and the unique ability to work with little or no supervision
- Excellent communication skills and ability to recognize, analyze and document deficiencies and articulate same to key management personnel
PROFESIONAL EXPERIENCE:
FISMA/SA & A Analyst
Confidential
Responsibilities:
- Develop, review and update Information Security System Policies, System Security Plans and Security baseline in accordance with NIST, FISMA, OMB App.
- Applied appropriate information security control for Federal Information System based on SP 800-53 rev4, and FIPS 199.
- Conducted systems and network vulnerability scans in order to identify and remediate potential risks.
- Conduct kick off meetings with systems stakeholders to collect systems information to categorize systems referencing NIST SP 800-60
- Create FIPS 199 to categorize information and information systems to safeguard Confidentiality, Integrity and Availability as well as to ascertain the overall High Water Mark of the systems
- Select security controls using NIST-800-53 Rev 4 as a guide depending on system categorization
- Generate control baseline using FIPS 200
- Develop, analyze and update System Security Plan (SSP)), Risk Assessment Report (RAR), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)
- Perform Vulnerability Assessment to ensure risks are assessed, evaluated and proper actions taken to limit their impact on the Information and Information Systems
- Develop, update, review and submit artifacts in line with the Risk Management Framework and FISMA requirements
- Prepare A&A package documents to include SSP, SAR & POA&M to enable the Authorizing Officer to make informed risk-based decision before granting Authorizing to Operate letter.
- Conduct continuous monitoring by identifying, assessing, responding and remediate risk
IT Security Analyst
Confidential
Responsibilities:
- Supported NIST Risk Management Framework (RMF) based Certification and Authorization (C&A) activities.
- Monitored timeliness of required actions and documents pertaining to the C&A of the system throughout its lifecycle.
- Conduct comprehensive reviews of security authorization documents to ensure the appropriate NIST security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the systems
- Recommended improvements for the authorization process where practical to lessen processing time and the amount of paperwork and/or resources required, to include bench marking and other process improvement activities.
- Conducted Security Authorization document reviews
- Provided support for all assigned Security Authorization activities.
- Developed a preliminary Security Assessment Report (SAR)
- Created the Security Assessment Plan, including rules of engagement (ROE) for each major application, information system, or GSS undergoing authorization.
- Documented the results of the security control assessment, including recommendations for correcting any weaknesses or deficiencies in the controls, analyze findings, and develop risk mitigation techniques to address weaknesses
SCRUM MASTER
Confidential
Responsibilities:
- Worked with the stakeholder in identifying and documenting User Stories.
- Coordinated with the Product Owner identifying the User Stories for the Sprint Backlog
- Coordinated daily scrums and helped remove impediments as and when they arose.
- Coordinated the Scrum Team during each Sprint towards a shippable product release working closely with the Product Owner to make sure each user story in the Sprint Backlog is being attended to.
- Studied the inherent systems to have a clear understanding of the business processes and associated system workflow.
- Tracked and managed all Change Requests taking them through the complete change request lifecycle.
- Assisted the PM in determining the velocity of the team so to maximize productivity.
Privacy Policy
Resume Categories
- .NET Developers/Architects Resumes
- Java Developers/Architects Resumes
- Informatica Developers/Architects Resumes
- Business Analyst (BA) Resumes
- Quality Assurance (QA) Resumes
- Network and Systems Administrators Resumes
- Help Desk and Support specialists Resumes
- Oracle Developers Resumes
- SAP Resumes
- Web Developer Resumes
- Datawarehousing, ETL, Informatica Resumes
- Business Intelligence, Business Object Resumes
- MainFrame Resumes
- Network Admin Resumes
- Oracle Resumes
- ORACLE DBA Resumes
- Other Resumes
- Peoplesoft Resumes
- Project Manager Resumes
- Quality Assurance Resumes
- Recruiter Resumes
- SAS Resumes
- Sharepoint Resumes
- SQL Developers Resumes
- Technical Writers Resumes
- WebSphere Resumes
- Hot Resumes
