SUMMARY

• A self - spurred and dedicated Information Technology Professional with multiple periods of involvement in preparing and reviewing Assessment and Authorization (A&A) packages for Information Systems according to Federal Information Security Modernization Act of 2014 (FISMA), with an in-depth knowledge of managing and protecting enterprise information systems using, NIST SP 800-18, SP 800-53 Rev4, NIST 800-37, POA&M. FedRAMP.

AREAS OF EXPERTISE

• Risk Mitigation and Management
• Team Player with fast learning curve
• Excellent Communications Skills
• SSP Documentation
• Managing Multiple Projects
• POA&M Management
• Assessment and Authorization
• Published Author

PROFESSIONAL EXPERIENCE

SECURITY CONTROL ASSESSOR

Confidential

Responsibilities:

• Prepare and review Authorization Packages; Security Assessment Plan (SAP), Security Assessment Report (SAR), Security Control Assessment (SCA)
• Assisted System Owners and ISSO in preparing Assessment and Authorization packages for Information Systems.
• Developed risk exposure table and review/Update Draft Security Assessment Report (SAR)
• Provide support to internal and external audit teams in gathering evidence to validate information systems controls updates.
• Able to build a collaborative and trusted relationships with IT stakeholders
• Develop audit plans and conduct Interviews, Tests, examinations and analyze scans to gather facts about the information Systems.

INFORMATION SYSTEM SECURITY OFFICER

Confidential

Responsibilities:

• Develop and review security categorizations using FIPS 199 and NIST SP 800-60 to determine if the categorization is adequate and commensurate with the data that is processed.
• Achieve FISMA compliance and Authority to Operate (ATO) for Systems based on the guidance from the NIST 800-37 Risk Management Framework (RMF)
• Perform and develop Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA) in Coordination with the System Owners, Privacy Officers and upper management.
• Review and update System Security Plan (SSP) using NIST 800-53rev4 requirements.
• Ensure that artifacts are maintained and updated in accordance with NIST guidelines and organizational policies.
• Review and analyze reports from Vulnerability Scans and advise management on remediation actions.
• Support Federal client in performing the NIST RMF process using the Cyber Security Asset Management tool (CSAM) to manage the A&A workflow and associated documents.
• Coordinate, and track remediation of security weakness as they are discovered, via the Plan of Action and Milestone (POA&Ms) and provide upper management with weekly status report.

INFORMATION ASSURANCE ANALYST

Confidential, MD

Responsibilities:

• Supported the Assessment and Authorization activities by developing the overall System Security.
• Developed and maintained documentation outlining system operating environment for assigned systems.
• Coordinated and conducted regular system security audits in support of compliance with the overall System Security Plan to maintain Authority to operate status.
• Identified and documented deficiencies in the design, operating effectiveness of controls and provided recommendations.
• Reviewed and updated System Security Plans (SSP) using NIST 800-53rev4 requirements.
• Achieved FISMA compliance and Authority to Operate (ATO) for systems based on guidance from the NIST SP 800-37 Risk Management Framework (RMF)
• Supported the client in performing the NIST RMF process to ensure that they comply with security and complete their annual SA&A requirements.

HEALTH DATA IT MANAGER

Confidential, MD

Responsibilities:

• Collaborated with systems owner in the development of secured Data systems in compliance with HIPPA and federal information system based on NIST 800-66, NIST 800-112
• Trained and mentored employees the use of PCC (Point Click Care software)
• Performed Software/Hardware installation, maintenance, update and testing. Provided support to internal and external audit teams in gathering evidence to validate control Updates
• Utilized tools to track, record, and transfer request orders and incident tickets.

TABLEAU DEVELOPER, Data analyst

Confidential, Troy, MI

Responsibilities:

• Utilized tools to track, record, and transfer request orders and incident tickets.
• Use data visualization tools to provide an easy to understand interface for end users to quickly identify key themes within their Data
• Designing the Reports as per client Requirement and created the reports using Excel file and Oracle database.
• Created Tableau scorecards, dashboards using stack bars, bar graphs, scattered plots, geographical maps, heat maps, bullet charts, Gantt charts demonstrating key information for decision making.
• Involved in extraction, transformation and loading of data directly from different source systems like flat files, Excel, Oracle and SQL Server.
• Worked extensively with Advance analysis Actions, Calculations, Parameters, Background images, Maps, Trend Lines, Statistics, and Log Axes. Groups, hierarchies, Sets to create detail level summary reports and dashboards using KPI's
• Created, organized, customized analysis and visualized projects and dashboards to present to Senior Level Executives.
• Created demos in Tableau Desktop and published onto Tableau Server.
• Strong ability in developing SQL queries to extract, manipulate, and/or calculate information to fulfil data and reporting requirements including identifying the tables and columns from which data is extracted.