Information Systems Security Officer Resume

SUMMARY

A motivated and disciplined Information Systems Security Officer with numerous years of experience in preparation of Assessment and Authorization packages (A&A), such as System Security Plan (SSP) documentation, and maintaining information security standards in accordance to Federal Information Security Modernization Act of 2014 (FISMA) and Office of Management and Budget (OMB).
Focused and committed to providing excellent execution on areas of information security such as Vulnerability Analysis, POA&M management, and Continuous Monitoring.
Familiarity with the National Institute of Technology (NIST) documentation guidelines; FIPS 199 & 200, Special Publications series 800 - 37, 800-18, 800-60, 800-53 & 53A, 800-137.

TECHNICAL SKILLS

PROFESSIONAL EXPERIENCE

Information Systems Security Officer

Confidential

Responsibilities:

Conduct weekly POA&M update meetings with upper management.
Vast experience with categorization of the Information Systems, Mapping Information Types, using FIPS 199 and NIST SP 800-60 as a guide.
Experience in using NIST Special Publication 800-53 (Rev. 4) as a guide in selecting the security baseline controls.
Documented and updated System Security Plans (SSP), using NIST SP 800-18 as a guide.
Proficient in the use of Security Content Automation Protocol (SCAP) tools such as RSA Archer, Serena (Team Track) for POA&M management and other related A&A activities.
Competent in analyzing Scan Reports from vulnerability scanning tools (e.g. Nessus, Qualys) and tracking remediation’s efforts with the Point of Contact (POC).
In depth experience in developing artifacts such as Electronic Authentication (eAuth) , Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA) in accordance with NIST guidelines.
Supported Organization continuity and ensured compliance with FISMA regulations by accurately following RMF NIST SP 800-37 coupled with the preparation of the Assessment and Authentication package (A&A package).
Determine the Information Security Objectives of the information systems by protecting the Confidentiality, Integrity and Availability of the client’s systems.

Security Control Assessor

Confidential

Responsibilities:

Conducted client facing interviews, Kickoff Meetings and advised upper Management.
Develop Security Assessment Report (SAR) detailing the results of the security controls assessment along with Plan of Action & Milestones (POA&M) to the Designated Approving Authorization Official (AO) to obtain the Authority to Operate (ATO).
Ensure ongoing security control assessments are conducted in accordance with the frequencies defined by NIST to maintain an ongoing security ATO.
Organized and reviewed the Assessment and Authentication package (A&A package) alongside with the Information Systems Security Officer (ISSO).
Conducted Security Controls Assessment using Examination, Interviews and test Methods.
Debriefed Upper Management on recommendations to grant Authority to Operate (ATO), if the weaknesses are acceptable to the organization security posture
Participated in continuous monitoring activities and ensured that the state of the security posture remained acceptable, using NIST SP 800-137 as a guide.