- Experienced Information Security Analyst in Risk Management Framework (RMF), NIST 800 series, FISMA, Security control Assessment, Vulnerability Management, System Development Life Cycle, Business Continuity Plan and Disaster Recovery Plan.
- Proficient in developing guidelines, standards, policies and procedures such as System Security Plan, Security Assessment Report, Security Assessment Plan, Plan Of Action and Milestone. Comfortable working around regulations such as HIPAA, SSAE - 16, PCI and SOX.
- Exceptional troubleshooting skills for networking issues, end user problems and network security.
- Efficient in handling multiple project priorities, focused on taking a systematic approach to solving complex problems as well as demonstrating exceptional communication and leadership skills.
Operating Systems: Windows XP/Vista/7/8/8.1/10, Mac OSX, Linux, Android, iOS
Hardware: PC, Laptops, Tablets, Printers, Scanners, and other mobile devices
Software: Virtual Box/VM Ware, MS Office Word, Excel, PowerPoint, and Active Directory
Information Security Analyst
- Apply appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4. Review and update some of the system categorization using FIPS 199.
- Responsible for ensuring program level compliance with FISMA Controls (e.g., SP800-53).
- Create and update Contingency plans and Disaster recovery plans for information systems using NIST SP 800 - 34.
- Categorize information systems in accordance to FIPS 199, NIST 800-60.
- Select and assign appropriate security controls to Federal information systems.
- Conduct security control assessment in accordance with NIST 800-53A Rev4.
- Conduct continuous monitoring after authorization (ATO) to ensure continuous compliance with the security requirements.
- Develop, review and update Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with NIST, FISMA, OMB App. III A-130, NIST SP 800-18 and industry best security practices.
- Performed risk assessments; developed and review system security plan (SSP), Plans of Action and milestones (POA&M), Security Control Assessments, Configuration Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP) and other tasks and specific security documentation.
Information Security Analyst
- Prepared and submitted Security Assessment Plan (SAP) to CISO for approval.
- Conducted Security Assessment using NIST 800-53A.
- Developed and conducted Contingency Plan and Test.
- Developed and updated system security plan (SSP), plan of action and milestone (POA&M).
- Monitored controls post-authorization to ensure continuous compliance with security requirements.
- Created reports detailing the identified vulnerabilities and the step taken to remediate them.
- Provides expert level research and analysis for planning, organizing, and managing PCI security functions.
- Participate in day-to-day information security activities as they relate to PCI such as questions, problems, exceptions, etc.
IT Service Support
- Performed performance trend analysis and managed server/network capacity. Proposed client configuration and implemented technical solutions to enhance and troubleshoot systems.
- Managed Ticketing system in ServiceNow.
- Provided onsite IT service support for retailers in a very busy environment.
- Assisted with the deployment of hardware and software to end users which include the installation, configuration and testing of more complex firm hardware.
- Coordinated the repair of end user hardware and the reinstallation of software as necessary to resolve end user incidents Performed general maintenance tasks, troubleshoots and prepares IT equipment such as Computer systems, server, network switches and routers, servers for optimum functions.