We provide IT Staff Augmentation Services!

Sr. Security Control Assessment Engineer Resume

SUMMARY:

Information Technology/Cybersecurity professional with over eleven years’ experience in cloud security advisory support services, systems administration and technical expertise. Highly skilled in governance, risk, and compliance, to include policy development, process assessment, auditing, reporting, and implementation for sophisticated enterprise security management and control. Effectively collaborates well with security and compliance divisions, acting as a subject matter expert (SME) for senior and executive management. Often praised for proficiently analyzing, evaluating, and recommending risks, gaps, and weaknesses in system control processes, compliance procedures, and data management practices.

CORE COMPETENCIES:

Cloud Security Advisory

Governance

CoBIT5

CISO Advisory

Risk Management

IAM and RBAC

FISMA Auditing

Policy

NIST - 800-53 Rev 4 and 800-37

FedRAMP

Cloud Security

Curriculum Development & Training

EXPERIENCE:

Sr. Security Control Assessment Engineer

Confidential

Responsibilities:

  • Conduct Security Control Assessments (SCA) to evaluate system readiness and contributed to Authorizations to Operate (ATO) decisions to comply with Confidential 800-53 Rev.4 security controls.
  • Collaborate with and interview Information System Security Officers (ISSOs), SMEs, and system support personnel on management and procedures to identify improvements and operational deficiencies.
  • Create security assessment plans, risk matrices, project timelines, and security assessment reports (SAR) to support and comply with highest industry standards.
  • Conduct Security Impact Analysis (SIA) on Federal Student Aid (FSA) information system changes and determine associated security ramifications.

Sr. Cyber Security Consultant

Confidential

Responsibilities:

  • Participated in cross-intelligence agency working groups to improve security policies and standard operating procedures.
  • Collaborated with FDIC and FSA stakeholders to draft comprehensive corrective action plans and review evidence submitted to auditors for OIG, GAO, FISMA, and A-123 audit findings using CSAM.
  • Assessed FDIC Cloud governance and project team processes to determine how to improve end-to-end cloud system implementations.
  • Compiled and briefed CISO and CIO on quarterly FISMA metric data submissions.
  • Developed and managed compliance dashboards on SharePoint using SSRS and PowerBI
  • Identified, reviewed, and reported new federal statues including Executive Orders, Office of Management and Budget (OMB) Memorandums, Department of Homeland Security (DHS) Binding Operational Directives, and Confidential guidance for implementation.

User Access Certification Consultant (Team Lead)

Confidential

Responsibilities:

  • Oversaw a team of three to conduct Identity and Access Management (IAM) and Role Based Access Control (RBAC) certifications for FDIC applications using SailPoint Identity IQ.
  • Coordinated with FDIC stakeholders to plan, test, report, and recommend appropriate remediation measures to ensure Information Security access management processes and standards are maintained.
  • Increased the overall account and permission revocation rate by ~8% for systems enrolled in the RBAC certification program between 2015 and 2016.
  • Improved client services by implementing a bi-annual satisfaction survey and improving services based on the overall responses.
  • Improved certification configuration process by creating a team Wiki using SharePoint TFS
  • Developed status reports, certification schedules, and level of efforts for the project task.
  • Hosted ad-hoc and scheduled training sessions for FDIC stakeholders on the use of SailPoint Identity IQ.

Windows System Administrator

Confidential

Responsibilities:

  • Performed LAN administration, installation, configuration, maintenance, optimization, disaster recovery, and repair of 2000+ physical and virtual Windows servers.
  • Used iDRAC and VMware vSphere to manage servers.
  • Performed daily system monitoring using IBM Tivoli Netcool.
  • Managed server backups within CommVault. Ensured backups are stored within the appropriate removable media; sent media to off- site storage facility, and delivered data recovery when necessary.
  • Used Remedy to respond to tickets, e-mails, and telephone calls within the service level agreement. Resolved approximately (30) tickets per day.

Sr. Computer Maintenance Technician

Confidential

Responsibilities:

  • Provided on-site and remote white glove technical support to approximately 350 executive level and managerial employees.
  • Imaged and configured Dell and HP laptops and desktops. Identified, researched, and resolved technical issues pertaining to smart phones, tablets, Windows laptops/desktops, Konica Minolta and HP printers/scanners, PKI certificates, and software applications used within the organization.
  • Used Maximo to respond to tickets, e-mails, and telephone calls within the service level agreement. Resolved approximately (25) tickets per day.
  • Configured and managed Cisco VoIP telephones in Cisco Call Manager.

Adjunct Professor

Confidential, Washington, DC

Responsibilities:

  • Prepared and delivered lectures for undergraduate course for Information Systems Management and Criminal Justice in Information Systems.
  • Delivered lectures in live classroom setting and via Blackboard for online courses.

Hire Now