We provide IT Staff Augmentation Services!

Information Assurance Analyst Resume

SUMMARY

  • A Detail oriented individual offering five plus years’ experience in Information Technology Security, Information System Auditing and Information Assurance with focus on Internal Controls, Federal Information Security Modernization Act (FISMA), FedRAMP, Cloud Service, system security monitoring, auditing, risk assessments, compliance, audit engagements, testing information technology controls, developing security policies, procedures and guidelines.

PROFESSIONAL EXPERIENCE

Confidential

Information Assurance Analyst

Responsibilities:

  • Conducted security assessment, following NIST Special Publication 800 - 53A guidance in support of obtaining an Authority to Operate for new systems or existing systems that undergo significant change.
  • Coordinated security assessment activities with the appropriate system and security.
  • Documented comprehensive security assessment results that include a full description of the weakness and deficiencies discovered during assessment.
  • Provided expertise and assistance in the development of continuous monitoring programs and plans.
  • Configured vulnerability scanners, perform scans, analyze results and provide remediation assistance.
  • Conducted vulnerability assessments and security impact analyses based on the NIST requirements.
  • Documented security assessment results in the Cyber Security Assessment Management (CSAM) system.
  • Managed and coordinated POA&M items for remediation.
  • Reviewed and Updated System Security Plans using the NIST 800-18 as a guide.
  • Collect, review, and update, and maintain IT Supporting artifacts based on the NIST 800- 53 Rev 4
  • Perform Security Assessment of the Federal systems and applications by NIST 800-53A Rev 2 as guidance for current federal directives and policies.

Confidential

Information Security Analyst

Responsibilities:

  • Participated in the system authorization process by working with the key stakeholders to create complete and accurate Risk Management Framework (RMF) packages.
  • Led in the development of Privacy Threshold Analysis (PTA) and Privacy Impact Analysis (PIA) by using NIST privacy handbook, and also working closely with the Information Security System Officers (ISSO's) the System Owners (SO) and the Information owners (IO).
  • Conducted Security Test and Evaluation (ST&E) using NIST 800 53A. Rev 4 and develop supporting documentation to the result based on security control requirement.
  • Supported Security Assessment and Authorization (SA&A) activities, by preparing the complete ATO package for the authorization official to make accreditation decision.
  • Reviewed and Updated System Security Plans using the NIST 800-18 as a guide.
  • Collected, reviewed, and updated, and maintained IT Supporting artifacts.
  • Performed Security Assessment of the Federal systems and applications by NIST 800-54A Rev4 as guidance for current federal directives and policies.
  • Ensured that system documents are created for POA&Ms and approved by ISD no less than 60 days prior to POA&M expiration.
  • Provided reporting on POA&M remediation for all systems upon request by the Federal Government using the CSAM tool as repository for all POAM documents.

IT Compliance Auditor

Confidential

Responsibilities:

  • Assists with the assembling and testing compliance with SOX 404, framework analysis and reviewing Report.
  • Meet with IT team to gather evidence, develop test plans, testing procedures and document test results and exceptions
  • Assisting in Conducting walkthroughs and evaluation of the IT infrastructure in terms of risk to the organisation; recommends controls to mitigate loss and develop remediation plans for each area of the testing.
  • Wrote audit reports for distribution to management and senior management documenting the results of the audit.
  • Assisting in performing and documenting audits of IT and special projects of the company.
  • Support audit team in planning audits and effective assessment of inherent and risk for each IT entity.
  • Prepares reports and makes recommendations for improvements in the areas of internal controls and vulnerability mitigation.
  • Conduct IT controls risk assessments including reviewing organizational policies, the effectiveness and efficiency of financial, operational, and information technology procedures and providing advice on their adequacy, accuracy and compliance with industry standards.

Hire Now