We provide IT Staff Augmentation Services!

Lead Security Analyst Resume

Chevy Chase, MD

SUMMARY

  • Detailed knowledge of security tools, technologies and best practices with more emphasis on FISMA/NIST, FedRAMP and Sarbanes - Oxley 404. Over five years of experience in system security monitoring, auditing and evaluation, C&A, cloud services and Risk Assessment of GSS (General Support Systems) and MA (Major Applications).
  • Perform Certification and Accreditation documentation in compliance with company standards.
  • Develop, review and evaluate System Security Plan based NIST Special Publications
  • Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems
  • Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A
  • Compile data to complete Residual Risk Report and to insert contents into the POA&M
  • Strong knowledge in Cloud concept
  • Ability to multi-task, work independently and as part of a team
  • Strong analytical and quantitative skills
  • Effective interpersonal and verbal/written communication skills

TECHNICAL SKILLS

Network: & System Security

Risk: Management

Authentication: and Access Control

Vulnerability: Assessment

System: Monitoring & Regulatory Compliance

Security Technologies: Retina Network Security Scanner, Nessus, Nmap, Nsat, Anti-Virus Tools

Systems: Unix-Based Systems, Windows 9X/NT/2000/XP

Networking: LANs, WANs, VPNs, Cisco Routers/Switches, Firewalls, TCP/IP

Software: MS Office (Word, Excel, PowerPoint, Access, Outlook)

PROFESSIONAL EXPERIENCE

Confidential, Chevy Chase, MD

Lead Security Analyst

Responsibilities:

  • Create and update System Security Plan (SSP), Risk Assessment (RA), Privacy Threshold Analysis, Privacy Impact Assessment (PIA), SORN, MOU, ISAs, Incidence Response, IT Policies and Procedures, User Guide, Rules of Behavior and Integrated Inventory Workbook.
  • Analyze System Security test and Evaluation (ST&E) and the Plan Of Actions and Milestones (Confidential)
  • Assist System Owners and ISSO in preparing certification and Accreditation package for companies IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4
  • Designate systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60
  • Conduct Self-Annual Assessment (NIST SP 800-53A)
  • Perform Vulnerability Assessment. Make sure that risks are assessed, evaluated and a proper actions have been taken to limit their impact on the Information and Information Systems
  • Create standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
  • Conduct IT controls risk assessments that include reviewing organizational policies, standards and procedures and provides advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard
  • Perform IT risk assessment and document the system security keys controls
  • Meet with IT team to gather evidence, develop test plans, testing procedures and document test results and exceptions
  • Design and Conduct walkthroughs, formulate test plans, test results and develop remediation plans for each area of the testing
  • Develop a Business Continuity Plan and relationship with outsourced vendors
  • Develop a Configuration Management Plan and Contingency Plan.
  • Create update Standard Operating Procedure (SOP) for process flows and quality enhancements
  • Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies

Confidential, Washington, DC

IT Security Analyst

Responsibilities:

  • Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M)
  • Assisted System Owners and ISSO in preparing certification and Accreditation package for companies IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4
  • Designated systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60
  • Conducted Self-Annual Assessment (NIST SP 800-53A)
  • Performed Vulnerability Assessment. Make sure that risks are assessed, evaluated and a proper actions have been taken to limit their impact on the Information and Information Systems
  • Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
  • Conducted IT controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard
  • Performed IT risk assessment and document the system security keys controls
  • Met with IT team to gather evidence, develop test plans, testing procedures and document test results and exceptions
  • Designed and Conducted walkthroughs, formulate test plans, test results and develop remediation plans for each area of the testing
  • Wrote audit reports for distribution to management and senior management documenting the results of the audit
  • Participated in the SOX testing of the General Computer Controls
  • Developed a Business Continuity Plan and relationship with outsourced vendors
  • Evaluated clients key IT processes such as change management, systems development
  • Computer / data center operations and managing security at database, network and application layers

Confidential, Washington, DC

IT Compliance Analyst

Responsibilities:

  • Conducted kick off meetings using the approved IT security framework, FIPS 199/NIST 800-60 to categorize information and information system.
  • Conducted IT Controls risk assessment to identify system threats, vulnerabilities and risk, and generate reports
  • Developed and Conducted Security Test and Evaluation (ST&E) according to NIST SP 800-53A.
  • Developed a security baseline controls and test plan that was used to assess implemented security controls
  • Developed System Security Plan (SSP) to provide an overview of the system security requirements and describe the controls in place
  • Developed Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action & Milestones (POAM)
  • ·Created standard templates for required security assessment and authorization documents; Risk Assessment (RA), System Security Plan (SSP), Contingency Plan (CP) and Security Plan (SP)
  • Involved in third party contract evaluation, Review information security accreditation request
  • Conducted periodic IT Risk Assessment and Reviewed IA controls for any deficiencies and reported to the ISSO for appropriate mitigation actions.
  • Assisted in the development of an information security continuous monitoring strategy.
  • Conducted Business Impact Analysis (BIA) to identify high risk area where audit effort will be allocated to
  • Conducted Certification and Accreditation (C&A) on general support system and major application using the six steps of the Risk Management Framework (RMF) from NIST SP 800-37 in order to meet the necessary Federal Information Security Management Act (FISMA).

Confidential, NJ

IT Auditor

Responsibilities:

  • Evaluated the adequacy of internal controls and compliance with company policies and procedures by conducting interviews with all levels of personnel, examining transactions, documents, records, reports, observing procedures
  • Wrote audit reports for distribution to management and senior management documenting the results of the audit
  • Assisted in recommendations based on independent judgment of corrective action and suggested improvements to operations and reductions in cost
  • Assisted in the identification of risks as part of the risk management process, including business continuity and disaster recovery planning
  • Provided support to internal and external audit teams as required
  • Performed bi-annual security policy review to make sure all information are current with the laws, directives and regulation
  • Conducted Business Impact Analysis (BIA) to analyze mission critical business functions and identify and quantify the impact those functions if these are lost (e.g., operational, financial). BIA helped to define the company’s business continuity plan and IT internal control audit objective
  • Handled technical troubleshooting with an enterprise environment including systems crashes, slow-downs and data recoveries
  • Engaged and tracked priority issues with responsibility for the timely documentation, and escalation
  • Provided information and/or technical assistance to users concerning the development and maintenance of the computer network or for resolution of special problems
  • Earned recommendation for teamwork, flexibility and work excellence in providing IT support to students and faculty

Hire Now