SUMMARY

• Insightful, self - managed, results-driven IT professional and problem solving skills that complement demonstrated experience in analyzing complex difficulties and developing innovative solutions.
• Knowledge of and experience with federal & private organizations security policies, standards, guidelines & frameworks - including but not limited to NIST 800 SPs (such as 800-18, 37, 39, 60, 53A/53 rev 4/5, 145), FIPS 199/200, OBM, FISMA, FedRAMP, ISO/IEC 27001, HIPAA & PCI DSS.
• Working knowledge of Risk Assessment, Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), Assessment and Authorization (A&A), Authority to Operate (ATO) and BIA.
• Understanding of Cloud protections as expressed in FedRAMP for federal government agencies.
• Ability to analyze computing environments to determine vulnerabilities, recommend safeguards to mitigate risks, and perform compliance reviews to ensure applications, systems, networks and servers are operating in accordance with establishedsecurity policies, standards and guidelines.
• Demonstrable understanding of basic Information Technology (IT) concepts such as internet, intranet and extranet technologies, Windows OS, software applications & installations and cloud concepts.
• Experience in portfolio management with strong fundamental, quantitative and analytical skills as well as making investment recommendations in line with company investment policies.
• Able to work face-to-face with multiple stakeholders: interviewing, planning, and participating in a team-effort to bring multiple complex projects to execution in a highly motivated environment.
• Proficient in explaining technical information, resolutions, documentations, and presentations to clients and non-technical personnel at all levels of the organization or enterprise.
• Thrive in a highly collaborative, fast-paced work environment and multidisciplinary team setting where leveraging technology for continuous business improvement is the norm.

PROFESSIONAL EXPERIENCE

Information System Security Officer

Confidential, VA

Responsibilities:

• Responsible for conducting security Certification and Accreditation (C&A) activities utilizing the Risk Management Framework (RMF) in compliance with the FISMA requirements.
• Provide support for all aspects of the SDLC activities as defined in RMF (NIST 800-37) and related customer/government agencies leading to the implementations of the RMF.
• Responsible for ensuring that all deficiencies from SCAs and vulnerability scans are addressed in a Plan of Action and Milestones (POA&M), track remediation actions and report status to senior management.
• Monitor systems and its environment of operation to include updating the security plans, ensuring appropriate configuration management for all software and hardware, managing and controlling changes to the system, and assessing the security impact of those changes.
• Develop, update and maintain all C&A and system security documentation including, but not limited to the following: the System Security Plans, Incident Response Plans, Contingency Plans, Risk Assessment Reports (RAR), Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Business Impact Analysis (BIA), E-Authentication and Standard and Operating Procedures (SOP).
• Ensure information systems are assessed, integrated, accredited, operated, maintained and disposed of in accordance with applicable security policies and practices outlined in NIST SPs and customer directives.
• Investigate system security incidents to determine the extent of compromise to information systems, assess implemented security controls to determine their effectiveness and efficiency as well as review the system Dependency Matrix needed for system interconnections.
• Give advice, recommendations, guidance to program management and insight into the overall management and evaluation of the system security posture include migration of systems to the cloud.
• Responsible for supplying customer with an end-to-end trainings and awareness capability including the development, deployment and analysis of security training across the organization.

Sr. Cyber Security Analyst

Confidential, VA

Responsibilities:

• Responsible for developing and maintaining Authorization to Operate (ATO) packages for information systems to ensure they were in compliance with organization’s information security requirements and make recommendations for mitigation.
• Team lead for conducting Security Control Assessments (SCAs) on information systems using NIST 800-53Ar4 to determine compliance with applicable FISMA requirements, making sure controls were implemented correctly,operating as intended, and producing the desired results.
• Created Security Assessment Plans (SAPs) & Reports (SARs) as well as managed POA&Ms for corrective actions following assessment activities and in response to identified vulnerabilities for maintaining system ATO status (as part of continuous monitoring process).
• Liaised with system stakeholders to develop, review, and maintain security artifacts such as System Security Plans (SSP), Configuration Management Plans (CMP), Contingency Plans (CP), Disaster Recovery Plans (DRP), Incident Response Plans (IRP), MOUs/ISAs and PTA/PIA for compliance.
• Supported the review of all Cloud Service Provide (CSP) documentation for compliance as well as work with stakeholders until the cloud system documentation meets FedRAMP A&A requirements.
• Coordinated with the ISOs and System Owners to review and complete the Customer Responsibilities Security Plan for proper implementation details and documentation as part of FedRAMP ATO process.
• Reviewed Nessus and Database vulnerability scan results for mitigation actions and helped the System Owners and ISOs to create and maintain POA&Ms for the deficiencies identified in the scan results.
• Periodic traveled to client sites to assist with pre-office of Inspector General (OIG) Audit tasks such as system security documentation, POA&M remediation and work with Facility Chief Information Officers (CIO) and ISOs to mitigate information security vulnerabilities in readiness for OIG Audit.
• Hosted and facilitated kick-off meetings and presentations with system stakeholders/clients on the operational security posture for the systems in their purview and on security related policies.

Information Security Analyst

Confidential, MD

Responsibilities:

• Employed NIST SP 800-60 and FIPS 199 to categorize information systems in order to determine the potential adverse impact for each security objective (CIA) associated with a particular information type and assigned baseline security controls for Low, Moderate and High impact systems.
• Assisted in creation, maintenance, and update of security authorization packages (such as SSPs, SARs, & POA&Ms) as well as related system artifacts to ensure they were in compliance with security policies, standards, and guidelines (e.g., NIST, FIPS, FISMA, OMB and FedRAMP).
• Supported the team tasked with the review of security artifacts, assessment reports, and scan findings for proper implementation, remediation and compliance with applicable policies and standards.
• Participated in client interviews of key stakeholders to determine the security posture of information systems and to assist in the completion of the security assessment plan or ATO process.
• Provided Plan of Action and Milestones (POA&M) support services to complete identified vulnerabilities to include tracking, updating and managing the POA&Ms.
• Worked with the system stakeholders to review and assess the CSP’s 3PAO FedRAMP authorized SSP using the NIST SP guidelines as well as related artifacts for agency FedRAMP ATO consideration.
• Responsible for the review and update of security artifacts from FedRAMP packages to ensure compliance as well as Security Assessment Reports (SARs) from 3PAOs for potential risks.
• Primarily responsible for researching and evaluating relevant information security policies, guidance, and best practices, including NIST, FISMA, and OMB circulars for applicability to IT systems security.

Information Assurance Specialist

Confidential, VA

Responsibilities:

• Reviewed and validated compliant to the Risk Management Framework (RMF) security controls and Plan of Action and Milestones (POAMs) on GSS and Major Systems.
• Member of the Authorization Verification Team performing Step 4 of the RMF process: reviewed the test results provided against the stated artifacts and evidence to verify the stated control compliance.
• Followed operational process and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents or issues.
• Supported the information system security officers with information security responsibilities in remediating the weaknesses or deficiencies identified in the POA&Ms.
• Responsible for ensuring system support needs were met for certification & accreditation, system implementation, operation & maintenance, and IA compliance.
• Developed and maintained a variety of IA related documentation such as A&A packages, SSP, SOP, accreditation requests and risk assessments that were consistent with FISMA annual requirements.
• Stayed abreast of current applicable federal and organization security laws/policies as well as developed and presented information security awareness and security trainings on various corporate policies.

Associate IT Consultant

Confidential, VA

Responsibilities:

• Worked with Information System Security Officers to prepare Assessment and Authorization (A&A) packages for reviews using the Six Step Risk Management Framework Process (RMF).
• Ensured Plan of Action & Milestone (POA&M) and other compliance and vulnerability issues are remediated in a timely fashion.
• Conducted Business Impact Analyses (BIAs) as well as Risk Assessments to identify and mitigate risk to IT systems, facilities, and critical assets of the organization.
• Protected the firm's business information and client information within its custody by safeguarding its Confidentiality, Integrity and Availability (CIA).
• Developed security policies for security controls, implementation statements that described how security features are implemented and maintained existing information system security documentation.
• Interfaced with the clients in the strategic design process to translate security and business requirements into technical designs and supported customers in operational use of the provided technology.
• Assisted in installation and maintenance of application software solutions for automating and improving internal processes & functioning.
• Part of a team that is responsible for the development, implementation, monitoring of security policies and procedures and ensuring compliance with those policies and procedures.

Investment Consultant

Confidential, LAGOS

Responsibilities:

• Responsible for updating all technical data on securities, business investments, and trading strategies of Confidential .
• Ensured that all regulatory financial requirements were conducted in an ethical manner as well as in compliance with organizational policies and procedures.
• Supervised over thirty investment clubs; club formation, club co-coordinators, and club compliance to Confidential ’s regulations and policies.
• Facilitated in seminars, conferences and workshops on financial independence through different investment vehicles.
• Contributed to clubs’ success through applying technical expertise along with development of new tools and approaches.
• Assisted with the completion of project tasks as directed, participated in project management meetings around areas of expertise, and ensured completion of special projects within budget limits.