SUMMARY

• Information Security Professional with 6+ years of experience in IT compliance, vulnerability assessments and management.
• Specialties in Risk Management, Certification & Accreditation (C&A), Information Assurance,
• National Institute of Standards & Technology (NIST), Federal Information Processing Standards (FIPS) and SP - 800 Series Guidance,
• Federal Information Security Management Act (FISMA), Sarbanes Oxley Act (SOX) 404, FEDRAMP, HIPAA, S
• ystem Security Monitoring and Auditing, Audit engagements, Testing of Information Technology controls and developing Security policies, procedures and guidelines.

PROFESSIONAL EXPERIENCE

Confidential

Snr Security Analyst

Responsibilities:

• Prepared and submitted Security Assessment Plan (SAP) to CISO for approval
• Performed IT risk assessment and documented the system security keys controls
• Designed and Conducted walkthroughs, formulated test plans, tested results and developed remediation plans for each area of the testing
• Wrote audit reports for distribution to management and senior management documenting the results of the audit.
• Performed Information Technology Risk analysis and assessments
• Analyzed and defined Security Requirements for a variety of IT issues.
• Developed, analyzed and implemented security specifications in line with NIST, FISMA.
• Applied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199, FIPS 200 and OMB 130 Appendix III
• Conducted systems and network vulnerability scans in order to identify and remediate potential risks.
• Conducted Security Assessment using NIST 800-53A.
• Developed SCA as part of annual security assessment for applicable systems.
• Developed SAR as the final risk assessment report based on findings and vulnerabilities from assessment.
• Developed security authorization package prior to ATO outbrief with AOs and system personnel.
• Collaborated with system personnel as part of a dry-run process to go over mitigation strategies for all findings.
• Attend ATO briefings to present findings and vulnerabilities associated with operating applicable systems or application to stakeholders.

Confidential

Security Engineer

Responsibilities:

• Analyse and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M)
• Assist System Owners and ISSO in preparing certification and Accreditation package for IT systems, to ensure management, operational and technical security controls are adhere to.
• Utilizing NIST SP 800-53 Revision 4 and NIST SP 800-53A Revision 4 and conducted security control assessments
• Reviewed Vulnerability Assessment Report and made sure that risks are evaluated and proper action taken to limit their impact on the Information and Information Systems
• Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.
• Understand and consider industry trends, customer needs, business risk tolerance, and business environments relating to information security.
• Was responsible for the completion of each assessment. A Composite Report was developed detailing the results of the assessment by location along with plan of action and milestones (POA&M).

Confidential

Fisma Analyst

Responsibilities:

• Performed IT risk assessment and documented the system security keys controls
• Designed and Conducted walkthroughs, formulated test plans, tested results and developed remediation plans for each area of the testing
• Wrote audit reports for distribution to management and senior management documenting the results of the audit
• Developed a Business Continuity Plan and relationship with outsourced vendor
• Performed Information Technology Risk analysis and assessments
• Analyzed and defined Security Requirements for a variety of IT issues.
• Developed, analyzed and implemented security specifications in line with NIST, FISMA.
• Applied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199, FIPS 200 and OMB 130 Appendix III
• Conducted Security Assessment using NIST 800-53A
• Developed and Conducted Contingency Plan and Test
• Developed and updated System Security Plan (SSP), Plan of Action and Milestone (POA&M)
• Ensured that established internal control procedures were in compliance by examining reports, records, documentation and operating practices

Confidential

I.T Security Analyst

Responsibilities:

• Conducted kick off meetings using the approved IT security framework, FIPS 199/NIST 800-60 to categorize information and information system.
• Conducted IT Controls risk assessment to identify system threats, vulnerabilities and risk, and generate reports
• Developed and Conducted Security Test and Evaluation (ST&E) according to NIST SP 800-53A.
• Developed a security baseline controls and test plans that was used to assess implemented security controls
• Developed System Security Plan (SSP) to provide an overview of the system security requirements and describe the controls in place
• Developed Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action & Milestones (POAM)
• Created standard templates for required security assessment and authorization documents; Risk Assessment (RA), System Security Plan (SSP), Contingency Plan (CP) and Security Plan (SP)
• Involved in third party contract evaluation, Review information security accreditation request
• Conducted periodic IT Risk Assessment and Reviewed IA controls for any deficiencies and reported to the ISSO for appropriate mitigation actions.
• Assisted in the development of an information security continuous monitoring strategy.

DESKTOP SUPPORT

Confidential

Responsibilities:

• Handle technical troubleshooting with an enterprise environment including systems crashes, slow-downs and data recoveries
• Engage and track priority issues with responsibility for the timely documentation, and escalation
• Provide information and/or technical assistance to users concerning the development and maintenance of the computer network or for resolution of special problems
• Earn recommendation for teamwork, flexibility and work excellence in providing IT support to students and faculty