Summary

Certifications

• Certified Information System Security Professional CISSP
• Certified Information Systems Auditor CISA
• Certified in Risk and Information Systems Control CRISC
• Project Management Professional PMP

Confidential

Sr. Information System Security Manager/Compliance Manager

• Enterprise Data Services Contract Master Data Management, Enterprise Portal, and Business Rules Management
• Administrative Simplification Enforcement Tool ASET
• CMS 270/271 Medicare Eligibility Integration Contractor MEIC
• Business Intelligence and Extract, Transform and Load BI/ETL
• Constructed IT security program for CSC business unit compliant with CMS Business Partner and Acceptable Risk Safeguards security requirements to include
• Conducting risk identification and assessment
• Implementing of security controls
• Creating security policies and procedures
• Authoring security plan, contingency plan, incident response plan and other security documentation.
• Initiated CMS methodology to obtain an Authority to Operate ATO from CMS CIO for CSC Information System supporting CMS task orders.
• Implemented and manage continuous monitoring of security controls through security tools, reporting and creation of metric reporting.
• Managed the modification of content, configuration and appearance of Intranet site, and populated it with security policies, procedures, forms, security information, calendar, announcements, security and awareness information.
• Supervise and provide guidance to Security Analysts in the development of security documentation, and Plan of Action and Milestones for CMS major applications.
• Implemented Security Patch process resulting in deployment coverage to 90 of devices within 10 days of vendor patch release.
• Established and maintain relationship with CMS Enterprise Information Security Group EISG , Division of Information Security Policy and Compliance DISPC .
• Provided guidance on how CSC could consolidate infrastructure to reduce costs and still maintain a tight security posture.
• Conversant in CMS policy guidance, standards, regulations, laws, and other documentation related to the CMS Information Security Program, as well as CMS FISMA Controls Tracking System CFACTS .

Confidential

Information Systems Security Manager

• Integrate FISMA expertise into security program to include information system categorization, defining security controls, developing security documentation, and continuous monitoring for formation of security risk management process approach for 25 major applications.
• Identify security risks, and develop mitigation plans to reduce risk to acceptable levels.
• Leverage industry expertise in providing continuous leadership and guidance to facilitate the transition of security analysts team members to information systems security officers
• Established working relationship with customer senior staff through communication oral and written of responses to questions, and information needs, and provide process/policy and solution recommendations Provide written and orally status reports on weekly basis to ISD, and monthly to Senior USCIS OIT and CSC staff Joint Program Management Review meetings .
• Establish and employ security procedures, policies, and reporting for the program.
• Communicated applicable regulations and laws to Program staff and developer community such as Security controls/requirements of OMB, NIST, agency specific DHS 4300, TSA Information Technology Security Policy Handbook, Department of Education Policies and Privacy requirements.
• Work in partnership with USCIS OIT Project Managers, ISD, data center and database contactors to address application weaknesses collaborating on plans to mitigate weaknesses to acceptable risk levels.
• Promote one-team environment between application ISSOs, USCIS support contractors and ISD for management of security risks.

Significant Accomplishment:

• Increased quality of security documentation through use of standard text, checklists, and templates, as well as team-developed Security Document Development Guide and introduction of quality control position resulting in expediting document delivery schedule by 45 days.
• Ensured availability of Security Requirements Traceability Matrix by partnering with application project managers and the developer community in meeting security requirements for application development

Confidential

Information Systems Security Manager

• Conducted internal assessment of required security controls against baseline assessments developed Plan of Actions and Milestones reviewed and approved plans to mitigate risk to lowest level feasible
• Instituted lifecycle assessments of hosted applications and infrastructure by ISSO using vulnerability identification tools, developed policies and procedures.
• Aided in successfully obtaining ATO by creating security documentation within three months after contract award
• Utilized audit findings in executing and monitoring Plan of Actions and Milestones POAM
• Carried out inter-connectivity security agreements/MOUs with TSA, National Finance Center, and program subcontractors
• Illustrated security posture of the application, database, and network environment through accomplishment of security metrics
• Performed extensive internal audits, risk assessments, and compliance validation of required security controls
• Worked closely with the Security Operation Center on daily monitoring and enforcement of security controls

Significant Accomplishments:

• Led efforts in instigating an 8-year contract, program-wide Information Technology Security Program for 1.3 billion, including certification and accreditation, vulnerability management, access controls, physical security, and continuous monitoring of security controls
• Wrote and submitted the program's Security Strategic Plan that covered security enhancements over an 18-month period
• Designed and employed new orientation, annual refresher, and continuous security awareness program for program and security staff providing them with details on policies and procedures, contingency plan and incident response plan

Confidential

Information Systems Security Manager

• Department of Justice, Office of Justice Program OJP
• Department of Education, EDPubs Program
• National Cancer Institute, Cancer Information Program CIS , CIAT
• Department of Homeland Security, US Citizenship and Immigration Services USCIS
• Rendered keen oversight to the security of customer hosting center's physical and logical environments, personnel, and sensitive information
• Administered the security of network and desktop infrastructure and execution of systems security plan
• Established information security awareness within the organization by initiating and promoting activities
• Contributed in attaining ATO for hosted systems by creating systems security plans, contingency plans, and risk assessments
• Functioned well as internal auditor for security issues, while seamlessly conducting information security risk assessments

Significant Accomplishments:

• Spearheaded the employment of information security policies and procedures for the organization
• Imparted knowledge to the organization using current information regarding information security technologies and related regulatory issues
• Received Lockheed Martin NOVA Award for teamwork, United States Citizen, and Immigration Program

Confidential

Senior Director, Network and Security Services

• Applied best practices in directing entire phase of the secured customer hosting center, which housed more than 200 network devices, as wells information technology security efforts
• Conceptualized and created business continuity plans for information-critical services and systems
• Generated and controlled security budget
• Designed and produced security awareness newsletter to disseminate important information to internal staff

Confidential

Director, Network Services

• Provided exemplary leadership to a staff of 33, including network supervisors, network engineers, e-mail/Internet/server administrators, security administrators, and service desk technicians
• Expertly oversaw business continuity and disaster recovery solutions
• Completed comprehensive evaluation on network service requirements, while ensuring security and value of networking environments
• Managed and coordinated daily operations and maintenance of projects that support the U.S. Departments of Justice, Education, Health and Human Services, and Housing and Urban Development HUD , as well as litigation support projects

Significant Accomplishments:

• Led efforts in reducing manual processing, minimizing processing costs, increasing responsiveness, and improving access to information by instigating operative network solutions
• Established and mentored teams, responsible for infrastructure configuration, costing information, and project specifications

Confidential

Supervisor/LAN Administration

• Directly supervised a staff of 20, including LAN administrators and help desk staff, along with the activities and functioning of networking components while monitoring all network resources
• Employed technical skills in network management for networking environment
• Performed extensive analyses of network and user problems and situations