We provide IT Staff Augmentation Services!

Senior It Security Analyst Resume

3.00/5 (Submit Your Rating)

New, YorK


  • Seeking an IT Security Analyst and Security Control Assessor position in a growth - oriented organization with focus on the following; FISMA, system security monitoring and auditing, risk assessments, testing information technology controls and developing security policies, procedures and guidelines.
  • A demonstrated leader in Information Security and Risk Management with focus on FISMA, System security evaluation, validation, monitoring, risk assessments and audit engagements. I am an accomplished analyst with over five years of experience in assessing information security risks and coordinating remediation efforts. I have strong managerial skills and expertise in developing strategic partnerships. I am very adaptive and have analytical and organizational skills and willing to relocate
  • FIPS 199/FIPS200
  • NIST Special Publications (NIST SP) Series
  • Security Control Assessor
  • Security Categorization
  • Security Assessment Reporting (SAR)
  • Plan of Action & Milestones (POA&M)
  • Risk Management Framework
  • Health Insurance Portability and Accountability Act (HIPPA)
  • System Security Plan
  • MS Office
  • Effective interpersonal and verbal/written communication skills
  • Ability to multi-task, work independently and as part of a team


Confidential, New York

Senior IT Security Analyst


  • Conduct Kickoff meetings with System Owners to prepare and advise security control assessments to assess the adequacy of management, operational, and technical security controls implemented.
  • Develop Security Assessment Report (SAR) detailing the results of assessment along with plan of action and milestones (POA&M)
  • Assist in the development of an Information Security Continuous Monitoring Strategy to help agency’s in maintaining an ongoing awareness of information security (ensure continued effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions
  • Reviewed SSP documents from System Owners providing an overview of federal information system security requirements and describing the controls in place or planned by agencies to meet those requirements.
  • Also assisted some System Owners with writing compliance descriptions for controls these systems I did not asses.
  • Ensured that system's security controls, policies and procedures are examined, and validated.
  • Developed and maintained C&A documentations, including System Security Plans, Contingency Plans, Risk Assessment Reports and evaluated existing documents and their accuracy
  • Worked with C&A team members and senior representatives to establish and define programs, resources, schedules, and risks
  • Assist System Owners and ISSOs in preparing Assessment and Authorization packages for client IT systems, making sure that management, operational and technical security controls adhere to formal well-established security requirements authorized by NIST Rev 4


IT Security Analyst


  • Planed and worked with assessment and compliance teams to conduct assessments and ensure compliance for the agency’s Insurance centers, Data centers for low, moderate and high impact systems, and validated their HIPAA compliance based on Policy and Procedures of the Organization.
  • Assessed security controls selection for systems in accordance with the requirements in NIST A.
  • Conducted FISMA-based security risk assessments for various government contracting organizations and application systems.
  • Planed and worked with POA&M teams to remediate Vulnerabilities of various Insurance center and Data centers.
  • Deliver an assessment of the severity of weakness or deficiencies discovered in information.
  • Led teams to work onsite with each facility’s technical team and leadership to ensure recommendations are maximized.
  • Creating, revising, and reviewing System Security Plans (SSP), Security Assessment Plans (SAP), Plan of Action & Milestones (POA&M), Security Assessment Reports (SAR) for low, moderate and high systems.
  • Develop POA&M (Plan of Action & Milestones) document to take corrective actions resulting from ST&E (System Test & Evaluation).

We'd love your feedback!