SUMMARY:

• 8 years of comprehensive experience in security risk assessments, audit activity management, security documentation, and network security remediation/improvements. Currently pursuing BS Computer Science.
• Security Risk Assessments
• Security Authorization
• DHS 4300 Series
• NIST
• FISMA/DoD s
• FISMA/DoD 8500 Series
• Common Controls
• POA&M Management
• Regulatory Compliance
• System Security Documents
• IT System Security
• FIPS 199 & 140
• PCI DSS
• Security Audits Management
• IT Security Assessments

PROFESSIONAL EXPERIENCE:

Confidential, Wilmington, DE

Senior Controls Risk Analyst

Responsibilities:

• Effectively coordinate project demands and timelines. Support development and enforcement of CIO policies, ensuring all current, potential, and emerging risks mediated and addressed. Communicate with CIO and senior management to resolve and remediate issues.
• Work with auditors on comprehensive follow - up and resolution of any risks or issues to increase compliance, emphasizing controls, data protection, access controls, identity access, and cyber security.
• Provide control consultations related to emerging risks and key IAM initiatives.
• Establish and leverage effective collaborative relationships with resources and teams at all levels.
• Evaluate results of assessments in order to determine remediating controls to reduce risk in coordination with application owners.

Confidential

Primary Assessor, Regulatory Compliance Branch

Responsibilities:

• Review scan results in order to identify and create POA&Ms for the information systems; Responsible for managing 13 systems throughout the entire C&A lifecycle to include Continuous Monitoring, POA&M management, waiver/exception support, and periodic re.
• Serve as the focal point for all C&A activities to the ISSO, System Owner, and Program Official. Responsible for all phases of C&A to ensure compliance and provide guidance on IT Security requirements to assigned stakeholders.
• Assist in developing unified guidelines and procedures for conducting s and/or system-level evaluations of federal information systems and networks including the critical infrastructure of TSA.
• Conduct ST&E Findings Meeting with the System Owner, ISSO and other system personnel as required.
• Communicate with ISSO on continuous monitoring activities related to Plan of Action and Milestone closures, waivers and exceptions; Coordinate courtesy scans with ISSOs and Security Engineers as requested by assigned systems.
• Track security activities of assigned systems and brief senior leadership on said activities;

Confidential

Information Security Officer, Division of Enterprise Technology

Responsibilities:

• Collaborated closely with Wisconsin Chief Information Security Office, providing advice and guidance for design and implementation of statewide information assurance and network security policies in alignment with regulatory compliance demands.
• Leverage quantitative and analytical skills to conduct comprehensive risk assessments and implement NIST guidelines to network and programs. Ensured integrity and confidentiality of network and infrastructure through regular review and strict enforcement.
• Performed PCI compliance validation, developed polices IAW DSS requirements and conducted security reviews to ensure complete compliance with PCI Data Security Standards.
• Ensured security configurations and tools maintained IAW NIST, DSS and other federal requirements through definition of clear processes and standards.
• Provided guidance and advice on architecture, design, and implementation of control to assure seamless security of division as state IT service provider.

Confidential

Information Security Specialist (C&A)

Responsibilities:

• Determined the enterprise information assurance and security standards based on Business needs and FIPPS 199 System Categorization, FISMA and NIST policies to protect the integrity of data and network.
• Coordinate, develop, and evaluate security programs for multiple systems, establishing local common controls for the organization using established DHS, Federal and local guidelines and policies;
• Conduct physical security inspection, identify, report, and resolve security violations both local and online.
• Conduct effective vulnerability assessments; Contingency Plan testing to validate Contingency Plans and update document as required; Review of Disaster Recovery Plans and other Security documents;
• Responsible for all phases of C&A to ensure compliance and provide guidance on IT Security requirements to assigned stakeholder.
• Assist in developing unified guidelines and procedures for conducting s and/or system-level evaluations of federal information systems and networks including the critical infrastructure.

Confidential

Proposal Development Professional

Responsibilities:

• Trusted as SME to draft and development technical material in support of diverse federal and civil client needs. Created technical requirements, management summaries, implementation of security measures, and QA plans.
• Provided editorial review of proposal documents. Developed standards, management and past-performance proposal documents.
• Completed analysis of existing client Information Security requirements and advice on Best Business Practices for implementation of Information Security.
• Designed document outlines in direct collaboration with cross-functional team members.

Confidential, Washington, DC

Information Security Officer & Project Manager

Responsibilities:

• Regularly test security systems and processes in accordance with Information Security Policy and in accordance with DHS 4300A and as defined by the Federal Information Security Management Act of 2002 (FISMA) and National Institute of Standards and Technology (NIST), with a 95% success rating while meeting all assigned task requirements as IA SME and Project Manager.
• Supported the implementation of Common Controls on enterprise IT system in compliance with PCI DSS requirements, PII, PIA and eAuthentication policies.
• Conducted Security Risk Assessments using Retina Scans and Penetration Testing other security tools to ensure FIPS 140, Common Controls, PCI requirements, PII, PIA and eAuthentication were being actively enforced; Made recommendations and worked closely with System Admins and Engineers towards completion remediation task.
• Conducted monthly physical and electronic audits of both network and user activity to ensure compliance; Conduct effective vulnerability assessments of information systems to the extent of conclusively validating all technical controls found within NIST SP .
• Served as liaison between DHS auditors and client, managed audit response and resolution of findings for 13 systems on the network.

Confidential, Fairfax, VA

Senior Controls Risk Analyst

Responsibilities:

• Worked with technical program Information Systems Security personnel and engineers in the development of information systems security architectures, and configurations to ensure development, transition, and delivery of accreditable TS classified systems.
• Worked with and engage USG Program Security, Special Security Officers, and Facility Security Officers to ensure Computer Security requirements were identified, understood, and integrated in overall program security planning.
• Responsible for four remote TS Federal facilities, conducted monthly physical security inspections, access control audits, individual user system audits.
• Conducted reviews and submit Security Authorization packets utilizing the common control catalogue.
• Conducted physical security inspections, verified personnel security clearance and verified authorized individual access to the system.

Confidential

Office of Deputy Chief of Staff, Information Assurance Security Officer

Responsibilities:

• Spearheaded the re-development and re-deployment of the Army Vulnerability Tracking and Reporting System used in the tracking, monitoring and reporting of all DA IT assets on the GRID.
• Performed and scheduled the Retina scans and Pen-Testing to evaluate network and data security on connected servers and networks connected servers and networks.
• Identified and monitored the implementation of IT security measures, ensuring software patches, upgrades and applicable updates were completed IAW with DISA STIGS and US CERTS guidance.
• Assisted in planning, prioritizing, provide recommendations on and weekly brief to the Deputy Chief of Staff and ADA on all ATO Request and IT security issues, procedures for supporting networked and non-networked desktop computers, laptops and on reducing cost or enhancing service and program management through the use of information technology systems.

Confidential

Information Systems Technician

Responsibilities:

• Troubleshoot and resolved IT software/hardware conflicts.
• Developed customer support policies, procedures, and standards which were used as standard operating procedures in the unit.
• Resolve malicious software issues to include error messages, suspected viruses, spyware, and ensured protective measures and tools were in place to protect the systems and network