CAREER OBJECTIVES

I am seeking for an Information System Auditor or Information Assurance position in a growth oriented organization with focus on FISMA, Sarbanes-Oxley 404, system security monitoring and auditing risk assessments audit engagements, testing information technology controls and developing security policies, procedures and guidelines.

SUMMARY OF WORK EXPERIENCE

I am specialized in areas such as Certification and Accreditation C A , Risk Management, Authentication Access Control, System Monitoring, Regulatory Compliance, Physical and environmental security, Incident Response, and Disaster Recovery. I am an expert in FISMA and SOX 404 compliance, IT Security Training, developing security policies, procedures and guidelines. I am a fast learner and easily adapt to new working environment. I have very good analytical and organizational skills. I have the ability to do multi-task, and can also work independently and also in a team. I have a strong verbal and written communication skills and also in technical writing skills.

IT EXPERIENCE

IT Security Analyst

Confidential

• Conducted IT controls risk assessments that included reviewing organizational policies, standards, procedures and guidelines.
• Developed a security baseline controls and test plan that was used to assess implemented security controls.
• Developed and conducted ST E Security Test and Evaluation according to NIST SP 800-53A
• Conducted a security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented. A Security Assessment Report SAR was developed detailing the results of the assessment along with plan of action and milestones POA M to the Designated Approving Authority DAA to obtain the Authority to Operate ATO .
• Assisted in the development of an Information Security Continuous Monitoring Strategy to help Smart Think Inc. in maintaining an ongoing awareness of information security Ensure continued effectiveness of all security controls , vulnerabilities, and threats to support organizational risk management decisions.
• Assisted in the development of Privacy Threshold Analysis PTA , and Privacy Impact Analysis PIA by working closely with the Information System Security Officer ISSO , the System Owner, the Information Owners and the Privacy Act Officer
• Developed an E-Authentication report to provide technical guidance in the implementation of electronic authentication e-authentication
• Developed a system security plan SSP to provide an overview of federal information system security requirements and describe the controls in place.
• Conduct a Business Impact Analyst BIA to identify high risk area where audit effort will be allocated to.
• Conducted meetings with the IT client team to gather evidence, developed test plans, testing procedures and documented test results and exceptions.
• Performed Certification and Accreditation documents in compliance with FISMA/NIST and SOX 404 standards.
• Conducted walkthroughs, formulated test plans, documented gaps, test results, and exceptions and developed remediation plans for each area of testing.
• Performed IT operating effectiveness tests in the areas of security, operations, change management, and email authentication.
• Developed the audit plan and performed the General Computer Controls testing Identified gaps, developed remediation plans, and presented final results to the IT Management team.
• Initiated and lead information security awareness and training programs.

Confidential

• Developed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and polices safeguards in order to maintain HIPAA compliance.
• Developed HIPAA compliance reports documenting auditing finding and corrective actions. These reports were submitted to the ISSO.
• Involved in the security awareness and training of staff on HIPAA requirements as it related to information technology.
• Conducted Certification and Accreditation C A on general support system and major application using the six steps of the Risk Management Framework RMF from NIST SP 800-37 in order to meet the necessary Federal Information Security Management Act FISMA .
• Developed System Security Plan SSP , Security Assessment Report SAR and POA Ms that were presented to the Designated Approving Authority DAA in order to obtain the authority to operate ATO

Confidential

Hilton Hotel Woodbridge, New Jersey

• Conducted periodic IT risk assessment and reviewed IA controls for any deficiencies. Deficient controls are then reported to the ISSO for appropriate mitigation actions
• Conducted security controls assessment to ensure controls are implemented to comply with ISO standards
• Initiated and led information security awareness and training program in order to inform the employees of their roles in maintaining a matured security posture
• Contributed in weekly change management meetings in order to evaluate change requests systems or application that could lead to approval or denial of the requests, validated testing results from testing environments and promoted changes to production environment
• Examined information security accreditation request for approval and denial
• Examined events logs for irregularities. Identified irregularities are then reported as incidents. The incident response process is then initiated to mitigate these irregularities
• Involved in security incident management in order to mitigate or resolve events that have the potential to impact the confidentiality, availability, or integrity of information technology resources.
• Created and maintained security metrics in order to help senior management to make decisions
• Involved in third party contract evaluation in order to award contracts in to the most cost effective bidder
• Provided support to internal and external audit teams as required