Lead Information Security Analyst/ Information Systems Security Officer Resume

SUMMARY:

Confidential is a cybersecurity professional with 9 years of experience implementing information security solutions serving government and private healthcare organizations.
Areas of expertise include: Information Security & Privacy • Risk Analysis & Management • Auditing • Compliance

PROFESSIONAL EXPERIENCE:

Confidential

Lead Information Security Analyst/ Information Systems Security Officer

Responsibilities:

Ensures security and privacy compliance with the organization's policies and with state and federal regulations (such as FISMA, HIPAA, HITECH, and the RMF), standards (such as FedRAMP, the NIST 800 Series, SSAE SOC 2, HITRUST, DISA STIGs, and CMS’s Acceptable Risk Safeguards & Technical Reference Architecture), and security best practices (such as those outlined by CIS, NSA, OWASP, SANS, and US - CERT) remain integral throughout the system development life cycle (SDLC) to maintain the appropriate security posture and the systems supported receive and maintain their Authority to Operate (ATO).
Develops quality customer relationships by effectively managing expectations, tactful communication, and establishing a high level of trust and confidence by consistently meeting deliverables.
Conducts risk assessments, penetration testing, and vulnerability analysis of corporate developed systems and outside organizations.
Strengthens the security posture of the organization’s products by iteratively integrating security into the development team’s implementations of the Agile and Waterfall SDLC methodologies, utilizing the CMMI process improvement model.
Develops and maintains security artifacts including: Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Security Impact Analysis (SIA), Information Security Risk Assessment (ISRA), System Security Plan (SSP), Business Continuity and Contingency Plan (BCCP), Corrective Action Plans (CAPs), and Plans of Actions and Milestones (POA&Ms).
Manages incident prevention and response programs; developing standardized procedures, training incident handlers, reviewing analysis and mitigation activities, identifying trends, implementing preventative strategies and preparing executive summaries.
Develops and coordinates the organization’s security awareness training program.
Briefs technical and non-technical management and customers on cyber issues and risk reduction strategies to support business goals.
Provides guidance to the organization’s CISO and Privacy Officer with regards to threats, vulnerabilities, regulatory and contractual requirements, and risk management.
Mentors junior security team member’s by guiding and developing their professional growth to increase their performance capability and drive their goal achievement.
Researches new developments and emerging trends in security to support the organization’s information security objectives.

Confidential

Network Engineer/ Security Point of Contact

Responsibilities:

Maintained Local Area Network that consisted of over 150 systems, managing the deployment and configuration of systems and software on corporate and government networks.
Ensured the adequacy of existing information security controls, identified system vulnerabilities, recommend corrective measures, and coordinated POA&Ms for security findings.
Maintained security artifacts, such as the PIA, ISRA, SSP, and BCCP.
Conducted incident response activities including digital forensics, analysis, and mitigation.
Lead research and selection of a NIST Validated Security Content Automation Protocol (SCAP) Tool for a federal network.
Assisted in a nationwide server migration (over 60-sites) from Novell NetWare with eDirectory to Microsoft Windows Servers with Active Directory for a federal network.

We provide IT Staff Augmentation Services!

We'd love your feedback!

Resume Categories

Client Services

Job Seekers

Visa Sponsorship