PROFESSIONAL PROFILE:

• IT Security Analyst with over 10 years combined experience in IT Security
• IT Audit, ITGC and SOX controls testing, FISMA security control assessment
• FISCAM audit, C&A package review and financial accounting. Well experienced in performing IT control evaluation at government clients to determine compliance with FISMA and NIST 800 - 53 guidelines.

Experience covers the following areas:

• IT Security Control Assessment(SCA)
• FISMA Compliance
• FISCAM audit
• IT Risk Assessments
• Application Controls Assessments
• Business Continuity and Disaster Recovery
• Sarbanes-Oxley (SOX) Compliance
• OMB Circular A-123 Audit
• IT Infrastructure Security
• COSO/COBIT Framework
• NIST SP 800-53 Compliance
• C&A, ST&E and POA&M

EMPLOYMENT HISTORY

Senior Cyber Security Analyst

Rockville, MD

Responsibilities:

• Responsible for reviewing Plan of Action and Milestones (POA&M) for accuracy.
• Ensure accurate and adequate tracking of correspondence, reports, and action items.
• Conduct continuous monitoring of the general support system throughout the system development life cycle; generating Risk Assessment (RA) and updating System Security Plan (SSP); ensuring security controls and supporting evidence are in place.
• Develop C&A packages for compliance with NIST C&A guidance, including System Security Plans, System Categorization Documents, Risk Assessments, Plan of Action and Milestones, Security Assessment Reports, etc.
• Update existing C&A packages throughout the life cycle of the application and general support systems.
• Review / analyze existing C&A packages for completeness and compliance to NIST C&A guidance.
• Coordinate with systems and network administrators to ensure all identified threats are corrected and/or mitigated in accordance with established guidance.
• Manage C&A packages for collaboration and approval by the Designated Approval Authority (DAA).
• Communicates with upper management about the status of packages as well any issues that could jeopardize the accomplishments of the assigned tasks or security posture.
• Briefs senior leadership and stakeholders on current certification and system security, and provide updates on current and future actions.
• Perform DoD Information Assurance Control Validation Reviews and compile validation results in the DIACAP compliance reporting.

Senior IT Security Analyst

Reston, VA

Responsibilities:

• Provided ongoing full life-cycle Certification and Accreditation (C&A) security support to the clients for FISMA compliance.
• Prepared C&A packages, including security assessment report (SAR), control waivers, authority to operate (ATO) and plan of actions and milestones (POA&M).
• Reviewed and analyzed NIST based C&A documents, such as system security plan (SSP), system contingency plan & test result, requirements traceability matrix (RTM), security assessment plan (SAP), security assessment report (SAR), system security policies and procedures, and perform security assessments.
• Performed security control assessment (SCA, formerly ST&E), including interviewing system owners and other stakeholders, analyzing vulnerability scan results as part of C&A package documentation.
• Performed system security assessments using NIST SP 800-37 and NIST SP 800-53 federal risk management and control frameworks.
• Monitored assigned systems for continued FISMA compliance, and provide C&A briefings and status reports to the clients.

IT Auditor/ IT Security Analyst

Sterling, VA

Responsibilities:

• Performed audit of IT general controls and evaluated systems controls as part of financial statement audits of private and public companies.
• Assessed design and operating effectiveness of IT general controls, including change management, logical access, job scheduling, data center operations, physical security, data backup and recovery, and functional segregation of duties, and recommend necessary improvements.
• Performed FISMA reviews for government entities to provide recommendations for improving Information Security practices, and prepared FISMA deliverables, including the System Security Plan (SSP), Risk Assessment (RA) and Plan of Actions and Milestones (POA&M).
• Reviewed systems Certification and Accreditation (C&A) packages to ensure all relevant security documentation was in compliance with NIST 800-53 guidelines and OMB regulations on federal government Information Systems.
• Performed audit functions with FISCAM framework to ensure clients’ system security policies and procedures were in accordance with OMB guidelines for federal agencies.
• Preformed audit of various financial systems, including SAP, Oracle ERP, Microsoft Dynamics, Deltek Costpoint, and servers of Mainframe, UNIX, Windows, Oracle database and SQL database.

Accountant

Washington, DC

Responsibilities:

• Perform diversified accounting functions for various clients, including bookkeeping, accounts payable, accounts receivable, customer billing, invoices and purchase order verification.
• Prepared journal entries and general ledger account reconciliations.
• Performed monthly financial closings, including preparation of schedules for balance sheet accounts and other financial reporting activities.
• Maintained accounts receivable records, including tracking and posting cash receipts into customers' and general ledger accounts.
• Processed accounts payable and travel vouchers which involved the matching of receipts, expense vouchers and foreign exchange rates, in line with federal government purchasing and travel policies.
• Reconciled vendors' accounts to ensure their outstanding balances were accurate and that new invoices submitted by them would not result in duplicate payment.

Accountant

Responsibilities:

• Prepared monthly and quarterly income statements, balance sheets and cash flow statements.
• Prepared journal entries, general ledger account and bank reconciliations.
• Analyzed leases for appropriate accounting treatment.
• Performed account research and reconciliation of differences in general ledger reports.
• Provided meaningful financial analysis and input to the design, development, communication, and distribution of the annual operating budget.
• Worked with the department managers to proactively identify problem cost areas.

Senior Auditor

Responsibilities:

• Performed initial risk assessment of various clients.
• Designed audit plan for various engagements.
• Conducted analytical review procedures of selected financial statement assertions.
• Conducted appropriate inquiries of critical employees in areas subject to audit.
• Prepared flowcharts and or process maps relative to selected business and / or financial processes.
• Analyzed data obtained for evidence of weaknesses and or deficiencies in internal controls, duplication of effort, fraud, or lack of compliance with laws, government regulations.