Information System Security Officer (ISSO) Resume Washington DC - Hire IT People

SUMMARY:

An Confidential Citizen with clean criminal and background record authorized to work for any employee in/outside the USA
I have over 8 years of IT experience, a track record of successful projects and proven expertise in the field of information security and assurance.
Knowledge of FISMA, OMB, NIST, ASCAS, OSI Model, SIEM, FIPS guidelines and instructions.
Risk Management Framework (RMF) and NIST 800 - 37 guidelines
Working knowledge of System Assessment & Authorization A&A (Formerly Certification and accreditation C&A)
Ability performing information System security risk assessments, security control analysis, and risk mitigation to minimize security impact on system.
In- depth knowledge of Plan of Action and Milestone (POAM) Management
Experienced in the development of security plans (SP), Contingency Plans, Incident Response Plans and Disaster Recovery Plans.
Continuous Monitoring of Authorized System, NIST 800-137 guidelines
Excellent Interpersonal Skills interacting with team members, clients and Management.
Professional Communication and Technical Writing Skills
Experienced with Oracle 11g Backup and Recovery, Data Migration, Database security, System Performance and Disaster Recovery.
Able to multi task, and work independently and within a team environment.

TECHNICAL SKILLS:

FISMA and FIPS Standard Guidelines to comply with federal and private agencies.

NIST 800 series, 80037, 800: 60 vol. 2, 800-53, 800-53A, 800-18, 800-30, 800-137

Networking: LANs, WANs, VPNs, Routers, Firewalls, TCP/IP

Software: MS Office (Word, Excel, Outlook, Access, PowerPoint)

Excellent knowledge of the use of CSAM and Xacta in POA&M management.

IDS/IPS: ISS, Snort- Source fire

Vulnerability Scanning Tool: Nessus

Tools of POA&M: CSAM AND XACTA

Security Monitoring: Splunk

Penetration Testing Tool: Kali Linux

PROFESSIONAL EXPERIENCE:

Confidential, Washington DC

Information System Security Officer (ISSO)

Responsibilities:

Ensure security policies, procedures; recommendations comply with FISMA, NIST, Organizational guidelines and technical best practices.
Implement Risk Management Framework (RMF) in accordance with NIST SP 800-37.
Participates in the development and maintenance of system security plans and contingency plans for all systems under their responsibility.
Planned, System Security Checklists, Privacy Impact Assessments, POA&M, and Authority to Operate (ATO) letters.
Develop Plan of Action and Milestones (POA&M) for identified vulnerabilities and ensure compliance through monthly updates.
Maintain inventory of all information Security System assigned.
Develop a variety of Assessment & Authorization deliverables including; System Security Plan (SSP), Security Assessment Report (SAR), Contingency Plan (CP) and POA&M for review and approval for Authorization Official
Monitor and conduct Security Control Assessment to ensure all controls meet security requirements as stipulated in the SSP and NIST SP 800-53 Rev4.
Verify file intergrity and encryption of communication
Effectively communicate Technical Information to non technical personels
Identify active network devices, ports and communication paths.
Cordinate with ISSO across the organization to ensure timely compliance
Develop Waivers and exceptions for information system vulnerabilities

Confidential, Reston Virginia

IT Security Analyst / Compliance

Responsibilities:

Perform System security categorization using FIPS 199 & NIST 800-60
Advise Information System Owner (ISO) of security impact levels for Confidentiality, Integrity and Availability (CIA) using NIST SP 800-60 V2.
Utilize NIST SP 800-18 and update System Security Plans from SP 800-53.
Perform vulnerability scanning on web applications and databases to identify security threats and vulnerabilities using Nessus Scanner.
Collaborate with ISSO’s in remediating audit findings, security planning and reporting, and mitigation of security vulnerabilities are completed in a timely manner.
Monitors, evaluates and report on the status of information security system and directs corrective actions to eliminate or reduce risk.
Initiate compliance and vulnerability scan request to identify and report weaknesses and potential security breaches.

Confidential

Information Assurance Analyst

Responsibilities:

Conducted meetings with IT team to gather documentation and evidence about their control environment.
Performed Risk Assessment in accordance to NIST SP 800-30 Rev 1.
Reviewed and ensured Privacy Impact Assessment document after positive is created
Completed C&A/A&A packages that have obtained and maintained full authorization to operate (ATO).
Participated in continuous monitoring that includes but not limited to POA&M management, waiver & Exception support and periodic recertification in accordance to NIST SP 800-137.
Provided ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, and FISMA.
Communicated clearly and concisely, both orally and in writing with team members and top management.