SUMMARY:

I am Confidential Certified System Authorization Professional with 8 years’ diversified experience in Information Assurance which includes System Security Compliance, Authorization, Continuous Monitoring; Risk Assessments; Audit Engagements, and Annual Self Assessment of systems security controls to achieve the Security Objectives of Confidentiality, Integrity, and Availability of the information and information system resources. I also have strong problem solving and Project Management skills, knowledgeable in Risk Management Framework ( Confidential - RMF) and Systems Development Life Cycle (SDLC).

CORE SKILLS:

• Conduct System Security Authorization, using Confidential and applicable Confidential standards.
• Over five years of experience in system security monitoring, auditing and evaluation, System Authorization, and Assessment of GSS (General Support Systems) and MA (Major Applications).
• Develop System Authorization documentation in compliance with Confidential and Organization-defined standards
• Develop, review and evaluate System Security Documentations based on Confidential Special Publications
• Perform comprehensive assessments and write reviews of management, operational, technical security, and privacy controls for GSS and its hosted applications
• Develop and conduct ST&E (Security Test and Evaluation) according to Confidential SP Confidential and Confidential SP R4
• Compile data to complete Residual Risk Report and transfer the contents into POA&M
• Collect, review and analyze audit logs for anomalies with System Admnis
• Ability to multi-task, work independently and as part of Confidential team
• Strong analytical and quantitative skills
• Effective interpersonal and verbal/written communication skills

SECURITY TECHNOLOGIES TOOLS:

Tenable Nessus, TrendMicro Security, Tainum, WebInspect and HP Fortify, IBM BigFix, Splunk, ePO Anti-Virus Tool, Visio, XAXTA, IACS ( Confidential replacement of TAF@ Confidential ) CSAM, RMPS, MS Office (Word, Excel, PowerPoint, Access, Outlook), MS Project

PROFESSIONAL EXPERIENCE:

RMF Analyst

Confidential

Responsibilities:

• Actively coordinating with the infrastructure teams and Security Engineers to stand-up servers, plan, develop, implement and test the applicable security controls.
• Liaison with multiple teams within the Confidential -2020 Decennial Project to identify and address IT Security compliance and Information Assurance issues.
• Collect, review, analyze and upload Document Requests (artifacts, SOPs, Screenshots, policies, etc.) to Confidential Share Point site designated for the Independent Assessors and Auditors
• Coordinate weekly ISSO meetings to review open system POA&Ms and establish Confidential comprehensive plan for remediation
• Capture Confidential artifacts that support independent assessment activities and consolidate Confidential artifacts for input into the Confidential Risk Management Processing System (RMPS) and CSAM for closure by ICAT (IIndependent Assessors)
• Anticipating customer needs and proactively supporting those needs.
• Review program/project vulnerability/compliance scan results and report findings as part of Continuous monitoring strategy

Systems Security Analyst

Confidential, Washington, DC

Responsibilities:

• Supported Client on Systems Re-Authorization efforts and Security Authorization Processes, and best practices.
• Coordinated Third Party Assessors security control attestation of the Agency’s General Support System (GSS)
• Coordinated the remediation processes of Notice of Findings and Recommendations from the previous Assessments and Audits, and the preparation and development of actions associated with security authorization package to achieve the Authority to Operate ( Confidential ).
• Conducted IV&V (Independent Assessments) for Agency systems within the purview of OIS and produced report to validate the Security Posture of these systems
• Developed, review and update Information Security System Policies, System Security Plans (SSP) and Risk Assessment Report, Security Baseline (Configuration management) in accordance with Confidential RMF: SP Rev 4, OMB Confidential -130 Appendix III, DOL Computer Security Handbook (CSH)
• Organized network vulnerability scans reporting from IBM BigFix, Nessus, WebInspect with the Enterprise Security Operations Center and System Administrators to develop Plan of Action and Milestones (POA&M) to resolve the findings and compliance.
• Established task schedules and deadlines for System Maintenance Workflow
• Coordinated weekly meetings with ISSO for briefing on assessment engagements and activities relating to CSAM ( Confidential Authorized Tool)
• Collected, reviewed, analyzed and uploaded Document Requests (artifacts, SOPs, Screenshots, policies, etc.) to Confidential Share Point site designated for the Independent Assessors and Auditors
• Monitored controls post-authorization to ensure continuous compliance with security requirements working with Windows, UNIX, NetOps and Database Admis
• Work with Enterprise Policy Planning Department to meet the Confidential metrics requirements for Confidential /DCN (GSS for the entire Agency) and update system’s Implementation statements.
• Generate Monthly POAM report providing outstanding vulnerabilities, milestones and remediation status from CSAM for Executive Management visibility and risk management decisions.
• Organize System Personnel and coordinated efforts to conduct annual Contingency Panning Test for Confidential /DCN
• Participate in Incident Response Testing, Phishing Exercise and Training and combined Enterprise IR/CPTs and Training for System Personnel

Information Assurance Analyst

Confidential, Washington, DC

Responsibilities:

• Supported ISD with the Confidential ISSO activities in accordance with current Confidential and Confidential Security Authorization processes and procedures - Ongoing Authorization and Continuous Monitoring.
• Provided ISSO-as- Confidential -support in administering the Confidential Confidential compliance program requirements for Confidential information systems - General Support Systems (GSS), Major Applications (MA), and minor applications.
• Ensure all Security Authorization documentation for assigned systems remains accurate and up to date on Confidential continuous basis to meet the requirements defined by Confidential / Confidential 4300A, Confidential, OMB and Confidential in Confidential manner compliant with all Federal security requirements and policies
• Organized System Personnel and coordinated efforts to conduct annual Contingency Panning Tests for managed systems
• Uploaded and maintained all systems security supporting artifacts and all documents deemed as appropriate for assigned systems into the Confidential and Confidential repositories as designated by ISD: XACTA and the Confidential .
• Assisted with the system defined frequency control testing and updated controls status in the Control Allocation Table (CAT)
• Coordinated weekly ISSO meetings to review open system POA&Ms and establish Confidential comprehensive plan for remediation.
• Created management reports on the status of all waivers and accepted risks in progress, approved, expired, denied, or archived no less than weekly or as requested
• Tracked all POA&M deadlines within the government-tracking tool and drafted waivers to request for extension in the remediation process
• Provided system security status at monthly Risk Management Board Meeting
• Used Nessus SC5 to track the remediation efforts, observed any triggers and updated the status in the POAM Master Tracker and Trigger Accountability Log.

C& Confidential Analyst

Confidential, Washington, DC

Responsibilities:

• Advised customer on systems recertification and accreditation procedure and best practices. Advise customer on Scanning Windows systems in their preparation and development of actions associated with security Certification and Accreditation package (SA & Confidential ) to achieve: Authority to Operate ( Confidential ).
• Reviewed and created POA&M based on customer provided scans and artifacts and.
• Developed, reviewed and updated Information Security System Policies, System Security Plans (SSP) and Risk Assessment Report in accordance with Confidential RMF: OMB Confidential -130 Appendix III
• Coordinated systems and network vulnerability scans in order to identify and remediate potential risks.
• Updated IT security policies, procedures, standards, and guidelines according to SP Rev 4
• Established schedules and deadlines for assessment activities Hold kick-off and weekly meetings with system owners prior to assessment engagements and weekly activities relating to CSAM
• Collected, reviewed and analyzed audit logs for anomalies
• Prepared and submitted Security Assessment Plan (SAP) to ISO for approval
• Monitored controls post-authorization to ensure continuous compliance with security requirements
• Managed vulnerabilities using IBM Qradar and BigFix vulnerability scanners to detect potential risks on multiple assets across the Enterprise Network
• Analyzed vulnerability results and recommend patch and remediation management to fix common vulnerability exposures (CVE).
• Created reports detailing identified vulnerabilities and the steps to remediate them

Information Security Analyst

Confidential, Washington, DC

Responsibilities:

• Supported client’s information security governance, risk and compliance activities to align with the Confidential Risk Management Framework (RMF)
• Assisted in communicating and facilitating the requirements for security risk assessments for both custom developed and third-party applications within the Confidential Infrastructure.
• Developed security Confidential & Confidential artifacts, to include but not limited to, sensitivity assessments, SSPs, POA&Ms, the Confidential package according to SP
• Tested and document comprehensive security assessment results that include Confidential full description of the weakness and deficiencies discovered during assessment information System Security controls per the Confidential Revision 4 guidelines
• Assisted in identifying and communicating application control deficiencies and the associated risks
• Analyzed vulnerability results and recommend patch and remediation management to fix common vulnerability exposures (CVE).
• Assisted with the development and maintenance of plan of action and milestones (POA&Ms) to document security vulnerabilities and mitigation strategies.
• Monitored controls post-authorization to ensure continuous compliance with security requirements
• Provided expertise and assistance in the development of continuous monitoring programs and plans
• Developed and maintained relationships with internal and external customers to formulate information security governance solutions

IT Audit Security Compliance and Risk Analyst

Confidential, Merrimack, NH

Responsibilities:

• Provided information security, compliance, risk advisory, and risk management services. Primary responsibilities included:
• Coordinating and managing the Vendor Technology Risk Review function for fifty (50) assigned vendors which included evaluating the quality of controls in the areas of business continuity planning and disaster recovery, network security, security architecture, and change management.
• Developed business risk profiles and impact analysis using templates, questionnaires, and guidelines.
• Helped to refine the role-based access control policy to ensure separation of duties and avoidance of conflict of interest
• Liaised across enterprise-wide with business unit areas, information security officers, risk management teams, and vendor technologists.
• Assisted business units with understanding the risks associated with using Confidential particular vendor and recommending solutions to mitigate risk.
• Conducted interviews and strategic meetings with vendor technologists and business unit representatives to communicate deficiencies to both vendor and the business in Confidential constructive fashion...
• Prepared written reports after the completion of the assessment

Information Security Analyst and Compliance

Confidential, Mount Laurel, NJ

Responsibilities:

• Coordinated SOX Compliance within the Confidential of the Market and Investment Banking Division
• Performed the adequacy assessment, independently testing the controls and escalating control issues to Management
• Performed IT system risk assessment and documented the system security key controls in compliance with SOX
• Refreshed the control set and adhered to the Group requirement and worked with Management on control deficiencies to develop action plans and remediation.
• Wrote audit reports for distribution to management documenting the results of the audit