OBJECTIVE:

Seeking an information System Auditor or Information Assurance position in a growth oriented organization with focus on FISMA/ Confidential, System security monitory, Risk Assessment, Audit Engagement and Testing Information Technology controls.

SUMMARY:

• Perform certificate and Accreditation documentation in compliance with company standard.
• Developed, review and evaluated System Security plan based Confidential special publications SP 800 - 53R4.
• Perform comprehensive assessment and write reviews of management, operational and technical security controls for audited applications and information system.
• In depth knowledge of COSO, COBIT & HIPAA frameworks.
• Compile data to complete Residual Risk Report in order to update the POA&M.
• The ability to multi-task, work independently and be part of a team.
• Effective interpersonal and verbal/written communication skills.
• Analyze and update system security plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security Test & Evaluation (ST&E), E- Authentication, Contingency Plan (CP) and Plan of Actions & Milestone (POA&M).

SOFTWARE:

Microsoft Word, Excel, Power Point, FIPS 199, SORN, E - AUTHENTICATION, PTA, PIA, SSP, CP, ST&E, SAR, POA&M, ATO, SAP.

PROFESSIONAL EXPERIENCE:

Confidential

IT Security Analyst

Responsibilities:

• Conducted kick off meetings to categorize the system according to Confidential requirements of low, Moderate or High System. FIPS 199 and SP 800-60
• Developed a security baseline and test plan that was used to assess implemented security controls.
• Conducted Security control Assessment to assess the adequacy of management, operational, privacy and technical security controls implemented.
• Assisted System Owners and ISSO in preparing certification and Accreditation package for companies IT System, making sure that management, operational and technical security controls adhere to a formal and well established security requirements authorized by Confidential 800- 53R4.
• Developed Risk Assessment reports identifying threats and vulnerabilities applicable to the system. It also evaluates the likelihood that vulnerabilities can be exploited; assess the impact associated with these threat and vulnerabilities.
• Developed Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action and Milestones (POA&M)
• Conducted follow up meetings to assist information system owners to close/remediate POA&M items
• Developed System Security Plans (SSP) to provide an overview of system security requirements and describe the controls in place or planned by information system owners to meet those requirements
• Conducted IT risk assessment to identify system threats, vulnerabilities, and risks
• Prepared recommendation reports that are made available to system owners to remediate identified vulnerabilities during the risk assessment process
• Identified the overall risk level.

Confidential

FISMA/C&A Analyst

Responsibilities:

• Conducted kick off meetings in order to categorize Confidential systems according to Confidential requirements of Low, Moderate or High system
• Designated system and categorize its CIA using FIPS 199 and Confidential 800-60
• Developed a security baseline control and test plan that was used to assess implemented security controls
• Conducted security control assessments to assess the adequacy of management, operational privacy, and technical security controls implemented. Security Assessment Reports (SAR) were developed detailing the results of the assessment along with Plan of Action and Milestones (POA&M)
• A team member of the center of Information Technology tasked with conducting certification and Accreditation (C&A) on applications using the six steps of the Risk Management Framework (RMF).
• Developed system security plans to provide an overview of federal information system security requirements and described the controls in place or to meet those requirements.
• Assisted in the development of an Information Security Continuous Monitoring Strategy to help Confidential in maintaining an ongoing awareness of information security (Ensured continued effectiveness of all security controls)
• Developed an E-Authentication report to provide technical guidance in the implementation of electronic authentication
• Developed a system security plan to provide an overview of federal information system security requirements and described the controls in place or planned by Confidential to meet those requirements
• Performed vulnerability Assessment making sure risks are assessed, evaluated and a proper action taken to limit their impact on the information and information systems.

Confidential

IT Security Analyst

Responsibilities:

• Analyze and update system security plan (SSP) Risk Assessment (RA), privacy impact Assessment (PIA), System Security test and Evaluation (ST&E) and the plan of Action and Milestones (POA&M)
• Assist System Owners and ISSO in preparing certification and Accreditation package for companies IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by Confidential SP 800-53A
• Created standard templates for required security assessment and authorization documents, including risk assessment, security plans, security assessment plans and reports, contingency plans and security authorization packages.
• Provided security analysis and technical support, which included assisting with the review of new ( Confidential ) security policies and the generation of vulnerability remediation reports.
• Independently developed audit programs that covered scope, resources, objectives and procedures used to evaluate controls.
• Created and update the following Security Assessment and Authorization (SA&A) artifacts; FIPS 199, Risk Assessment Report (RAS), Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, System Security plan (SSP), Contingency Plan (CP), Security Test and Evaluation (ST&E), Security Assessment Report (SAR) and Plan of Action and Milestones (POA&M).
• Assisted in the development of an Information Security Continuous Monitoring Strategy to help ( Confidential ) in maintaining an ongoing awareness of information security (ensured continued effectiveness of all security controls).
• Performed bi-annual security policy review to make sure all information are current with the laws, directives and regulation.