SUMMARY:

Experience Information Security Analyst with seven plus years of experience in Information Assurance. Experience encompass managing and protecting enterprise information systems, network systems and boundaries, and critical processes. Experience in FISMA Compliance Reviews, Risk Assessment, and Accreditation (C&A)/ Assessment & Authorization process, and Vulnerability Management. Experience using the Confidential SP publications Rev4 ARev4; FIPS 199 and FIPS 200; and OMB A - 130 Circular. Experience in Gap Analysis, System Development Life Cycle (SDLC), Contingency Planning, POA&M process.

TECHNICAL SKILLS:

Security Tools: Corsica, CSAM, Nessus by Tenable, Web Inspect

Operating Systems: Cloud-Based Systems (AWS - Appian, ServiceNow, Salesforce, Micro Pact-Azure); Unix-Based Systems (Solaris, Linux, BSD); Windows (all)

Networking: LANs, WANs, VPNs, Routers, Firewalls, TCP/IP

Software: MS Office (Word, Excel, Outlook, Access, PowerPoint, Visio)

Programming Language: HTML

EXPERIENCE:

Information Security Specialist

Confidential, Bethesda, MD

Responsibilities:

• Conduct third party risk assessment to assist in determining their ability to protect confidentiality, Integrity, and availability of sensitive data.
• Conduct meeting with the IT compliance team to gather documentation and evidence about their control environment.
• Liaise with key business and technology stakeholders to ensure compliance expectations are realized in a timely manner.
• Monitor identified vulnerabilities, evaluate the risks such vulnerabilities pose to the organization’s information systems, and advise management of appropriate measures to remediate the risk.
• Review security artifacts such as IT security plan, Risk Assessment plans, disaster recovery plans (DRP), contingency plan (CP), Vulnerability scans, BIT standardized information gathering (SIG) questionnaires, service Organization Control (SOC) Report and Independent penetration Test reports during assessment process and present findings to the client.
• Develop deliverables to include drafting data flow diagram and creating security and privacy documents.
• Calculate a trust determination score and due diligence category using the office of the chief information security Office (OSICO), Outsourced Information Service Assessment Methodology in accordance with Confidential publication .
• Analyzed documentation, validation and accreditation processes necessary to ensure compliance to security and privacy requirements.
• Performs comprehensive Security Assessment Control (SCA) and wrote reviews of management, operational and technical controls for audited applications and information systems.

Information Security Analyst

Confidential

Responsibilities:

• Conduct self-assessments of security controls on assigned systems in accordance with agency guidelines to ensure compliance with Confidential a
• Ensure the documentation, review, and maintenance of security documents (System Security Plan, Contingency Plan, Risk Assessment, Memorandum of Understanding/Interconnectivity Security Agreement, and Incident Response Plan, etc.) to comply with FISMA
• Work collaboratively with the Information Security Officer, System Owners, Developers, System Engineers, Cloud Service Providers and Network Operation teams to obtain and maintain Authorization for assigned systems
• Run vulnerability Scans with the following tools:
• Tenable Nessus
• HP Web Inspect
• Review scan results and collaborate with other teams (sys-admin, and sys-architect, etc.) to remediate these findings (Patch management)
• Perform control tailoring and inheritance for all subsystems that reside on the PaaS and GSS
• Conduct kickoff and exit briefings meetings with key security personnel
• Engage in security awareness program to educate organizational staff on current threat landscape
• Work with development, testing, acquisition, engineering & deployment teams to design and implement security requirements of new systems using System Development Life Cycle (SDLC)
• Participate in risk assessments and policy & procedure reviews to identify gaps and risks
• Review and assemble ATO package to include documents such as Contingency Plan (CP), Privacy Threshold Analysis (PTA), System Security Plan, Security Assessment Report (SAR), and Plan of Action and Milestone (POA&M)

Information Assurance Specialist

Confidential

Responsibilities:

• Perform risk assessment using likelihood and impact scores to determine currents risks
• Prepare daily weekly and monthly database security reports
• Continuously review security documentation and reassess security controls as part of information system continuous monitoring (ISCM) plan
• Research and learn current tools, techniques, and emerging trends on vulnerabilities
• Manage the client’s anti-malware system and responds to incidents according to the client’s policies and procedures
• Support internal and external audit engagements by providing supporting security artifacts to validate the operation of security controls
• In response to security risk assessments, employ security risk mitigation such as implementing compensating security controls
• Develop Security Requirement Traceability Matrix (SRTM) worksheet during planning and testing of security controls
• Conduct gap analyses on existing processes and identify weaknesses in internal controls
• Assist in compliance reviews of standards, policies, procedures, and mandates
• Review and update Plan of Action and Milestones (POA&M) and Risk Register
• Worked effectively and efficiently in a fast-paced environment with changing objectives