- IT Security and Audit professional with experience in security Assessment and Authorization process, business continuity planning, incident management, and overall cyber posture assessments for Commercial and Federal clients.
- Over 9 years IT compliance and benchmarking reviews using industry recognized standards including Confidential, ISO 27001, FISCAM, FISMA, SOX, and SANS - 20.
AREAS OF SPECIALIZATION:
- Security Assessment & Authorization
- Certification & Accreditation
- Business Continuity Planning
- PCI (DSS)
- ISO 2700
- Sans - 20
- Security Test & Evaluation
- SOX Compliance
- MS SQL Server
- GRC RiskVision
- Confidential IA Manager
Senior Information Security Analyst
- Performing security control Assessment ( Confidential ) on general support system, major application and cloud systems
- Familiar with Confidential Publications SP 800-18, SP 800-30, SP 800-37 rev 1, SP 800-53 rev 4, SP 800-53A, SP 800-60 and Federal Information Processing Standards (FIPS) - FIPS 199 and FIPS 200.
- Works with the system administrators to examine and test the security posture of the systems and applications
- Conduct Assessment & Authorization ( Confidential & Confidential ) Kick-off Meetings.
- Prepare Security Assessment Plans.
- Conduct Security Assessment via document examination, interviews and manual assessments
- Analyze automated scan results.
- Populate the Requirements Traceability Matrix (RTM) with results of Security Assessment
- Perform Risk Analysis.
- Create Confidential Security Assessment Report (SAR).
- Track and generate security documents via CSAM
- Assist with coordinating remediation of Plan of Action and Milestones (POA&M) findings with various Programs within the client agency.
- Conduct Security Assessment Findings Meeting with the System Owner, Confidential and other system personnel as required.
- Prepare the system authorization package (ATO) for Authorizing (or Designated Authorizing) Official for adjudication.
IT Senior Security Engineer
- Remediation of audit findings
- Updating Notice of findings and remediation (NFR) plan
- POA&Ms and Vulnerabilities management/tracking
- Conducting and Preparing Confidential -123 Assessment report
Senior Information Assurance Specialist
- Works with client management to document System Security Plans (SSP) that accurately depict the customer’s contractual requirements.
- Leads/manages client efforts related to the certification and accreditation of computer networks, standalone information systems, and other connected information Systems in-line with government standards.
- Prepares required Security Authorization package documentation and artifacts as part of the accreditation and re-accreditation processes and manages identified vulnerabilities through Plans of Actions and Milestones (POAMs).
- Manages day-to-day security operations of certified/accredited information systems including working with systems owners to ensure upfront consideration of controls during system changes.
- Serves as customer point of contact for any security issues or compromises, and immediate reporting of any security violation, threat, attempt to gaining unauthorized access to sensitive but unclassified data, through virus infection, or any other event that can affect the security of client systems and networks.
- Prepares and delivers system security access briefings and reports to both internal and external customers including government security officials.
- Performs IT risk assessment and works with Information Systems Security Manager to report on and mitigate security incidents through corrective or protective measures designed to prevent future incidents.
- Participates in the development and implementation of the Confidential IT Information Security program/process.
Risk Remediation Analyst
- Led remediation of security risks through tracking of issues, action plans, partnering with ORM, technology/application owners, and business areas to prioritize and focus remediation efforts.
- Supported management of application and infrastructure vulnerabilities, as well as, vendor and architecture risks by designing, generating, and delivering insightful risk reports.
- Participated in the use of Agiliance RiskVision to facilitate remediation efforts through automated reporting, workflow, and overall risk and vulnerability management.
Cyber Security Analyst
- Developed and Implemented information security governance processes including policies, procedures, requirements, risk management and RBD SOP.
- Updated the system controls changes from Confidential -800 53 rev 3 to Confidential -800 53 rev 4 and control assessment changes from Confidential -800 53A to Confidential 53A rev4
- Documented GSS & Infrastructure implementation statements in RiskVision and reviewed Regional Offices’ artifacts and implementation statements in RiskVision
- Contributed to strengthening the control environment by ensuring compliance with baseline security configurations and IT controls and policy standards, and updating and closing regional offices’ findings/POA&M
- Facilitated FISMA continuous monitoring test cases using Confidential 800-53 Rev 4 update.
- Performed security risk assessment on new systems and reviewed changes to existing systems to ensure they meet established security baseline before adoption into VA Regional offices.
- Advised leadership on high initiative priorities and metrics through risk analysis and risk assessment.
- Assisted management in authorizing IT Systems for operation on the basis of whether the residual risk is at an acceptable level or whether additional compensating controls should be implemented.
- Developed and conducted ST&E (Security Test and Evaluation), Security Assessment plan (SAP) according to Confidential SP 800-53A.
- Applied current computer science technologies and Information Assurance (IA) requirements to the analysis, design, development, evaluation, and integration of computer/communication systems and networks to maintain an acceptable system security posture throughout the lifecycle of multiple national level mission systems.
- Developed, maintained, and communicated Confidential consolidated risk management activities and deliverables calendar.
- Developed and updated SAR, SSP, CP & POA&M
- Worked with business process owners to ensure timely identification and remediation of jointly owned risk related issues and action plans (POA&M)
Information Assurance Officer
- Conducted FISMA-based security risk assessments for various government contracting organizations and application systems - including interviews, tests and inspections; produced assessment reports and recommendations; and conducted out-briefings.
- Reviewed and updated system categorization using FIPS 199, Initial Risk Assessment, e-authentication, PTA, PIA, SAR, SSP, SAP& POA&M.
- Documented and reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per Confidential 800 guidelines for various government agencies.
- Monitored controls post authorization to ensure continuous compliance with the security requirement.
- Assisted in the review of policies, security alerts, guidance, regulations and technical advances in IT Security Management.
- Contributed to initiating FISMA metrics such as Annual Testing, POA&M Management, and Program Management.