Demonstrated leader in Information Technology with over 15 years of experience in Information Assurance, Governance Risk & Compliance, and Organizational Leadership. Detail - oriented problem solver with strong organizational and communication skills and ability to interact well with colleagues from diverse backgrounds.
Software: Advanced Microsoft Office Suite, Linux, Windows, AWS, Active Directory, Visual Basic, Oracle, SCAP, STIGs, Remedy, eMASS, ACAS, Xacta, HP Web Inspect, Fortify, Db Protect, CSAM, and RiskVision.
Other: FISMA, NIST Special Publications, NIST (Cyber Security Framework) CSF, FIPS, DIACAP, CNSSI, RMF, FedRAMP, Top Secret with Sensitive Compartmented Information (TS/SCI) Clearance, COBIT5, SOX, ITGCs, Penetration Testing, Continuous Diagnostic and Mitigation (CDM), Risk Assessments and IT Audits.
Confidential, Washington, DC
Information Systems Security Manager
- Serve as the primary advisor to the Confidential regarding all cybersecurity issues.
- Ensure compliance with data security policies and relevant legal and regulatory requirements are in accordance with Confidential directives and applicable NIST requirements.
- Spearheaded the Confidential and Accreditation (C&A) and the Confidential Information Assurance Risk Management Framework (DIARMF) migration for classified and unclassified networks.
- Monitor the implementation of and compliance with Confidential Information Assurance and Accreditation process (DIACAP) and RMF standards for various Confidential systems.
- Guide the development of risk management templates associated with the A&A process and recommended improvements to accreditation processes and tools.
- Develop and deliver articulate and effective briefings/presentations on complex cyber security engineering topics as applicable to assigned projects to various sized audiences at different levels.
- Managed various JAB approved Cloud development models such Public Cloud, private Cloud, Hybrid cloud and community cloud systems.
- Managed JAB approved Cloud service type such Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) and Storage-as-a-Service.
- Reviewed and provided consolidated System Security Assessments plan (SAP) comments with other JAB TR Reviewers on Annual Assessments and continuous monitoring.
- Managed System Security Assessments Report (SAR) comments with other JAB TR Reviewers on Annual Assessments and continuous monitoring.
Confidential, Washington, DC
Senior Information System Security Officer
- Developed data security policies using data security standards, guidelines, and requirements that include privacy, authentication, access control, retention, disposal, incident management, disaster recovery, and configuration management.
- Assessed the effectiveness of data security policies, processes, and procedures against established Departmental directives and applicable Confidential requirements.
- Collaborated with the Chief Information Security Officer and security team to design, plan and audit effective network security frameworks and systems.
- Supported ISSM in establishing and implementing security policies, procedures and practices in support of organizational goals.
- Developed and updated system documentation for information system authorization, security management and continuous monitoring.
- Conducted gap analysis of organization’s policies and procedures against NIST based controls. Drafted policy and control language, identified compensation controls, and developed recommendations for management’s consideration, design and implementation in NIST gap remediation.
Confidential, Washington, DC
Information System Security Officer
- Monitored and tracked remediation progress in eMASS and Xacta tool.
- Developed test plans and testing procedures; documented test results and exceptions.
- Designated systems and categorized their C.I.A using FIPS 199 and NIST SP guidelines.
- Interviewed security personnel to evaluate the adequacy of internal controls and compliance with company policies and procedures.
- Performed comprehensive assessments and review of management, operational and technical security controls for audited applications and information system.
- Documented assessment findings in a Security Assessment Report (SAR) and produced a POA&M for all controls having weaknesses or deficiencies.
- Reviewed audited system logs and monitored controls post-authorization to ensure continuous compliance with security requirement.
Confidential, Bethesda, MD
- Provide advisory services related to internal controls, risk assessments, risk management, IT controls and related standards (FISCAM, FISMA, NIST, COBIT, OMB Circular A-123)
- Audited client-prepared trial balances, financial statements and schedules using computer software programs.
- Performed A-123 audits for Federal agencies and other government institutions.
- Performed supervisory review of audit NFRs including the condition, cause, criteria, effect, and recommendation to determine if specific/actionable feedback is communicated.
- Led change management, strategic communications, business process reengineering, or financial management systems implementation initiatives.
- Leverage A-123 reviews for other compliance efforts such as FISMA, the annual financial statement audit, and & Accreditation
Confidential, McLean, VA
- Performed internal controls consulting engagements for a variety of Fortune 500 companies. Internal controls focus included Application Control design and implementation, database security & Segregation of Duties (SOD) framework design and implementation.
- Assessed internal control effectiveness for a large private media company for the purpose of SOX compliance.
- Evaluated security policies and procedures against industry standards including NIST, ISO, COBIT, and others.
- Identified controls and developed testing strategies to assess the design and operating effectiveness of controls focusing on both financial and IT control activities.
- Evaluated the Design and Operating effectiveness of IT general controls.
- Conducted security assessments for Federal Systems that requires Authorization to Operate (ATO).
Confidential, College Park, MD
IT Desktop Service Support
- Handled technical troubleshooting within an enterprise environment including systems crashes, slow-downs and data recoveries.
- Created accounts and resolved account related issues for new and existing faculty and students.
- Engaged and tracked priority issues with responsibility for timely documentation and escalation.
- Provided information and/or technical assistance to users concerning the development and maintenance of the computer network or for resolution of special problems
- Earned recommendation for teamwork, flexibility and work excellence in providing IT support to students and faculty