We provide IT Staff Augmentation Services!

Manager, Audit Remediation & Planning, Rmf Assessment Resume

PROFESSIONAL PROFILE:

  • I have 23 years of multi - disciplined experience in researching, developing, testing, securing, and managing advanced projects and systems, to include: 9 years in program management support; 4 years of data-center operations management; 10 years of IT management and technical support in delivering critical military and civilian medical care.
  • Confidential has an advanced degree, Masters of Science Degree in Computer System Management, concentration: Information Assurance.
  • He also has an advance vendor agnostic security certification (CISSP-ISSMP) since 2002.

PROFESSIONAL EXPERIENCE:

Confidential

Manager, Audit Remediation & Planning, RMF Assessment

Responsibilities:

  • Continue to support software authorization (SWAM) requirements, created project and process specifications for Confidential and Tanium software and integration into the Federal LAN\WAN
  • Supplied organization C-Level presentations related to Cyber Strategy.
  • Led discussion in Confidential POA&M security strategy, policy and procedures to safeguard information assets at Confidential
  • Applied 800-53A rev 4 standards to legacy and new clinical applications and managed audits for compliance
  • Led team accountable for the selection, implementation and monitoring of a strategic, comprehensive enterprise-level controls to ensure the availability, integrity and confidentiality of information, and control techniques to address all applicable information security requirements

Confidential

Information Security Consultant

Responsibilities:

  • Identified software authorization (SWAM) requirements, created project and process specifications for Confidential and Tanium software and integration into the Federal LAN\WAN
  • Strong organization and presentation skills.
  • Facilitated testing in TEST Environment, coordinated with other SSA teams and ensure that projects are delivered on-time and within budget
  • Identified CDM improvements and implemented test plans
  • Took ownership of end-to-end project delivery from CSRA to deliver to SSA customer
  • Acted as the primary interface between SSA task lead and other support contractors.
  • Interact with senior directors on significant technical matters
  • Proven ability to learn new business concepts supporting product and/or business process development
  • Provided Technical Support to CDM Program Management
  • Reduced time taken to reach IOC for RES ONE Workspace v. 10
  • Solved installation and other technical issues related creating a computer laboratory
  • Conducted customer meetings for status reviews and risk management
  • Documented security application design and standard operating procedures using NIST Special Publications
  • Introduced use of security metrics to track vulnerabilities
  • Analyzed historical and known threats, addressing risks/gaps/violations and implementing new tools
  • Trained colleagues on security processes, procedures and various concepts of technical risk management
  • Documented program and technical requirements for implementing software authorization capabilities for compliance with DHS CDM program
  • Worked directly with Federal operational staff and provide hands-on technical services to configure various security applications
  • Represented operational staff in discussions with vendors to insure program progress
  • Tailored applications to work with SSA environment; including analysis of application processes inconsistent with standard SSA boot procedures
  • Provided program level reporting to CSRA management (weekly, monthly) reports

Technical Environment: 800-167 (Expert); RES ONE (Intermediate); CCNA (Intermediate); Carbon Black Protect (Intermediate); Tanium Protection (Intermediate); SPLUNK (Intermediate); Web Inspect (Expert); Security Center (Intermediate); SPSS (Expert); R (Expert)

Confidential

Information Security Consultant

Responsibilities:

  • Technical Support to CDM Program Management

Technical Environment: 800-167 (Expert); RES ONE (Intermediate); CCNA (Intermediate);

Confidential

Information Security Consultant

Responsibilities:

  • Led the technical migration of the legacy application into a virtual environment without unplanned service disruptions
  • Procured Dell hardware support of existing platform using Confidential Dell Partner Program
  • Led agency in compliance with NIST Risk Management Framework by implementing security assessments
  • Purchased security tools for agency use with a third party hosting facilities (cloud services)

Technical Environment: Tenable Nessus (Expert); Web Inspect (Expert); DB Protect (Intermediate); VM Ware (Intermediate); Windows Server 2012 R2 (Expert); Dell Sonic Wall (Expert); Data Center Management (Expert)

Confidential

Program Manager

Responsibilities:

  • Planned the development of a OASAM security operations center
  • Provided evidence by conducting special investigations involving suspected violations of acceptable use in support of HR, OIG, & Legal
  • Led the integration of DHS Continuous Diagnostic & Monitoring (CDM) pilot program for OASAM and
  • Provided Tier III - Tier IV engineering support for the agency’s incident response program
  • Participated in source selection and analysis of alternatives for security information and event management (SIEM) products

Technical Environment: Tenable Security Center v. 4.0 Nessus (Expert); Web Inspect (Expert); DB Protect (Intermediate); VM Ware (Intermediate); Q Radar Security Appliance (Expert); RES ONE (Intermediate); Archer (Intermediate); IBM Big Fix (Expert); IBM Big Fix Inventory (Intermediate); Windows Server 2012 R2 (Expert); Datacenter management (Expert); Incident Response (Intermediate); Forensics analysis (Proficient)

Confidential

Information Systems Manager

Responsibilities:

  • Directing/leading engineering teams comprised of subject matter experts, technical specialists, and other stakeholders to produce a project plan in accordance with the strategic plan, operating budget, capital planning procedures and HHS guidance for the development of the NOC/SOC
  • Managing several security controls assessment projects, while developing and directing technical project teams through all phases and activities of the expedited software development life-cycle
  • Coordinating with the Federal business owner and upper level management to ensure the actions are consistent with the approved project plan
  • Supporting business requirements of the program director to provide necessary information and support for successful program delivery
  • Overseeing the security process associated with 15 major information technology systems essential to departmental HHS missions
  • Creating all planning documentation such as communication plans, roles, and responsibilities, security procedures for maintain confidentiality, integrity, and availability; following best of breed standards such as FISMA, NIST, DISA, SOC2 and CMS ARS
  • Establishing and publishing clear priorities among project activities to reduce the number of delayed security findings
  • Coordinating the security team activities to meet published dates for plans of action and milestones
  • Preparing, implementing, monitoring, and updating various project plans for the annual security controls assessments, and new software containing major changes
  • Conducting security impact assessments for change management introduced at the change control board (CCB)
  • Providing regular updates to Federal stakeholders and corporate executive stakeholders
  • Serving as the liaison between the HHS/SOC and CMS SOC and the IT security organization in order to provide technical solutions to validate security posture
  • Gathering information about current processes and information flows, improving existing documentation to define new IT security solutions for intrusion prevention, and vulnerability assessments

Technical Environment: nCircle IP 360 (Expert); Tripwire (Proficient); Sourcefire (Proficient)

Confidential

Senior Program Manager

Responsibilities:

  • Managed a team of 14 security engineers and analysts to provide information technology security services
  • Managed the final submission of quarterly and annual FISMA Reports in Cyber Scope
  • Responsible for all aspects of personnel management, monthly reporting, timesheets, hiring and firing
  • Managed all aspects of sub-contractor operations
  • Interfaced with high-level executives CIO, CTO, and CISO; provided information to OIG analysts
  • Provided technical input to support congressional inquiries utilizing NIST controls and processes
  • Managed SOC personnel, reviewed reports from firewall, network access control, intrusion detection system
  • Interface with vendors and provided cost analysis during product selection activities.

Technical Environment: Checkpoint R-65, CounterACT NAC, Source Fire IDS, Fidelis DLP, McAfee ePO, McAfee End Point Encryption, DB Protect, Net Forensics, N-Stalker, Tenable Security Center 4.0, Websense (Expert)

Confidential

Operations Manager

Responsibilities:

  • Manage TSA contract for an Identity Management program, with a moderate level of information technology assets, responsible for 84 servers, 3 operating systems, 16 network devices, and three geographical locations
  • Manage personnel six direct reports (System administrators, and network administrators, application developers), 7 indirect reports
  • Responsible for management of POA&M from the C&A process
  • Responsible for daily IT operations; reporting, financial reports, and progress reports

Technical Environment: IBM eOrchestrator (Proficient)

Confidential

Program Manager

Responsibilities:

  • Managed operational activities: gathered user requirements, led site surveys, wrote memorandums of agreement
  • Provided policy analysis in support of enterprise wide acquisition programs: conducted JCIDS (Joint Capabilities Integration Development System) analysis, supported capabilities based assessments (CBA), developed architectures (overview, system, and technical), wrote security documents: SSAA, Appendix-I, NMCI required documents
  • Participated in strategic working groups: HSPD-12, Biometrics, Identity Management, Physical Security, PKI
  • Reviewed commercial and government owned force protection systems for efficacy of federal application
  • Assessed systems for compliance to laws, policies, regulations: NIST SP 800-53, FIPS 201, NIST SP 800-76, DITSCAP, DIACAP, Privacy Act, Clinger Cohen, FISMA, OMB Circular A-123
  • Demonstrated and briefed systems to senior officials at AAMVA Conference, military user conferences, product reviews, new customer reviews
  • Led site surveys: Virginia, Washington D.C., Kuwait, Qatar, and Krygyz Republic - conducted wireless LAN surveys, reviewed gate automation requirements, documented throughput of entry control points
  • Documented government-wide business requirements and analyzed process flows for personnel security programs, credentialing, and background vetting
  • Performed risk assessments: cost, schedule, performance capacity, inventory, system development
  • Contributed to the development of policies for identification and authentication of people for physical and logical access control
  • Recommended management approaches for service delivery: SaaS, ITIL, SAS70, ISO 9000

Policy Environment: NIST 800-53 Special Publications (Expert); HSPD 12 (Expert); FIPS 201 (Intermediate)

Confidential

Program Manager

Responsibilities:

  • Supported program management offices: DoD Biometrics Management Office and DoD Biometrics Fusion Center
  • Reviewed results of operational and functional testing
  • Provided technical and managerial leadership: financial reporting, resource allocation, functional analysis, program reviews, and JCIDS life-cycle planning and management
  • Managed daily delivery of contract requirements, ensured activities were carried out in accordance with specified objectives
  • Developed and planned methods and procedures for implementing the enterprise biometrics program
  • Selected and supervised personnel for specific functions, phases, and program tasks
  • Analyzed Global Information Grid (GIG) requirements, and conducted pre-milestone activities of the Joint Capabilities Integration and Development System
  • Responsible for market research, strategic planning, security policy development, DITSCAP, budget analysis, project management, analysis of alternatives, Automated Fingerprint Identification Systems architectures, and C4ISR architecture work products
  • Chaired DoD working group; coordinated research and systems engineering efforts; captured and stored user requirements; briefed status reports to senior DoD executives; co-authored CONOPS, mission/vision statements; and supplied analysis used for Functional Area Analysis, Functional Needs Analysis, and Functional Solution Analysis

Policy Environment: DoDAF (Expert); DITSCAP (Expert); JCIDS (Expert); HSPD 12 (Expert); Privacy (Intermediate)

Hire Now