TECHNICAL SKILLS:

• Cyber Security Assessment & Management (CSAM), 
• Nessus, 
• WebInspect, 
• Windows Server 2008, 2012, 
• Windows 7, 8, 10, 
• Microsoft Office, 
• Visio, 
• SAP, 
• Hyperion, 
• TeamMate, 
• Business Objects,
• Mainframe.

PROFESSIONAL EXPERIENCE:

Confidential, MD

Senior Cyber Security Analyst

• Utilize NIST Publications to assess, implement, and document security requirements for Federal information systems, develop policies and procedures, and ensure information system security documentation are in compliance.
• Develop Security Control Assessment Test Plan used in assessing the information system security controls.
• Perform annual security control assessment of information system to ensure FISMA compliance.
• Perform vulnerability and compliance scans, using Nessus and WebInspect, to detect vulnerabilities and validate compliance with policies and standards.
• Examine Nessus and WebInspect scan report to validate findings and eradicate false positive. Research remediation measures for the vulnerabilities.
• Perform risk assessment and develop Security Assessment Report with findings and suggest remediation.
• Interface with system owners and administrators to present the vulnerabilities and recommend remediation strategy.
• Monitor remediation of vulnerabilities and findings from review, interview and technical assessment of the security controls through Plan of Actions and Milestones (POA&M) using CSAM.
• Review POA&M for closure in CSAM. Maintain system document inventory in CSAM.
• Validate security control tailoring in FIPS 200 and FIPS 200 Matrix.
• Develop Standard Operating Procedures in support of system categorization using FIPS 199.
• Assist in the development and review of information system documentations such as System Security Plan, E - Authentication, Contingency Plan, and Risk Assessment Report.
• Ensure information system maintains Authorization to Operate package in other to continue operation.

Confidential, McLean, Virginia

Senior Consultant III

• Department of Education
• Worked as security control assessor, utilize Risk Management Framework (800-37) and other several NIST publications (NIST 800-30, 800-53A, FIPS 199, FIPS 200) to assess the security controls applicable to information and information systems, identify and assess associated risk, and recommend possible measures to address the risk.
• Assess information and information systems using mechanisms such as review of system security documents such as System Security Plan, Risk Assessment Report, Contingency Plan, etc. interview of information system administrators, and technical testing using Nessus and WebInspect to perform vulnerability and compliance scan.
• Develop Security Assessment Plan to assess the information system, also develop Security Assessment Report to document findings and recommend remediation measures.
• Participate in the management of Plan of Action and Milestone (POA&M) using Cyber Security Assessment and Management (CSAM), and review POA&M for closure.
• Maintain Authorization To Operate package in accordance with the client’s requirement and compliant to FISMA.
• Exelon
• Led the change management transfer of knowledge, annual budget preparation, and other key accounting functions within the Benefits Accounting department at a fortune 100 utility corporation.
• Managed team leadership and client’s communication expectations by constantly providing project status updates.
• Fannie Mae
• Worked in partnership with all levels of client management (including C-level executives and senior leadership) to perform a servicer oversight and monitoring assessment for Fannie Mae, a secondary lending banking institution by facilitating walkthroughs with key client stakeholders to identify gaps in their oversight approach and methodology.
• Reviewed prior servicer oversight reports and interviewed the servicer oversight groups to analyze and identify gaps in their methodology and approach.
• Managed team leadership and client’s communication expectations by constantly providing project status updates.
• Beneficial Bank
• Participated and led client Sarbanes Oxley 404 compliance walkthroughs, interviews, and information gathering used for analysis to achieve fact-finding, definition of problems or opportunities, evaluation of alternatives, formulation of proposed action, communication of results, and follow up.
• Planned the development of the audit plan by identifying the audit scope, objectives and audit program; determined audit procedures to be used. 
• Prepared oral presentations and/or written reports supporting results of audit examination, conclusions, and recommendations.
• Managed engagement resources and the work completion process, meeting client agreed upon deadlines and exceeding expectations.
• Met with client Business Process Owners (BPO) to re-identify and re-write key risk language noted in existing control narratives and flowcharts.
• Monitored and evaluated the quality and content of work performed by audit staff. 
• Developed relationship with client management personnel to foster rapport and serve as a risk and control knowledge resource.
• XL Health
• Successfully led the Model Audit Rule (MARS) and Sarbanes Oxley 404 compliance program for XL Health, a $1.1 billion private equity held Managed Care Organization (MCO) based in Maryland.
• Assessed operating processes and developed conclusions about their effectiveness; identified controls points within key processes.
• Performed first level review of compliance audit reports and coached engagement staff to improve team development and quality of client deliverables.
• Trained, monitored and reviewed the quality and content of work performed by audit staff. 
• Managed team leadership and client’s communication expectations by constantly providing project status updates.
• JP Morgan
• Performed gap analysis and assessments related to various federal regulations and state laws.
• Conducted various tests to determine adherence to a myriad of regulations including the USA Patriot Act, Bank Secrecy Act, Escheatment/Retirement planning and Regulation(s) Expedited Funds Availability (CC), Truth in Savings (DD) and Truth in Lending (Z).
• Conducted interviews with Subject Matter Experts (SME) to understand and update the current Demand Deposit Account (DDA) processes, control matrices and related regulations.

Confidential, Gaithersburg, Maryland

Auditor II

• Led Sarbanes Oxley 404 audits in key areas to verify the accuracy and effectiveness key company level controls. Performed routine on-site anti-fraud audits designed to identify misappropriation of company assets and non-compliance of company procedures.
• Conducted ad-hoc investigations to provide upper management with properly documented reports on company-wide fraud allegations.
• Performed Sarbanes Oxley testing in keys areas like Finance, Treasury, Purchasing and Payables, Risk Management, Payroll, Compensation, Benefits, Supply Management, Division and Company level controls.
• Conducted walkthroughs with key stakeholders to understand and document company level key processes with the use of flowcharts and narratives.
• Conducted routine on-site high risk audits that involved information gathering interviews and preparation of audit documents that accurately reflected audit observations and recommended corrective action plans.
• Developed audit plans and work paper to effectively and efficiently perform audit activities and reach appropriate conclusions.
• Provided management with recommendations for action and/or modifications to financial procedures, plans, and controls and maintained communication as they worked to implement control improvements and corrective action.
• Reviewed operational Key Performance Indicators (KPI) and Service Level Agreement (SLA) for compliance and made necessary recommendations to operation management reducing the company’s exposure to loss in revenue resulting from not attaining client’s key operational goals and expectations.
• Conducted ad-hoc special investigations and forensic audits to identify potential business abuse at the operational level that involved interviewing employees and analyzing related data.
• Investigated sales tax collected and reported within the Northern America operations that identified potential annual sales tax issue of $10.6 million.

Confidential, Washington, District of Columbia

General Accountant

• Reviewed travel, special event and cash documents for compliance with university policies and procedures and recorded appropriate journal entries of activity.
• Examined requests for cash reimbursements for propriety and prepare journal entries to charge proper expense codes utilizing the institution’s Mainframe system.
• Reconciled vendor statements of accounts and maintained for each vendor an open and closed document file that enabled all authorized employees to find or retrieve information upon request.
• Assessed the appropriateness of charges for goods and services and initiated the prompt payment of vendor invoices in accordance with university policies and procedures.