SUMMARY

• An information security professional with Security +, ITILv3 and CEH credentials with over 7 years of experience in IT Security Audit delivering a full range of services to government clients and all phases of project and engagement management.
• An excellent communicator with experience as a technical writer and editor.
• Experience in conducting Information Technology General Controls (ITGC) and Application Level Controls through financial statement audits and audit readiness projects

TECHNICAL SKILLS

Microsoft Office Suite: Word, Excel, PowerPoint, Outlook

Auditing Software: ACL, IDEA

Collaboration Tools: TeamMate, SharePoint, EY Canvas, GAMx SPW

Vulnerability Scanning Tool: Nessus

PROFESSIONAL EXPERIENCE

Confidential, Washington, DC

IT Audit Lead

Responsibilities:

• Provide support, analysis, research, and advice into exceptionally complex problems, and processes relating to IT Audit.
• Correlate findings resulting from audits conducted using the Federal Information System Controls Audit Manual (FISCAM) to NIST security controls developed under the Federal Information Security Management Act (FISMA).
• Develop responses to auditors’ Notification of Findings and Recommendations (NFR) to include risk assessments, corrective actions, and descriptions of risk - based decisions.
• Research and compile evidence in support of responses to security-related audits. Provide support for third-party audits performed by the OIG (annual financial statement and FISMA audits, penetration tests, other external regulatory agencies, and internal oversight elements.
• Process requests for “Provided by Client” information including artifacts, interviews, tests, demonstrations and walkthroughs. Coordinate each request with appropriate stakeholders to obtain the requested materials, submit for conveyance to the auditors, and maintain detailed records as to what was requested and what was provided.
• Draft audit finding closure memos, responses to auditor reports (including the Annual FISMA audit report), and other audit related documentation.
• Support the Program Manager by providing information for status reports, status briefings, schedules, project plans, etc., both in written and oral form.
• Support and coach the more junior team members, perform quality reviews and oversight as needed, and help ensure that the team provides deliverables of impeccable quality.

Confidential, Springfield, VA

Cybersecurity Analyst (Scrum Master)

Responsibilities:

• Demonstrated proficiency developing and updating Cybersecurity policies, standards and procedures.
• Planned and ensured the execution of the project work activities is in accordance with client requirements, schedule and budget.
• Maintained document version control, revision and approval records, to include change logs to ensure all document edits are incorporated.
• Maintained a policy project schedule for milestones/deliverables and produce weekly status reports for the Policy Project Manager.
• Drafted, updated and maintained department IT policy, guidance and procedure templates in accordance with organizational standards.
• Maintained a policy project schedule for milestones/deliverables and produce weekly status reports for the Policy Project Manager.
• Drafted, updated and maintained department IT policy, guidance and procedure templates in accordance with organizational standards.
• Worked with business stakeholders, project teams and other personnel to coordinate efforts of team members and contractors to deliver on implementation deadlines.
• Drove continuous improvements for the delivery teams.
• Facilitated project teams to resolve impediments, created culture of openness and collaboration.
• Coach team members and project stakeholders in Agile best practices to realize fullest potential for delivery.
• Conducted daily status meeting with team.
• Worked internally and/or with partners and clients in project kick-off meetings, scope discussions and project planning to create project work schedules, timelines.
• Built a trusting and safe environment where problems can be raised without fear of blame, retribution, or being judged, with an emphasis on healing and problem-solving.
• Facilitated discussions, decision making, and conflict resolutions.
• Managed and monitored changes in scope, prioritization and schedules.
• Upon completion of projects, documented lessons learnt and archived records.
• Facilitated the overall creative and production process - including initiation, scheduling, status updates and approval process.

Confidential, Springfield, VA

Security Analyst

Responsibilities:

• Updated and maintained the Departments Policy repository
• Reviewed company policies to ensure compliance with HIPAA privacy and security rules.
• Monitored and revised privacy program in accordance with changes in federal laws and regulations, (such as NIST, FISMA, FIPS, OMB) and company policy.
• Used HITRUST CSF to aid organizations with logical and physical security needs that go beyond HIPAA compliance.
• Worked with standard templates to ensure documentation is customer-branded, compliant, approved, and released.
• Created, revised, edited, and formatted new services documentation.
• Maintained document version control, revision and approval records, to include change logs to ensure all document edits are incorporated
• Maintained a policy project schedule for milestones/deliverables and produce weekly status reports for the Policy Project Manager.
• Drafted, updated and maintained Department IT policy, guidance and procedure templates in accordance with organizational standards.
• Conducted analysis and provided IT recommendations based on emerging threats, audit findings, NIST, OMB and any additional Federal laws, regulations, and recommendations.
• Reviewed and updated department documents as a result of Audit Corrective Action Plan (CAP) findings.
• Created Standard Operating Procedures (SOPs) and ensures that the policy documents are 508 compliant.
• Continuously reviewed and researched applicable security policies to support implementation of the Information Security Policy Plan.
• Prepared plan of action and milestones (POA&M) reports to record system deficiencies and findings for all DS applications and general support systems;
• Coordinated resolution of system deficiencies and POA&M findings with other Department offices, as required.
• Assisted with the review and editing of System Security Plans (SSP), Security Assessment Reports (SAR).