WORK SYNOPSIS Over 15 years of professional experience in a broad range of information technology projects, including providing information security/assurance services and solutions, for government and corporate organizations. As a strong self-starter, I have on many occasions been tasked by management to create and define my own position in order to address emergent needs. This often included building and leading teams with members L F from varied technical and non-technical organizations. Experience includes developing, implementing, and conducting Information Security/Assurance programs, policies, processes, and procedures per various security frameworks / laws / standards / directives, e.g.: FISMA OMB directives Presidential Directives NIST SP-800 series FIPS HIPPA Privacy Act PCI DSS. SUMMARY OF EXPERIENCE Confidential Assigned to Division of Information Security and Assurance DISA in the Office of the Deputy Commissioner for Systems DCS /Office of Enterprise Systems Architecture and Engineering OESAE . Significant Tasks Projects Lead for new initiative to conduct a comprehensive review and revision of DCS policy, processes and procedures for information security risk management. Leader of DISA Risk Management Team. Tasks included: A. Subject matter expert for information security risk management programs and processes. B. Subject matter expert for Federal Information Security Management Act FISMA and other applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance. C. Prepared and presented training/briefings for Risk Management Team members and others on the National Institute of Standards and Technology NIST FISMA Risk Management Framework and associated standards and guidance documents. D. Developed processes and procedures for performing information security risk assessments SRAs . E. Provided risk management consultation to system/application development projects. F. Led performance of SRAs for development projects, new technology implementations, and other areas. G. Prepared risk management initiative project documents, including detailed project plans. H. Evaluated and provided recommendations for procurement of automated risk management/assessment tools. I. Provided input for revision of agency policy/standards to more closely follow security recommendation, requirements, and controls for federal information systems. Reviewed new applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance for impact on agency IT security operations, policy, or processes. Also reviewed other relevant initiatives, policy papers, and news reports. Prepared analyses and recommendations. Provided support for emergent IT security policy issues e.g., requests for rulings/clarifications/modifications . Included: A. Research relevant agency and Federal requirements. B. Attend any associated meetings as subject matter expert. C. Recommend response/course of action. D. Draft input to revisions to existing agency security policy documents as needed. E. Brief personnel as needed. Confidential Subcontractor to Lockheed Martin Information Technology Global Services on contract for Office of Chief Information Officer OCIO , Social Security Administration SSA . Assigned to the Office of Information Technology Security Policy OITSP , performing tasks in support of the SSA Chief Information Security Officer CISO . Significant Tasks Projects Drafted documents for and performed project management duties for a comprehensive review and revision of the agency-wide information systems security policy and standards manual. The task included: A. Research applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance. B. Review existing agency documents for compliance. C. Prepare a gap analysis comparing existing agency policy/standards to Federal requirements. D. Draft new, compliant documents incorporating and expanding upon existing policy/standards. E. Restructure the organization of agency policy/standards to more closely follow the organization of recommended security controls for Federal information systems. F. Plan for and conduct review sessions of draft documents with other agency components to summarize and explain the technical aspects, and to solicit comments/recommendations. G. Develop process for collaborative review and revision of documents. H. Prepare project documents, including detailed project plans to support multiple project timelines. Reviewed new applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance for impact on agency IT security operations, policy, or processes. Also reviewed other relevant initiatives, policy papers, and news reports. Prepared analyses and recommendations. Provided support for emergent IT security policy issues e.g., requests for rulings/clarifications/modifications . Includes: A. Research relevant agency and Federal requirements. B. Attend any associated meetings as security policy advisor. C. Recommend response/course of action. D. Draft revisions to existing agency security policy documents as needed. E. Brief personnel as needed.