We provide IT Staff Augmentation Services!

Information System Security Officer Resume

EXPERIENCE SUMMARY:

In my information systems career, I have accumulated a total of twenty-seven years of experience in Project Management, Certification and Accreditation, Enterprise Architecture Security Risk Assessment, Privacy Impact Assessment, Continuity of Operations Planning, Systems Development and Life Cycle Management, System Security Engineering, System Vulnerability Monitoring, and Database Development, and Data Loss Prevention. I am well-known to be versatile and quick at solving problems. I have achieved excellent peer evaluations as Adjunct Professor for information systems management and computer science. Currently, I am preparing for the Certified Ethical Hacker exam through independent study.

PROFESSIONAL EXPERIENCE:

Confidential

Information System Security Officer

Lead meetings on application development to ensure compliance with requirements mandated by FISMA and FedRamp for the Small Business Administration unit for Disaster Credit Management Systems. Assessed and updated system documentation as part of Information Security Continuous Monitoring (ISCM) process detailed in NIST 800-137. Examined and revised the System Security in accordance with new guidance on security and privacy as detailed in NIST 800-53, Rev. 4. Provided analysis and revisions for the Compliance Officer on Internal Operations Procedures including Access Account Management, Encryption, Firewall Management, and prepared assessments for cloud technology development, third-party responsibilities, potential database growth hazards, and data loss prevention. Utilized Cyber Security Assessment and Management (CSAM) tool to track POA&M process and to archive signed security documents. Reviewed and interpreted hourly alerts and daily changes in system configuration, user permission and escalations in network change security activities.

Confidential

Team Lead

Supported the Department of Commerce U.S. Patent & Trademark Office as Facilitation Point of Contact/Information System Security Officer in procedures consistent with NIST 800-37 Risk Management Framework and System Development Lifecycle Policy. Conduct pre- and post-assessment activities for information systems Security Assessment and Authorization. Develop security documentation (including System Security Plan, Risk Assessment Report, POA&M Report, and Risk Acceptance memos) and update system artifacts in coordination with System Owners, Technical Leads, and Federal ISSOs. Provide review and analyses of Security Impact Analysis and FIPS-199 Security Categorization. As Team Lead, plan team meetings, provide QA review of information system assessment packages, serve as liaison to the Independent Verification and Validation team, supply details for FISMA quarterly reporting, provide orientation for new team members, and coordinate workflow with program manager.

Confidential

Information Assurance Engineer

Under a contract with Defense Health Services Systems supported DoD Information Assurance Certification and Accreditation Process (DIACAP) activities. Led general tasks and a management structure process for the continuous monitoring of the information assurance (IA) posture throughout the system's life cycle . Participated in the Technical Review of a SAP application migrating to a cloud computing with VMware virtualization. Scrutinized POA&M status to avoid lapsed target dates and to ensure completion of mitigation of vulnerabilities as part of continuous monitoring.

Confidential

System Security Consultant

Under Department of State Information Resource Management contract, responsible for the evaluation and verification of mandatory security configuration requirements through weekly report analysis based criteria including vulnerability scans and patch management data. Reviewed system security requirements including analysis of department policy, regulatory guidance, and resource demands. Ensured compliance with National Institute of Standards and Technology (NIST) Special Publications: 800-18, 800-34, 800-37, 800-53, 800-53A, and 800-142. Reviewed enterprise-wide systems security network connectivity policies, access control configurations, interconnection service agreements, cryptography requirements, business continuity planning/testing, and physical security integration.

Confidential

Senior Privacy Analyst

Supported the Privacy Office of the United States Agency for International Development. In compliance with FISMA, OMB, and NIST requirements, performed analysis of over 120 information system collections and privacy impact assessments. Authored System of Record Notices for the Federal Register. Collaborated with forms owners on developing Privacy Act Statements for electronic forms and reduction in the use of Personal Identifiable Information. As administrator for Symantec Data Loss Prevention, provided expertise in privacy policy message alerts; reviewed backlog of outgoing messages for USAID policy violations concerning loss of confidential information and privacy data. Represented the Privacy Office in New Employee Orientation presentation series and addressed questions on both the data loss prevention and the implementation of Symantec PGP software for email message encryption.

Confidential

Senior System Security Consultant

Conducted meetings for the Department of State Bureau of Consular Affairs (CA) to provide direction for project managers, developers, network administrators, and database engineers. Received Leadership Award in recognition for improvement in the security posture of major applications through collaboration and preparation 19 Certification and Accreditation packages including: privacy impact assessments, contingency plans, risk assessments, system security plans, and security configuration change analysis. Within CGI Federal Enterprise Security Practice, updated corporate Incident Response Procedure Standard and the Audit Policy and Procedures documentation; provided methodology for assessment of cloud technology solutions. Developed policies and procedural guidance for in-house virtual information systems to meet HIPPA and HITECH Act mandates in preparation for federal audits. Examined data loss prevention and identity management solutions provided by Terremark to be implemented for Department of Health and Human Services.

Confidential

Senior Security Engineer

Provided direct response to project managers and teams on security related issues including government compliance, disaster recovery planning, secure vaulting, intrusion detection, log auditing, event monitoring, managed firewall services, cyber threat notification, remote access security, and migration for collocation projects. Provided information security analysis for the product development of Trusted Internet Connection (TIC) services, Managed Trusted Internet Protocol Services, and Secure Operations Centers. Negotiated with vendors on innovative projects by providing hardware/software specifications.

Confidential

Senior Security Engineer

Provided system security analysis on special projects for the Information Security Officer at the Department of Labor Occupational Health and Safety Administration. Contributed to the production of Computer Security Awareness and Incident Response training . Completed Inspector General data-calls for internal audit reports. Prepared policy and procedure documents for OSHA to comply with federal and DOL guidelines including Personal Identifiable Information (PII) protection directives. Contributed to the internal proposal and business development of TechGuard.

Confidential

Team Lead for System Security

Led teams of engineers and systems analysts to complete automated risk assessments for Department of Defense Health Systems TRICARE/ Management Activity. Managed five projects and twenty staff members, in conjunction with developers, and system owners within certification efforts. Supervised compliance activities with DIACAP and NIST guidelines for C&A of network support systems and major applications. Worked with applications developers on specific issues of data loss prevention and HIPPA compliance for information systems that stored and transported medical data. Conducted weekly status meetings on projects, created presentations, and edited final certification packages for submission to the authorizing officials.

Confidential

Senior Systems Security Analyst

Created policy documents for Department of Labor in accordance with NIST and OMB guidance on system security topics including: email security procedures, wireless usage, security awareness training , and incident response handling, and reduction in the use of Personal Identifiable Information (PII). Prepared C&A documents including: disaster recovery plans, risk assessments, configuration management plans, system security plans, comprehensive planning, interconnection security agreements, and security self-assessments. Provided reports on continuous monitoring via quarterly updates of POA&M, summaries from Configuration Control Board activities, and information system scan data.

Confidential

Senior IT Security Policy Analyst

Updated the Department of Homeland Security Sensitive System Policy 4300A document and its appendices. Authored DHS guidance on Certification and Accreditation (C&A) policy and procedures as a special appendix 4300A. Validated C&A artifacts submitted by DHS components in Trusted Agent FISMA and submitted reports for compliance dashboard. Performed analysis and cross- reference d federal documents relating to emerging technologies and existing policy, directives, laws, and guidelines. Trained ISSOs on compliance policies and setting remediation goals.

Confidential

Senior Security Analyst

Provided high-level analysis, under contract to the Department of State, to system owners and developers aimed at the achievement of the Authority to Operate. For C&A documentation, set standards on production of summaries on threat sources, risks, testing plans, continuity planning evaluation, database integrity, and overall system security integration in reports for Certifying Officer. Led projects on system security assessments: defining mitigation plans, outlining re-engineering efforts, and estimating remediation costs. Under separate contract, Authored Business Impact Reports, Privacy Policies, and Systems Security Plans, and Continuity Plans for the National Park Service.

Confidential

Information Assurance Project Manager

Managed project to conduct Security Self-Assessments and manage resulting POA&Ms for 80 Department of Labor information systems in preparation for Certification and Accreditation. Credited for development of an innovative SRA Product that automated the assessment of information system security posture from raw data to comprehensive graphic representations. Managed staff training , expansion of SDLC strategies, and collaboration on contingency plans. Reported on status of: costs, schedules, resources, project scope, risk assessments, and accounting data. Under contract to the Department of the Interior, created the Information Technology Contingency Planning Guide – that served as a standard for all of the bureaus of the Department of the Interior.

Confidential

Project Leader - Continuity Planning

Directed management support for the Defense Finance and Accounting Services (DFAS) Headquarters continuity of operations planning. Supported system installation and maintenance of the Living Disaster Recovery System Planning (LDRPS) including: database administration, requirements gathering, and documentation of resources. Received outstanding performance rating for organizing and training of support teams at DFAS field locations.

Confidential

Project Manager - Systems Support

Managed staff of 67 analysts and agents, who serviced 6,000 callers per month on Federal Systems Help Desk. Created Business Continuity Plans in coordination with Unisys International. Received commendation for implementation project involving Bureau of Alcohol, Tobacco, and Firearms 5000-seat nationwide 90-day integration contract; created the database framework for site surveys, tracked installation progress, systematized expense reporting, managed, and programmed an asset management database. Under contract to the Department of Defense, collaborated on an initial analysis project to integrate state and local law enforcement information systems in the Gulf States.

Hire Now