We provide IT Staff Augmentation Services!

Compliance Analyst /isso Resume

Vienna, VA

SUMMARY:

  • Seven years of Cyber Security, RFM, FedRAMP, five to six - year experience as an Information Security Officer, Privacy and Data. Protection, Security Management & Operations, Vulnerability scanning, Security testing, Penetration testing, Certification and Accreditation (A&A), Project Management, Change Management, NIST 800-53 rev1 and rev4 and NIST SP 800-37 rev 1, 800-18, 800-53 rev 3 and 800-34, FIPS, FISMA, PCI DSS, Security Content Automation Protocol, NIST family of security controls, POA&M, A&A Package, Incident and Contingency planning, Knowledge of ISO 27001 and ISO 2702 Security Standards and Controls, Knowledge of the System Development Life Cycle (SDLC ),, PMBOK Project Management Knowledge Areas, Research Analysis, Risk management, Costs planning and, Project scheduling and Planning, General Management, Communication, Negotiation, Mediation Facilitation, Leaderships and Organization.

TECHNICAL SKILLS:

  • Internet Applications
  • Words
  • Excel
  • MS Project and PowerPoint
  • MS Visio
  • Access
  • SharePoint and DOVICO
  • Nessus
  • Foundstone
  • Webinspect TAF
  • Xacta
  • CFACTS and CSAM

PROFESSIONAL EXPERIENCE:

Confidential, VIENNA VA

Compliance Analyst /ISSO

Responsibilities:

  • Perform and manage C&A tasks, including FIPS 199 categorization, selecting of security controls using NIST 800 53 as a guide, writing of implementation statements and assessment.
  • Review all preexisting systems categorization using FIPS 199 and NIST 800 60 vl.2 as a guide to ensure all details and relevant information are captured.
  • Review assigned systems security artifacts to ensure that these are incompliance with FISMA regulations.
  • Preparing & overseeing documentation for systems that need decommissioning, ATO extensions, System migrations and Standalone accreditations.
  • Work with the client, SaaS providers and internal development team to identify security gaps and resolve them to protect client data.
  • Collaborating with Information System Owners (ISO), Joint Staff Admins, A&A personnel to ensure all necessary IA documentation are provided for major transition to the Cloud System.
  • Collaborating with Engineers to ensure mitigation of System findings, updating POAMS, and backing up packages in event of System outages.
  • Reviews and maintain information assurance policies, procedures, and Certification & Accreditation (C&A) of systems.
  • Assists System Administrators in security, analyses, and risk/vulnerability assessments.
  • Establishing, monitoring, and re-assessing systems Plan of Action and Milestones (POAMs) to effectively address systems weakness or vulnerabilities.
  • Work closely with System Owner (SO) and Technical POC for assigned systems to develop and/or maintain the following Security Assessment & Authorization (SA&A) Artifacts: System Security Plan (SSP), Risk Assessment Report (RAR), Business Impact Analysis (BIA), Privacy Impact Analysis (PIA), Contingency Plan (CP), Contingency Plan Testing and Plan of Action & Milestones (POA&Ms).
  • Maintain A&A project documentation in CSAM and update the documents on an annual basis as part of the continuous monitoring RMF requirement. Perform independent compliance reviews, tracking, and continuous monitoring of RMF A&A packages.
  • Advise and assist with the Lifecycle Assessment and Authorization (A&A) process and developing a Systems Security Plan (SSP).
  • Identified and documented security requirement conflicts and collaborations with team leads, clients, engineers, and developers.
Confidential, Marlboro MD

Information Security Analyst

Responsibilities:

  • Implemented C&A duties and updated POA&M and Critical Control Review (CCR) analysis and remediation of POA&M and CCR findings. Involved in System Security Plan (SSP) Contingency Plans (CP) Contingency Plan Test (CPT), authorship, analysis and modification.
  • Provide ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA.
  • Updated and reviewed A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, POA&M, BIA, PTA, PIA, and more Collected Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless.
  • Provided security expertise and guidance in support of security assessments and supported A&A (C&A) activities according to the A&A project plan
  • Reviewed authorization documentation for completeness and accuracy for compliance and facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities
  • Executed examine, interview, test procedures in accordance with NIST SP 800-53A Revision 4.
  • Oversaw the preparation of a Comprehensive and Executive Certification & Accreditation (C&A) packages for submission to the Information Assurance Program Office for approval of an Authorization to Operate (ATO).
  • Reviewed and updating System Security Plan (SSP) based on findings from Assessing controls using NIST SP 800-18 rev1, NIST SP 800-53a rev4 and NIST SP 800-53
  • Applies appropriate information control for Federal Information Security based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199 and FIPS 200.
  • Conduct Security Assessment via document examination, interviews and manual assessments; Populate the Requirements Traceability Matrix (RTM) with results of Security Assessment.
  • Reviewed and update some of the system categorization using FIPS 199. Created and update Contingency plans and Disaster recovery plans for information systems using NIST SP 800 - 34.
  • Updated IT security policies, procedures, standards, and guidelines according to department and federal requirements.
  • Developed audit plans and programs to evaluate control areas on projects such as financial statement audit, SOX testing and SAS 70/SSAE 16.
Confidential, Beltsville MD

TrinitechConsulting Information Security Officer /Analyst

Responsibilities:

  • Performed Federal Information Security Management Act and audit reviews using NIST 800-37 rev 1.
  • Updates IT security policies, procedures, standards, and guidelines according to department and federal requirements.
  • Performed risk assessments, developed and review System Security Plans (SSP), Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration Management Plan (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and other tasks and specific security documentation in accordance with NIST SP 800-37 rev 1, 800-18, 800-53 rev 3 and 800-34.
  • Performed information security risk assessments and assist with the internal auditing of information security processes. Assess threats, risks, and vulnerabilities from emerging security issues.
  • Assisted with selection and implementation of controls that apply security protections to systems, processes, and information resources using the NIST family of security controls.
  • Developed Security Authorization documents, System Security Plan, Security Assessment Plan, Plan of Action and Milestones (POA&M), Contingency Planning and artifacts in accordance with NIST guidelines.
  • Developed audit plans and programs to evaluate control areas on projects such as financial statement audit, SOX testing and SAS 70/SSAE 16.
  • Assisted the ISSO with the development and implementation of ISO 27001 policies, standards, procedures, processes, and guidelines.
  • Reviewed policies and procedures and risk management programs to ensure compliance with HIPAA and PCI DSS regulatory framework.
  • Analyzed security controls, privacy and resiliency risk management programs and controls, recommending improvements and designing controls to simultaneously manage risks and costs.

Hire Now