Post Job Free
Sign in

System Security Scrum Master

Location:
Manassas, VA
Posted:
March 07, 2023

Contact this candidate

Resume:

CAROLINE DAVIS-WEAVER

Manassas, VA *****571-***-**** • advrf6@r.postjobfree.com

SCA,ATO,POAM,SSP, SAR

Accomplished and focused professional with extensive experience in information security, project development/management, and assessment and authorization process (A&A) process. History of success in implementing security measures, assessing information systems for risks, identifying/reducing vulnerabilities via POA&M, protecting confidential information, monitoring abnormal activity, and preventing security breaches.

Excel at increasing internal/external stakeholder engagement, identifying process improvement opportunities, resolving impending issues, analyzing/mitigating potential risks, and fulfilling operational gaps while ensuring compliance with defined procedures.

In-depth knowledge of federal security policies, standards, and guidelines, including NIST 800 SPs, such as 800-37, 800-53/53A rev 4, FIPS 199/200, FISMA, HIPAA, and FedRAMP.

Instrumental in risk assessment, risk management framework (RMF), systems development life cycle (SDLC), and security assessment and authorization process (SA&A).

Proven expertise in the development of ATO package documents, such as SSPs, SARs, POA&Ms, contingency plans, incident response plans, PIA, and configuration management plans.

Demonstrated ability to lead cross-functional teams and resolve escalated and impending key issues. Possesses strong communication, analytical, organizational, relationship-building, and problem-solving skills.

•System Security/Contingency Planning

•Authorization-To-Operate (ATO) Process

•Security Documentation & Reporting

•Enterprise Security Risk Management

•Security Assessment & Authorization

•Regulatory & Security Compliance

•Risk Assessment & Management

•Security Control Assessment

•Team Training & Leadership

•Plan of Action & Milestones

•Privacy Threshold Analysis

•Stakeholder Engagement

•PO&AM Management

•Relationship Management

Career Experience

ManTech International Corporation Washington DC

Information System Security Office Dec 2021 to Present

Analyze privacy threshold analysis (PTA) and e-authentication with system stakeholders by performing security categorization and using NIST SP 800-60 and FIPS 199.

Develop and maintained other security documentation in accordance with the system security plan, while collaborating with stakeholders.

Identified the effectiveness of current security controls and a path forward to implement future security controls through cooperation with the security control assessors (SCA) team.

Accomplished an authorization to operate (ATO) package through risk management framework assessment and authorization process

Familiarize with NIST 800-18, 60,53,30,34,128,61, 39, 37,137, FIPS 199, 200, organization policy, and procedures to gain an ATO.

Review, and update accreditation packages and supporting documents to maintain an existing ATO state for all systems operating in the production environment that follow all government DOD, NIST DISA policies and standards.

Develop, update, and monitor the information system documents to obtain ATO such as PIA, PTA, CMP, IRP, CP, SAR, POA&M, RAR, SSP, MOU, MOA and upload artifacts into organization applications such as RiskVision, XACTA or EMASS.

Worke with client System Owner, Program Manager, Information System Security Manager, and Information System Security Engineer ISSE and led Government RMF ISSO to conduct the initial assessment of the effectiveness of the security controls and document the issues, findings, and recommendations in a Security Assessment Report (SAR).

Complete and updated documentation such as security CONOPS, security controls traceability matrix, and system security plan, and track and maintain user agreement and training.

Monitored information system for compliance and vulnerabilities report and analyzed results, created POA&M from the Tenable SC scan results. Worked with the ISSM, ISSE, PM and SO to come up with a plan to mitigate the vulnerabilities.

ManTech International Corporation Fort Bragg, NC

Information System Security Office/ISSO March 2020 to Dec 2021

Managed the acceptable user policy including processing packages for new employees. Privileged users are required to sign the statement of responsibility policy which is uploaded to the Army Training Certification Tracking System (ATCTS).

Ensured all Womack Army Medical Center users completed information assurance training before receiving Network access, and awareness training within one year according to AR25-2 and NIST 800-53.

Supported WOMAC’s effort to comply with government information assurance training and policies, procedures, and documentation requirements.

Reviewed track, and conduct information assurance training for over 3,500 individuals.

Ensured WOMAC information systems are protected against unauthorized users and users in violation of AR25-2 by terminating network access.

Guidance in safeguarding Information Assurance WOMACK Technical Levels I-III obtain a DoD baseline commercial within six months of the appointment of new hires.

Improving Acceptable Use Policies (AUP) privileged access and user access, and are personnel required to sign the appropriate AUP prior to being granted access to the information system.

Developed and maintained other security documentation in accordance with the system security plan, while collaborating with stakeholders.

Identified the effectiveness of current security controls and a path forward to implement future security controls through cooperation with the security control assessors (SCA) team.

Accomplished an authorization to operate (ATO) package through risk management framework assessment and authorization process.

Developed, updated, and maintained RMF documentation, such as ATO packages, SSPs, SARs, POA&Ms, eMASS, and security control traceability matrixes (SCTM) for all networks and systems.

Conducted risk assessment, and updated system security plan (SSP), contingency plan (CP), and plan of actions and milestones (POA&M) by serving as a member of the certification and accreditation team.

Allied Universal Contracted Manassas, VA

Security Control Assessor Jan 2016 to March 2020

Created an assessment and authorization (A&A) package for reviews by collaborating with information system security officers and utilizing the six steps of the risk management framework process (RMF).

Established and executed strategic Plan of Action and Milestones (POA&M) of all accepted risks in accordance with security control assessment (SCA) exercises and documented in the system security plan (SSP).

Developed, analyzed, and managed system security artifacts, including contingency plans (CP), incident response plans (IRP), privacy impact assessments (PIA), MOUs/ISAs, and risk assessment (RA) documents for compliance with NIST 800 guidelines and agency’s security requirements.

Utilized perimeter security mantraps, gates, and fences to protect employee lives and facilities against unauthorized individuals.

The University of Maryland University College Adelphi, MD 20783

Information System Security/Cybersecurity Police Jan 2012 to Jan 2016

Developed, updated, and maintained RMF documentation, such as ATO packages, SSPs, SARs, POA&Ms, and security control traceability matrixes (SCTM) for all networks and systems.

Conducted risk assessment, and updated system security plan (SSP), contingency plan (CP), and plan of actions and milestones (POA&M) by serving as a member of the certification and accreditation team.

Reviewed, monitored, and reported plan of action and milestone (POA&M) status to all stakeholders and follows up with appropriate personnel to ensure the remediation and reporting of POA&Ms in a timely manner.

U.S. Army U.S.A

Operational Supervisor Feb 1982 to Jan 2016

Developed and implemented a standard army retain supply system production base training program by ensuring all individuals trained to operate and use system. Analyzed and monitored the Army reserve policies, procedures, laws, standards, and regulations. Collaborated with all Army reserve command across Los Angeles by supporting reserve units. Created work schedules and assignments for staff according to the workload, space, and equipment availability.

Accomplished 100% inventory and accurate fielding achievements by managing all aspect of the property book unity supply enhancement (PBUSE) and standard army management information systems retail.

Improved 80% the unit’s retention rate of mission by organizing recruiting partnership council meeting.

Increased three brigades’ mission from 50% to 95% by planning, directing, and coordinating operations of all subordinate and recruiting activities to ensure maximum production in all procurement programs.

Education & Credentials

Master’s Degree in Cybersecurity Policy, University of Maryland University College, Adelphi, Maryland

Professional Certifications:

CompTIA Advanced Security Practitioner (CASP)

CompTIA Security+ (S+) Certification

Scrum Master Accredited Certification (SCM)

Technical Proficiencies:

Risk Management: Governance, Risk, & Compliance (GRC)

Operating Systems: Windows Operating Systems & Microsoft Server

Microsoft Suite: Word, Excel, & PowerPoint



Contact this candidate