Post Job Free
Sign in

Security Manager

Location:
Manassas, VA, 20111
Posted:
August 07, 2011

Contact this candidate

Resume:

DATRICE AFRIYE-OPOKU

**** ***** ***** *****, ******** Park, VA 20111 703-***-**** ( E-Mail:

***********@***.***

CYBER SECURITY ANALYST

Eager to contribute highly skilled knowledge of IT security best practices

and the ability to develop and monitor a program that will provide

oversight and protection of critical assets and resources

PROFESSIONAL PROFILE

( Seasoned IT security professional with comprehensive business/technical

skillset and expertise in evaluating the security posture of federal

IT systems

( Diligent and dedicated security analyst with successful results in

recommending cost-effective mitigation strategies

( Motivated achiever who guides organizations in accomplishing mandated

compliance of security policy objectives

AREAS OF EXPERTISE

IT Security Methodologies

( Risk Management Framework (RMF)

( System Development Life Cycle (SDLC)

( Process Improvement

( Independent Verification and Validation (IV&V)

( Certification and Accreditation (CA)

( Customer Support

Operating Systems/Environments:

( Windows XP, UNIX, IBM Mainframe

Software Applications:

( Microsoft Office (Word, Excel, PowerPoint, Access, Visio)

( SQL

( SharePoint

( FTP Client

( Crystal Reports 10&11

( Clear Quest

( Remedy

( eTrust Admin

( Entrust

( Qualiy Center

( TrustedAgent FISMA (TAF)

Education:

( BS, Information Security, Strayer University (In Progress)

Certifications:

( CISSP

( Security +

Clearances:

( Top Secret/SSBI, Nov 2007

PROFESSIONAL EXPERIENCE

SRA International, Inc., Fairfax, VA, December 2002 to Present

Cyber Security Analyst, April 2009-Present

Cyber Security Analyst supporting the Bureau of Engraving and Printing's

Certification and Accreditation (CA) process that will assist them in

getting their IT systems FISMA compliant. Responsible for developing C&A

package artifacts such as system security plans (SSPs), security

categorizations, privacy impact assessments (PIA), and contingency plans

(CP). Work with system owners (SO) and administrators to identify and

document the status of their systems and provide recommendations to get

their systems NIST 800-53 rev 3 compliant. Conducting system impact

analysis (SIA) on changes proposed for accredited systems and determining

if those changes pose any significant change that could possible threaten

the security posture of the system and its underlying general support

system (GSS). Additionally, responsible for revamping the bureau's

continuous monitoring program and assisting the various system owners in

keeping track of their semi-annual and annual requirements that will ensure

that their systems maintain their authority to operate (ATO) during re-

certification.

Cyber Security Analyst, March 2008-April 2009

Supporting C&A efforts for both Department of Homeland Security (DHS) and

United States Department of Agriculture Forest Service (USDA FS) by

assisting system owners' in determining system categorizations for their

systems, developing C&A artifacts such as the system security plan (SSP),

security requirements traceability matrix (SRTM), and risk assessment (RA)

that followed OMB and NIST requirements and guidance. These artifacts were

developed using DHS templates and uploaded into TrustedAgent FISMA (TAF).

In addition, I conducted independent verification and validation (IV&V)

using checklist developed by the USDA FS. Responsible in reviewing C&A

package artifacts and providing recommendations to correct weaknesses found

in the documents following guidance from NIST SP 800-37 Rev 1 and 800-53

Rev 2. In addition, developed a process flow and diagram that illustrated

in detail where major deficiencies and critical findings were in their

process, so that they could create more streamlined policies and procedures

that help correct these weaknesses and mitigate risk to an organization-

acceptable level. Moreover, I lead an effort to re-develop a C&A package

for a highly visible major application (MA) that faced rejection twice by

the US-CERT and ultimately received its authority to operate (ATO) and

named "the best package received by the USDA FS".

Test Engineer, July 2007-March 2008

I supported the corporate infrastructure by conducting functional testing

on all corporate applications and reporting findings to developers and

stakeholders. Duties included executing test cases via Mercury Quality

Center, crafting and revitalizing test cases, writing test reports,

reviewing defects, and coordinating test schedule dates with project teams.

Security Analyst/Crystal Report Developer, FDIC, February 2005 to July 2007

In the security analyst position, I was part of a PKI/Mainframe support

team for the Federal Deposit Insurance Corporation (FDIC). In this role, I

was responsible for being an administrator for the Entrust Registry

Authority, eTrust Administrator via Active Directory (AD), and Safeword

Console. I resolved internal and external digital certificate user issues,

administered dataset access and resource rules via ACF2, TSO/ISPF, and

CICS, and created modified and deleted ACF-2 user accounts. Moreover,

developed and revised standard operating procedures (SOPs), executed daily

UNIX jobs to audit system processes, participated in POA&M meetings and

various other client meetings to provide suggestions on ways to improve

system processes and procedures, and acted as a primary point of contact

(POC) to resolve issues relating to the EXTCM (External Certificate

Manager) application. This is a tool used to issue external digital

certificates. In addition, I was a crystal reports developer and was

responsible for developing and modifying various reports, updating and

creating access tables to cross-reference service-level agreement metrics,

and performed queries to analyze and cross-check report results via Remedy.

ISTAR Defects / Enhancements Manager, November 2003 to February 2005

The defects and enhancement manager position was to support the Energy Star

website via iSTAR. Duties included creating, monitoring, and testing

defects and enhancements submitted through Rational Clear Quest, running

weekly metric reports, participated in formal peer review, CCB, and

requirements gathering meetings to determine which resolved defect and

enhancements would go into which system release.

Technical Lead/Help Desk Specialist, August 2002 to November 2003

The Helpdesk Analyst position was to support National Practitioner Data

Bank and the Healthcare Integrity and Protection Data Bank support center.

This was an initiative sponsored through the Department of Health and Human

Services. Duties included providing support to approximately 1,400 weekly

end-user questions and request via phone and email in support of the

Integrated Query and Reporting System (IQRS), supported the installation

and maintenance of the Interface Control Document Transfer Program (ITP).

Executed reprints of practitioner self-queries via UNIX, analyzed and

resolved entity account issues such as re-queuing report verifications,

updating user account passwords and user IDs, unlock user accounts, track

errors in reports, and separated rejected document control numbers (DCNs)

in the batch to allow user's access to their completed DCNs via SQL.

Resolved third-party input and output files to detect errors. Analyzed and

resolved web connectivity problems. Received and reviewed submission files

sent for testing. Resolved printer issues relating to user request. Running

weekly reports via Interaction Client and Pivotal and running monthly and

quarterly metrics for the Internal Project Review (IPR) Slides.



Contact this candidate