George Bonney

Email: ad3lso@r.postjobfree.com

Tel: 301-***-****

Potomac MD

Summary

An Information Security Analyst with vast experience in Managing and Protecting Enterprise Information Systems, Network Systems and Operational processes through Information Assurance Controls, Compliance Verifications, Risk Assessment, Vulnerability Assessment in accordance with NIST, FISMA, OMB and industry best Security practices.

Tools used:

RSA Archer platform, Xacta, Nessus, Windows, AppScan. Azure AD, Alien Vault, Microsoft O365, One Drive

Education:

Radford University, Radford VA, MS in Science Education (Physics), 1992

Virginia Commonwealth University, Richmond VA, BS in Physics & Mathematics, 1990

Certifications:

Security+ 2021

CAP (in view) 2022

Clearance:

Public Trust Clearance 2020

Experience:

Information Security Analyst Foreground Security Sept 2017- Present

Develop, review and update Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with NIST, FISMA, OMB, NIST SP 800-18 and industry best security practices.

Develop and update System Security Plan (SSP), Privacy Impact Analysis (PIA), System Security Test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)

Designate systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60 Develop policy and procedural controls relating to Management, Operational and Technical Controls for the Organization.

Conduct Security Control Assessment on General Support Systems (GSS), Major Applications and Systems to ensure that such Information Systems are operating within strong security posture.

Update IT security policies, procedures, standards, and guidelines according to department and federal requirements.

Review and update some of the system categorization using FIPS 199.

Carry continuous monitoring after authorization (ATO) to ensure continuous compliance with the security requirements.

Communicate and report on risk metrics to IT management and governance group.

Perform security Assessment and Authorization on information systems as part of active third-party assessment organization in accordance with National Institute of Standard and Technology (NIST).

Put together Authorization Packages (SSP, POA&M and SAR) for Information systems to the Authorization Officer.

Develop Security Assessment Plan (SAP) to initiate Security Assessment for low, moderate and high control information systems.

System Analyst Verizon Wireless Jan 2013- Sept 2017

Conducted kick-off meetings to collect systems information and categorize systems based on NIST SP 800-60

Developed security control baseline and tested plan used to assess and implement security controls

Created and updated the following Security Assessment and Authorization (SA&A) artifacts; FIPS

199, Risk Assessments Report (RAR) Privacy Threshold Analysis (PTA), Privacy Impact Analysis

(PIA), Contingency Plan, Security Test and Evaluations (ST&Es), E-Authentication, Plan of Action and Milestones (POAMs).

Met with the system team to collect evidence, develop test plans and procedures and document test results.

Designed and Conducted walkthroughs, formulated test plans, tested results and developed remediation plans for each area of the testing.

Conducted FISMA complaint security control assessments to ascertain the adequacy of management, operational, technical privacy controls.

Examined events logs for irregularities. Identified irregularities are then reported as incidents. The incident response is then initiated to mitigate these irregularities.

Involved in security incident management in order to mitigate or resolve events that have the potential to impact the confidentiality, availability, or integrity of information technology resources.

Created and maintained security metrics in order to help senior management to make decisions.

Provided support to internal and external audit teams in gathering evidence to validate controls

Interviewed ISSOs, System Owners System Engineers and reviewed existing system documentations in order to make an objective assessment if the system complied with established standards.

Helpdesk Support 9 –Solutions Inc. July 2011 – Jan 2013

Performed Software/Hardware installation, Maintenance, repair, Update and testing.

Installed and configured Microsoft Office Suites on multiple machines.

Configured and implemented network interfaces for a Windows Network.

Troubleshot and resolved TCP/IP connectivity problems.

Created new procedures to improve company’s productivity in the management of information systems

Utilized tools to track, record, and transfer request orders and incident tickets

Performed network administration functions, set up network user accounts/permissions, reset passwords, and administer group policies.

Installed, configure, re-image and maintain desktop systems, copy and scan documents.

Contact this candidate