Jaunese Harris, MSIST, CDPSE

E-mail: ad4nbw@r.postjobfree.com

Mobile: 703-***-****

Security Clearance: Top Secret Clearance

Position: List Position Here

Agency: List Agency Here

Announcement Number: List here

PROFESSIONAL PROFILE

Dedicated, career professional Information Technology (IT) and Information Systems Security Officer (ISSO) overseeing enterprise information systems security, including risk assessment, policy development, incident response, compliance, and testing. Certified Information Systems Security Officer experienced in enterprise planning, project management, training, and staff supervisory experience.

PROFESSIONAL EXPERIENCE

DIBCAC ASSESSOR March 2023-Present

U.S. Department of Defense/Defense Contract Management Agency Arlington, VA

Supervisor: Vincent Pilla 215-***-**** (May be contacted) 40 Hours/week

Support the Defense Industrial Base Cybersecurity Assessment Center in assessing cybersecurity risks and mitigating those risks among defense contractors. Provide comprehensive risk-assessment based decision-making information and ensure compliance with established security protocols and requirements for federal contractors.

COMPLIANCE: Ensure Contractor compliance with industry-standard cybersecurity regulations including Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.404.012, Safeguarding Covered Defense Information and Cyber Incident Reporting, and the National Institute of Standards and Technology (NIST) Special Publication (SP).

READINESS ASSESSMENT: Complete holistic reviews of cybersecurity policies and procedures to ensure they address potential issues for Contractors, include appropriate defenses against potential threats and provide appropriate guidance to internal staff to identify potential risks.

PROGRAM OVERSIGHT & MANAGEMENT: Oversee and review a variety of projects within organizations to ensure the plan and prioritize complex cybersecurity services within and between various stakeholder organizations.

NETWORK HARDENING: Conduct routine testing to identify and strengthen cybersecurity systems to prevent security gaps, including firewall configuration testing, auditing, securing remote access points and users, blocking unused or unneeded open network ports, and disabling unnecessary protocols and services. Implement access lists and encrypt network traffic.

POLICIES & PROCEDURES DEVELOPMENT: Establish processes and procedures for securing information in compliance with established regulations and protocols.

TRAINING: Draft and provide training to Contractors on cybersecurity compliance policies. Routinely review and revise training as guidance and regulations change. Conduct training assessments to identify knowledge gaps and provide instruction to remediate those gaps.

ACCOMPLISHMENTS:

Successfully completed 2 CMMC assessments consistently conducting fair and accurate assessments

Achieved CMMC and DAIWIA certifications and qualifications as an assessor

Improved the assessment process by developing more efficient and effective assessment methods, tools, and procedures and reducing on site assessment days from four to three days.

INFORMATION SYSTEMS SECURITY OFFICER/ZERMOUNT INC. June 2020-January 2022

U.S. Department of Defense Arlington, VA

Supervisor: Terry Butler 703-***-**** (May be contacted) 40 Hours/week

Provided Security Assessment and Authorization (SA& A) support to DoD and its IT systems, including general information technology support. Developed and provided risk assessment and vulnerability assessments Security Control Assessments (SCA), SA&A documentations and various reports.

IT SYSTEMS SECURITY: Conducted information systems security assessments, identifying vulnerabilities, threats and potential risks and developing processes and systems to mitigate those risks. Continuously monitor systems for functionality and security risk assessment. Performed duties that require expertise in firewall, cyber, implementation/configuration.

POLICY ANALYSIS & COMMUNICATION: Assessed policies and procedures to ensure full range of security systems are implemented and maintained to secure information and that staff are well informed of changes in policies and procedures regarding information security. Participated in DHS Working Groups, providing comments on draft policies and guidance.

COMPLIANCE: Ensured technical implementations adhere to Federal, department of Homeland Security (DHS), and organization’s policies and procedures. Identify artifacts required to satisfy NIST 800-53 and DHS 4300A Security Controls.

TECHNICAL GUIDANCE: Provide technical guidance to ISSOs during all internal reviews and analysis of existing security assessments.

ACCOMPLISHMENT:

Bolstered organization’s information security program and risk tolerance.

CIRRUS INFORMATION SYSTEMS SECURITY OFFICER/JLH PARTNERS LLC May 2019-Jan 2020

Department of Homeland Security Washington, DC

Supervisor: Name, Phone Number (May be contacted or may not be contacted) 40 Hours/week

Maintained and enhanced client information systems and data security. Ensured the confidentiality, integrity, and availability of information. Assessed and recommended solutions to optimize performance and review and provided feedback on strategic enterprise IT planning.

SYSTEM MONITORING: Monitored Microsoft Azure Cloud Computing Platform and services for DHS HQ network. Managed, supported, and oversaw virtual server environments and business continuity processes

DATA SECURITY: Monitored network and systems activities for security threats, vulnerabilities, and abnormal occurrences. Conducted security audits and vulnerability assessments. Managed, maintained, and monitored data security for all server installations. Reviewed and approved PAR/RAR requests for users. Identified artifacts required to satisfy NIST 800-53 and DHS 4300A Security Controls.

POLICY DEVELOPMENT: Provided input on system redundancy policies, disaster recovery procedures and policies.

SYSTEMS IMPLEMENTATION: Assisted with the management, support, and oversight of the virtual server environments and business continuity processes during the lifespan of the Cirrus project.

ACCOMPLISHMENT:

As senior ISSO, I was solely responsible for the certification and accreditation of the Azure Cloud authority to operate package for DHS HQ. The authority to operate on this system allowed the CIO shop to be compliant with the FEDRAMP requirements.

RISK MANAGEMENT SECURITY SERVICES ISSO SUPPORT Nov. 2015-May 2019

EGLOBALTECH INC./ United States Citizenship and Immigration Services Washington DC

Supervisor: Human Resources 703-***-**** 40 Hrs./week

Skilled member of the ongoing authorization team, charged with managing information security risks on a continuous basis using Security Center 5 to measure, analyze, and visualize security risk posture to the agency enterprise wide.

PROJECT MANAGEMENT: Developed a Security Authorization Package tracker separating USCIS inventoried systems. Identified where they are in the Security Authorization Process and documented detailed information regarding their progress.

INFORMATION SYSTEMS SECURITY ANALYSIS: Reviewed ISSO support system reports and determined the number of POA & MS in progress, waiver, exceptions, overdue, and coming due in 30, 60, or 90 days.

RISK ASSESSMENT: Maintained the Weekly Events and Activity Report (WEAR) Status Report to ensure consistency across the organization. Compiled and reviewed system reports to generate the weekly report to show the number of waivers and accepted risks that were in progress for major applications and general support systems.

RISK MITIGATION: Identified artifacts required to satisfy NIST 800-53 and DHS 4300A Security Controls.

INFORMATION SYSTEMS SECURITY OFFICER Nov. 2015-Nov. 2015

EGLOBALTECH INC/Federal Emergency Management Agency Washington, DC

40 Hrs./week

Managed the information security function, maintaining the confidentiality, integrity, and availability of the National flood Insurance Program (NFIP), its Virtual Information Technology System (NVITS), iService Enterprise Environment (iSEE) and Sandy Litigation systems.

INFORMATION SECURITY MANAGEMENT: Maintained an enterprise security stance through policy development, architecture construction, and training processes. Selected appropriate security solutions, implemented appropriate security solutions.

RISK ASSESSMENT: Conducted systems vulnerability audits and assessments to identify security threats and implement solutions to resolve those issues.

ONGOING EDUCATION: Maintained up-to-date knowledge of the IT security industry, including awareness of new or revised FEMA security solutions and improved security processes.

PROJECT MANAGEMENT AND IMPLEMENTATION: Reviewed enterprise security measures, selected, and acquired security solutions or enhancements to existing security landscape to improve overall NFIP/NVITS security. Supervised the initiation of vulnerability assessments, penetration tests, and security audits.

CYBER SECURITY ANALYST Nov. 2015-Nov. 2015

General Dynamics Information Technology (GDIT)/Defense Intelligence Washington, DC

Supervisor: General Dynamics IT HR 703-***-**** 40 Hrs./week

Provided advance cybersecurity analytics (ACA) services, which aggregated and analyzed products, data, and information to identify trends, patterns, and anomalies.

TRAINING: Updated management on IT security documentation and prepared Certification & Accreditation (C & A) packages.

REVIEW AND ASSESSMENT: Appraised staff of information security practices and procedures, specifically DCID 6/3 AND IDC 503 for federal mandates for security, certification, and accreditation of government information systems.

RISK ASSESSMENT: Analyzed retina scans to determine plan of action and milestones (POAMs). Conducted Security Test & Evaluation (ST & E) (spell out) and Certification Test & Evaluation (CT & E) testing to accurately report vulnerabilities.

COMMUNICATION: Prepared Security Assessment Reports (SARs) to recommend to the Decentralized Autonomous Organization (DAO) the term of the accreditation requested.

INFORMATION SYSTEMS SECURITY REP TEAM LEAD Apr. 2009-Apr. 2012

GDIT/National Geospatial Intelligence Agency (NGA) Washington, DC

Supervisor: GDIT HR 703-***-**** 40 Hrs./week

Served as Team Lead for the certification and accreditation team on a $1.77B project for the New Campus East Active IT Camps project for the NGA.

STAFF SUPERVISION: Managed a team of 4 staff members responsible for 200 packages within the agency. Developed project times, assigned tasks, monitored progress, coached, and counseled team members, and documented performance of individual members.

PROJECT MANAGEMENT: Oversaw development of Plans of Action and Milestones (POAMs), coordinating testing schedules with program engineers. Managed in-kind projects, intrusion detection projects, and enterprise-controlled interface projects. Prepared Concept of Operations and registration packages. Served as C & A Package Project Manager, responsible for tasking of test engineers and preparing Executive reporting documentation for management on a weekly basis.

RISK ASSESSMENT: Participated on Security Working Group to assess risks and mitigation strategies for IT systems enterprise wide. Managed population of the Systems Security Authorization Agreements (SSAAs).

ACCOMPLISHMENT: Successfully completed a $1.77B upgrade project for the NGA on time and within budget parameters.

EDUCATION

Master of Science, Information Systems Technology

George Washington University Washington, DC

Bachelor of Science, Information Systems and Decision Sciences

Virginia State University Petersburg, VA

LICENSES, CERTIFICATIONS & TRAININGS

Certified Information Systems Security Offices (CISSO) – Certificate Number 53530000

ITIL v3 Intermediate – Certificate Number GR750009861JHm

Certified Data Privacy Solutions Engineer (CDPSE) – 2006245

Risk Management Systems

Trusted Agent FISMA (TAF) Automated Tool

Contact this candidate