Post Job Free
Sign in

Human Resources Security Officer

Bristow, VA
June 10, 2024

Contact this candidate


Edward White II

Bristow, VA 703-***-****


• Experience in working and documenting Risk Management Framework processing with end-results of achieving Authority to Operate (ATO)

• Solid experience with NIST Risk Management Framework (RMF) process, risk assessment, continuous monitoring, and security audits


FISMA and FEDRAMP Vulnerability Assessments Compliance & Remediation Compliance & Remediation Risk Management Cloud Security Privacy and Security Policies Audit Support System Authorization POA&M Management Information Assurance Assessment & Authorization Continuous Monitoring HIPAA Vendor Risk Management PROFESSIONAL EXPERIENCE

Lambda IT Consult ǀ Washington DC 2018- Present

Information System Security Officer

• Ensure prompt and timely remediation of all critical, high, and medium vulnerabilities as required by policies.

• Proven knowledge of the Federal Risk and Authorization Management Program (FedRAMP), Federal Information Security Modernization Act (FISMA), Cloud Computing, Information Assurance, Privacy and Security processes, tool and methodologies.

• Responsible for maintaining and enforcing all Information Security policies and guidelines.

• Facilitate audit and regulatory reviews by gathering documentation for auditors.

• Oversee the monitoring, detection, and analysis of potential threats and vulnerabilities in alignment with cyber security strategy and the Federal Risk Authorization Management Program (FedRAMP).

• Review and update security authorization packages (ATO) such as System Security Plan, Privacy Impact

• Assessment, Business Impact Analysis, Contingency Plan, Incident Response Plan, and Configuration Management Plan in accordance with requirements.

• Liaise with external auditor and internal controls owners to support various internal and external assessments such as the Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standard and Technology (N.I.S.T 800-53). Coordinate with internal Stakeholder during the assessment period by collecting appropriate evidence.

• Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities.

• Conduct continuous monitoring activities to support ongoing authorization.

• Review monthly vulnerability scan reports and track and address weaknesses as needed.

• Collect supporting documentation for external audit requests.

• Perform continuous monitoring and continuous assurance activities including monitoring for changes to

• the system, performing periodic assessments of security controls, and tracking control remediation actions.

• Manage the risks to Information Systems and other assets and track the timely completion of (POAMs).

• Create and maintain operational reports for Key Performance Indicators and weekly and Monthly Metrics for upper management.

• Manage the creation and update the security documentation for the Federal Risk and Authorization Management Program (FedRAMP) low through high environments such as System Security Plan (SSP), SSP attachments, policies and procedures.

• Review remediation evidence to validate that findings have been addressed.

• Ensure all security-related documentation is current and accessible to properly authorized stakeholders.

• Conduct risk analysis from vulnerability and compliance scans.

• Facilitate development of Memorandums of Understanding (MOU’s) and Interconnection Security Agreements


• Oversee the comprehensive and executive Assessment and Authorization(A&A) package for approval of Authorization to Operate. (ATO)

• Develop and maintain System Security Plan (SSP), Privacy Plan, Business Impact Analysis(BIA), Security Control Assessment, Privacy Controls Assessment, Incident response, Plan of Action and Milestones (POAM) in response to maintaining ATO package.

• Conduct periodic review of hardware and software inventory assessments.

• Perform continuous monitoring of automated vulnerability detection scan results and track the engineering efforts to remediate and address the vulnerabilities. City of Manassas ǀ Manassas, VA 2014– 2018

Quality Compliance Manager

• Interacted and communicated with various groups and individuals such as Development Services Manager and staff, City Manager, Department Director, civil engineers, contractors, and the general public.

• Handled any issues resulting from unforeseen conditions.

• Effectively managed and built teamwork within project execution team.

• Managed subcontractors through project completion.

• Coordinated with Quality Control and Safety representatives.

• Directed project activities to ensure conformance to project budget, plans, specs, and schedule.

• Forecasted project cash flow in relation to project schedule.

• Tracked financial performance of projects.

• Prepared project reports for management.

The Pentagon ǀ Arlington, VA 2012– 2014

Quality Control Analyst

• Worked as a consultant for a prime contractor to the Department of Defense (DoD) to improve Project Quality Control.

• Developed and executed comprehensive test cases under varying scenarios.

• Documented and assessed test results, providing clear and detailed reports on the performance of the tested applications and systems.

• Identified, logged, and communicated program bugs and glitches to the development team, ensuring timely resolution and efficient debugging processes.

• Tracked and managed defects throughout the testing lifecycle, working closely with the development team to troubleshoot and resolve errors promptly.

• Reviewed existing test procedures to identify areas for improvement and suggest effective strategies for enhancing the overall testing process.

• Conducted periodic audits of customer websites to guarantee adherence to quality standards and specifications, providing actionable insights for refinement and optimization. Fairfax County Government ǀ Fairfax, VA 2010– 2012 Engineer Technician II

• Performed highly technical Surety Value Estimate and plan review for compliance with county policies and regulation for the purpose of establishing bond and conservation escrow amounts to be provided in support of land development agreements.

• Prepared and submitted fees amounts per inspection fee computation, imperious area analysis calculation and plan review using the Plan and Waiver System (PAWS), Land Development Information (LDI) Court Public Access Network (CPAN), Fairfax Inspection Database (FIDO) and various other computer programs.

• Developed Bond and Permit packages to distribute engineers and developers.

• Provided quality in depth plan review to ensure Bond and Permit packages proficiency in site development and strict adherence to engineering drawings that complied with relevant to Fairfax County and Federal Government specification, codes, and standards; to include but not limited to review of Legal Documentation. TECHNOLOGY PROFILE

Security Tools: Nessus, WebInspect, Splunk, Archer, Xacta 360, Risk Vision, CSAM. Ticketing: Remedy, ServiceNow, Jira


Norfolk State University Associates of Applied Science and Marketing Security+, CISM (in progress Information Assurance policies and regulations including OMB requirements, FISMA, and NIST 800 series, OMB A-123 circular; OMB A-130 circular; FIPS 140, 199, 200, 201; NIST SP 800-18, 37 Revision 1, 39, 53 Revisions 4 and 5, 53A Revision 1, 60 Volumes 1 and 2, 800-64 Revision 2, 137, 144

Contact this candidate