Post Job Free
Sign in

Information Technology System Security

Location:
Texas
Posted:
June 25, 2024

Contact this candidate

Resume:

SUMMARY OF PROFESSIONAL EXPERIENCE

Seeking an opportunity to pursue a challenging and fulfilling career and to put my skills and in-depth knowledge in IT/IS, with a focus on Risk Management, ATO process, POA&M management, System security monitoring, and auditing; risk assessments; audit engagements, testing information technology controls and Vulnerability Assessment /Management; using FISMA and applicable NIST standards.

TECHNICAL SKILLS

IT Controls – Frameworks:

IT Audit Standards: Confidentiality, Integrity, Availability, Access Control, Audit and Accountability, Certification and Accreditation, Risk Assessment, OMB Circular A-130 Appendix III, NIST 800-53, NIST 800-53A, NIST 800-30, NIST 800-37, NIST 800-34, NIST 800-18, FIPS, FISMA, NIST RMF framework, and HIPAA SOX, PCI, SOC, ISO 27001

INDUSTRY CERTIFICATIONS

Scrum Master Accredited Certification – Completed

CompTIA Security+ – Completed.

Certified Information System Manager CISM – In progress

EDUCATION

Western Governor University _Master of Science in Information Management- InProgress

University of Science and Technology_ Bachelor of Science in Information Technology- Completed

SUMMARY OF PROFESSIONAL QUALIFICATIONS

Skilled Information Security Analyst with ample experience in Privacy and Data Security Management & Operations, Certification and Accreditation (C&A), Project Management, NIST 800-53 rev4 and NIST SP 800-37 rev 1, 800-18, 800-53, 800-34, FIPS, FISMA, Security Content Automation Protocol, NIST Family of Security Controls, POA&M, IRP, CP, CPT, NESSUS by Tenable, Microsoft, MS-Solve by Microsoft. Knowledge of NESSUS, CSAM, SPLUNK, SCAP, Wireshark, NIST 800-53rev4, system audits using a SIEM, vulnerability scanning, system audits, POA&Ms, and system security package development. MS Access, PowerPoint, Microsoft Excel (H and V lookup, Pivot tables and Charts, creating and auditing formulas).

PROFESSIONAL WORKING EXPERIENCE

U.S DEPARTMENT OF AGRICULTURE

ZOLON TECH CONSULTING LLC

ISSO AND SCA

Jan-2022_ present

Initiate meetings with various System Owners and Information System Security Officers (ISSO), providing guidance and evidence needed for security controls, and documenting findings of the assessment.

As a team, we determine Security Categorizations using FIPS 199 as a guide, review, update, and develop Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), and initiate System Security Plans (SSP).

Update System Security Plans (SSP) Using NIST 800-18 as a guide; assess Incident Response Plans; create Change Control procedures and drafts, and review updates on Plan of Action and Milestones (POA&Ms).

POA&M Remediation Evaluate policies and procedures, security scan results, and system settings to address controls that were deemed insufficient during Certification and Accreditation (C&A).

Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Perform assessments, and assist with POA&M creation and remediation, using NIST SP 800-53 Rev.1 and NIST SP 800-53 rev.4.

Develop solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP).

Review updates on System Security Plan (SSP) using NIST SP 800-18 guidelines.

Specialize in the entire FISMA Risk Management Framework (RMF), and system control assessment processes using NIST SP 800-60, NIST SP 800-53A, preparing and reporting on SSP, SAP, PTA, PIA, E-Authentication ST&E, and POA&M.

Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A, perform on-site security testing and review vulnerability scan results.

Effectively communicate with multiple clients to perform POA&M remediation, also handle internal communications within the Office of Information Security and external communications with several different divisions daily. Maintain excellent working relationships with both internal and external clients using good communication skills.

Provide security control assessors (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting, and analysis – analyzing current threats to information security and systems.

Collaborate with external vendors, consultants, and other third parties to improve information security within the organization.

Identify attacks on the Health System network and other systems and escalate security issues to facilitate prompt remediation.

Identify, track, and monitor information security threats to support service continuity and security management.

Contribute to the implementation of and testing of disaster recovery plan.

Participate in performing risk assessments for new business relationships/partnerships, software, and protected data/assets.

DEPARTMENT OF ENERGY

SKY TECH CONSULLTING LLC

ISSO AND SCA

Jan -2018 – Dec 2021

Performed risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.

Provided input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, the concept of operations, operational procedures, and maintenance training materials).

Ensured that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.

Supported necessary compliance activities (e.g., ensuring that system security configuration guidelines are followed, and compliance monitoring occurs).

Assisted with the Risk Management Framework (RMF) process using NIST SP 800-37 as a guide for assessments and Continuous Monitoring.

Validated system security requirement definition and analysis, and reviewed System Security Plans for enterprise-wide architectures.

Performed Security Risk Assessment and risk analysis of resources, controls, vulnerabilities, the impact of losing systems’ capabilities, and threats to the mission objective.

Performed analysis to facilitate decisions to implement security countermeasures or mitigate risks; assist with the implementation of countermeasures.

Periodically reviewed the program, recognized possible threats, and reviewed evaluations for compliance and non-compliance.

Guided on vulnerability and malware remediation.

Drafted/created/reviewed RMF documents such as Configuration Management Plan, Incident Response Plan, Contingency Plan, Security Plans, and POA&Ms.

Reported generating tool for the link up time, downtown and bandwidth utilization, latency Pro-active health check-up of the network and acting plan accordingly.

Communicated with the client and assisted in network design related to link termination.

Maintained the tracker for all the above activities till execution.

Coordinated and performed information security risk assessments and audits to ensure that information is secured per all applicable controls.

Familiar with PCI DSS industry requirements

Ensured implementation of best practices configuration and administration of information security controls and tools, e.g., access controls, endpoint protection, anti-virus/malware, data loss prevention, e-mail security, encryption, patching, vulnerability, web application gateways, perimeter firewalls, and security log management and monitoring tools, used in governance, risk management, and compliance of protected data.

Mitigated security event alerts and vulnerabilities through security incident event management (SIEM) tools or other external sources.

Developed and maintained technical documentation used for information security operations procedures, which outline decision support (e.g., security control administration, best practices, events of interest \ and incident handling, and escalation).

Participated in information security awareness and training initiatives to educate the workforce about information risks.

U.S DEPARTMENT OF AGRICULTURE

ZOLON TECH CONSULTING LLC

ISSO AND SCA

Feb-2015_Dec-2017

Conducted enterprise-wide, ongoing risk analysis in conjunction with compliance and security.

Applied GRC expertise across key lines of the organization's businesses & maintained oversight in GRC-related platforms.

Identified strengths and weaknesses in the security programs & controls as they relate to privacy, security, business resiliency, and compliance frameworks.

Documented, formulated, and enforced areas of security improvements that balance risk with business operations and do not diminish efficiencies or innovations.

Maintained strong oversight of third parties, vendors, and business partners to safeguard against undue risks presented by external entities as well as escalated to security management and business unit leads when points of weaknesses were discovered.

Generally, helped to keep the enterprise on track per all applicable units’ (internal audit, compliance, risk, legal, finance, IT, HR, etc.) security activities and controls.

Reference Available upon request.



Contact this candidate