Information Systems Security Documentation
Resume:
Jason A. Schwartz
Greenbelt, MD
************@*****.***
EDUCATION/CREDENTIALS
Howard University, B.S. Information Systems
Security + Certification
Active 6C Public Trust Clearance
WORK EXPERIENCE
SkyePoint Decisions
POA&M Analyst for the Department of Education (DoED) 02/2022 - Present
Responsible for reviewing POA&M evidence submitted by System Owners into CSAM (GRCT- Governance Risk and Compliance Tool) within the Federal Student Aid (FSA) Division to complete the mitigation/remediation process.
Monitored and track Very High POA&Ms for dozens of systems in the FSA division
Reviewed Vulnerability Scan Reports as well as evidence submitted by System Owners to remediate POA&M findings
Review evidence for False Positive findings
Generated Reports in CSAM (GRCT) to track open and Closed POA&M findings
Conducted audits for the submitted evidence to ensure the evidence provide supports the remediation of the POA&M.
Report and Present the status of POA&M findings to system owner on a weekly basis
Assisted System Owners with preparing and reviewing their SSP for systems to acquire their ATO
Jacobs
ISSO Support/FISMA Analyst for the Department of Education (DoED) 06/2020 – 02/2022
Responsible for reviewing and assessing Security Documentation for systems within the Federal Student Aid (FSA) Division as well as monitor the mitigation process for the POA&Ms associated with the systems
Assisted as a Senior Resource to assist the Government ISSOs in their day-to-day operations
Worked with ISSOs in reviewing and updating the SSP for their systems
Assisted in ensuring that all system are following the 6 steps to the Risk Management Framework prior to receiving their ATO
Assisted ISSOs in conducting Annual Assessments on the required security controls for their systems
Followed HITRUST Guidelines to ensure that updates are being implemented to counter new threats and attacks
Assist with tracking the mitigation process to complete and close Plan of Action and Milestones (POA&Ms) for both vulnerability related and policy/procedure based POA&Ms.
Review security documentation for dozens for systems in the FSA division in preparation of receiving their ATO
Conducted annual assessments for dozens of systems in the FSA division
Prepared slide decks for weekly POA&M Tracking Meetings in support of the government client
Monitored and track Very High POA&Ms for dozens of systems in the FSA division
Reviewed Vulnerability Scan Reports as well as evidence submitted by System Owners to remediate POA&M findings
Goldbelt HAWK 11/2018 - 05/2020
CyberSecurity Analyst Auditor for the Department of Commerce (DOC)
Maintain FISMA and the Financial Statement Audit Action Plan reporting, documenting the status for ATOs, as well as the POA&Ms associated with the audit findings on a monthly basis, which are reported to the CISO and Deputy CISO on a quarterly basis
Reviewed and tracked Track the status of 5 bureaus Notification of Finding and Recommendations (NFRs) through their Audit Action Plan (AAP) on a quarterly basis for 5 bureaus on a monthly and quarterly basis while conducting the Financial Statement Audit
Review the artifacts of each POA&M associated with each AAP
Generated monthly and quarterly reports and used a risk rating scoring method to track the status of each audit finding
Review security documentation to ensure the information regarding the system is accurate and up to date for the system to receive their ATO
Track and monitor the risks associated with various systems and programs throughout the Department by using Cyber Security Asset Management (CSAM)/ Governance Risk and Compliance Tool (GRCT) to review system documentation routinely, and update the risk management within the system
Attain/Agensys 08/2017 - 11/2018
Policy and CyberSecurity Analyst / CSAM Administrator for the Department of Commerce (DOC)
Responsible for providing assistance in FISMA reporting for users on the Cyber Security Asset Management (CSAM)/(GRCT) tool as well as monitored, reviewed and assessed security hundreds of systems.
Generated monthly reports tracking the ATO status for close to 300 systems as well as monitored over 4,000 POA&Ms for those systems
Conducted an IT Compliance Check for around 200 systems ensuring their security documentation is accurate and up to date
Served as a CSAM (GRCT) Administrator to hundreds of users across the 11 bureaus of Department of Commerce
Provided assistance with developing IT Security Baseline Policies by establishing minimum standards for all the bureaus within Department of Commerce
Conducted the FISMA Assessment for close to 300 systems across the 11 bureaus of the Department of Commerce by utilizing the CIO FISMA Metrics to satisfy the NIST Cyber Security Framework
AECOM/ASI Government 03/2012 - 03/2017
Information Assurance Analyst / Alternate ISSO for the General Service Administration (GSA)
Responsible for reviewing/assessing Security Documentation for over a dozen systems in the Telecomm Industry ensuring that all of the systems are following the Assessment & Authorization(A&A) process
Reviewed Vulnerability Scan Reports on a quarterly basis for over a dozen systems in search of vulnerabilities and ensuring previous vulnerabilities has been remediated
Reviewed Plan of Actions and Milestones (POA&Ms) for over a dozen systems on a quarterly basis verifying that is matches the scan reports and tracked the status of all vulnerabilities
Review the System Security Packages (SSP) for over a dozen systems ensuring that all security controls are detailed and compliant with the NIST 800-53 rev 4 guidelines including all required embedded documents
Reviewed all required security documents ensuring that all documentation is up to date for over a dozen systems to receive their ATO.
Participated in the FISMA Annual Assessment for over a dozen systems by reviewing evidence (screenshots, etc.) that support the selected security control within the test case.
Managed Personal Identifiable Information (PII) and processed incoming employee’s Contract Information Worksheet (CIW) into GCIMS for the approval of a NACI/MBI for Personnel Security
ERT (Earth Resources Technology) 07/2011 - 3/2012
IT Security Specialist for the Department Of Commerce, National Oceanic Atmosphere Administration (NOAA)
Responsible for network security migration from Microsoft Outlook to the Google Cloud
Responsible for network security compliance according to NIST 800-53
Developed the System Security Package for NOAA’s Google Apps for Government
Developed Plan of Action and Milestones (POAM) to mitigate issues generated during program migration
Structured the Configuration Management Plan (CMP) for the Google Cloud Service
Developed additional security documents such as the Risk Assessment Report (RAR), Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Business Impact Analysis (BIA), and the Contingency Plan (CP)
Provided support to users for Google Apps for Government (GAfG)
MSI (Management Solutions Incorporated) 09/2009-07/2011
Information Security Engineer for the Department Of Commerce, Census Bureau
Responsible for Managing and Tracking new systems and servers prior to reaching the network
Monitored the development of new systems and servers for the Census Bureau network
Responsible for security compliance for each system/server
Responsible for the IT logistics for all Census Bureau systems and servers
Managed the progress of POAMs and updated the status through Cyber Security Assessment and Management (CSAM)/Governance Risk and Compliance Tool(GRCT)
Create Security Packages for each system/server before it hits the network
E&E Enterprises Global Inc. 04/2009 - 09/2009
Information Assurance Analyst for the Department Of Commerce, Census Bureau
Responsible for monitoring new systems, servers and POA&Ms
Tracked all systems and servers on to the network using a phpmysql database
Review NCJ (Non-Compliance Justification) Forms for proper descriptions and explanations of systems vulnerabilities
Tracked the status of POAMs through CSAM ensuring all deadlines are being met
Continuous Monitoring through regular assessments of the systems and servers
Energy Enterprise Solutions 10/2006 - 03/2009
Technical Support Specialist for the Department Of Energy (DOE)
Responsible for providing technical support for the Trusted Agent tool
Prepared test cases for the Trusted Agent application
Monitor the Trusted Agent tool ensuring that it is fully functioning
Manage the application to ensure it accurately generates FISMA reports and C&A Tracking.
SharePoint Database Specialist for the Business Development Group
Responsible for creating, uploading, and maintaining the Single Source Intranet Site
Created a database inside of the single source intranet site for the user to locate proposals
Uploaded dissected parts of a proposal to be edited/tailored to be used again for future proposals
Maintained and tracked all Business Development Proposals used to obtain government contracts
Business Analyst for the Department Of Energy (DOE)
Responsible for the IT inventory within the OE team of the Department of Energy
Created a database using Microsoft Access that resolved and organized the IT Inventory issues within the Office of Electricity Delivery and Energy Reliability (OE) saving the customer approximately $2,000 monthly.
Maintained the data in the database ensuring that it operated on real time using Sunflower
Created Standard Operating Procedures (SOPs) for the client’s understanding of proper protocol
HIGHLIGHT OF SKILLS
- Certification & Accreditation - Trusted Agent
- Assessments & Authorizations - CSAM/GRCT
- FISMA - Risk Management Framework (RFM)
- NIST 800-53, Rev 4 - FIPS 199, FIPS 200
- Cyber Security Analysist - System Development Life Cycle (SDLC)
- POAM Tracking - SOC-2
- Verbal and written communication skills - Solid Team Work
- FISCAM - Personnel Security
Applications
Security Manager Microsoft Project
Microsoft Outlook Lotus Notes
Microsoft Office Suite (365, Word, Excel, Access, and PowerPoint) CSAM
Google Cloud Trusted Agent
References: Available upon request
Contact this candidate