System Security Officer

EDWIN MARTEY

***********@*****.*** 301-***-**** Owings Mills, MD 21117

Summary

Experienced Information Systems Security Officer (ISSO) with extensive knowledge in Risk Management Framework, IT Security tools, technologies, and best practices especially in FISMA/NIST. Proven background in improving and maintaining security systems, system security controls, monitoring, auditing and evaluation, C&A and Risk Assessment of General Support Systems (GSS) and Major Applications. Subject Matter Expert (SME) in auditing and maintaining system security and reliability across complex IT enterprises. Experienced in supporting various Federal clients with Enterprise-wide information risk goals and objectives by designing, developing, documenting, and implementing security best practices to include IT Security compliance.

Skills

Privacy Analysis

POA&M Management

Continuous Monitoring

Policies & Procedures

Information Assurance

FISMA

OMB and NIST Guidance

Risk Management Framework

Assessment and Authorization (A&A)

Risk Assessment

SSPs

Security Requirements Traceability Matrix (SRTM)

POA&M

NMAP

Tenable Nessus

EMASS

Experience

Performance Food Group Maryland

Information System Security Officer

11/2021 - Current

Support the continuous monitoring program, using Information System Continuous Monitoring (ISCM) results to support continuing authorization requirements or ongoing authorizations.

Establish procedures and processes to ensure tracking and mitigating risks identified during the ATO process.

Constantly updating System Security Plans (SSPs) and supporting documentation to maintain system security and compliance.

Assist in the development of security and privacy control implementation statements per NIST SP 800-53 and agency security policy standards.

Conduct security reviews for changes impacting hardware, software, baselines, connections, or applications, ensuring continued compliance and security.

Review and assess POA&M outputs, recommending additional work or closure to ensure timely remediation of security issues.

Assist in developing security policies to ensure all systems adhere to privacy and security compliance requirements such as FISMA, HIPAA, and NIST standards.

SYSCO Maryland

IT Compliance Analyst

08/2019 - 11/2021

• US Foods Maryland

Information Security Assurance

02/2014 - 07/2019

Conducted IT controls risk assessments using NIST 800-53A that included reviewing organizational policies and procedures.

Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements

Developed a Security assessment report (SAR) for the Authorizing Officer to assist with the development of plan of action and milestone (POA&M)

Assisted in the development of Information Security Continuous Monitoring Strategy to maintain an ongoing awareness of information security vulnerabilities and threats.

Worked with system owners to create ATO packages, review artifacts for compliance and map artifacts to appropriate NIST 800-53 controls.

Reviewed documents, policies, and procedures, mapping them to current roles and responsibilities of personnel within the organization.

Assisted with the development of the System Security Plan (SSP) to provide an overview of the information system security.

Conducted security control assessments to evaluate the adequacy of management, operational privacy, and technical security controls implemented.

Assisted with the overall security awareness and training programs to ensure departmental compliance with security training requirements.

Tracked the remediation of POA&M, ensuring timely resolution of security weaknesses.

Ensured the safety of information systems assets, protecting systems from intentional or inadvertent access or destruction.

Education and Training

University of Maryland University College

Master of Cybersecurity Policy

01/2013

University of Maryland University College

Master of Business Administration

01/2011

University of Cape Coast, Ghana

Bachelor's Degree Social Science and Business Administration

01/2000

References will be provided upon request.

Contact this candidate