Information Security Manager
Resume:
INFORMATION SYSTEM SECURITY MANAGER SENSITIVE COMPARTMENTED INFORMATION FACILITY MANAGER/COMSEC
Qualifications Profile
Seasoned, goal-driven, and performance-focused professional, equipped with extensive experience in information technology management. Skilled at formulating and implementing performance standards and objectives; administering operational change control for IT systems; as well as evaluating IT investments over life cycles. Adept at improving processes and organizational efficiency, overseeing cross-functional teams, as well providing cost-effective solutions to resolve complex problems and issues. Proactive team player; able to quickly establish positive work relationships with individuals of diverse backgrounds. Currently hold Top Secret Security Clearance (SCI eligible).
Core Competencies
Information Security Operations Program Management Organizational Leadership Client Service
Budget Administration Cross-functional Collaboration Policy and Procedure Development
Professional Experience
National Archives and Records Administration (NARA), College Park, MD
Information Technology Manager – GS 15 2015–Dec2018(Retired)
Handled IT hardware, software, and supporting infrastructure for IT systems companywide
Take charge of planning, managing, and incorporating efforts of internal and external specialists, both private and federal sectors
Steer efforts in promoting the recruitment, development, and retention of high-quality workforce
Fulfill various responsibilities such as conceptualizing and executing performance standards and objectives; assessing subordinate performance; proposing actions for appropriate recognition; and establishing effective communications and positive work environment
Direct asset management activities of the facility to guarantee proper property accountability and reporting for all operations-related assets
Provide support with IT help desk as well as operational change control for company IT systems
Administer operational asset and inventory control for IT hardware, software, and infrastructure
Assume accountability in planning, coordinating, and overseeing major IT acquisition actions for IT operations and maintenance, including license renewals
Evaluate and approve IT operations procurement actions in compliance with agency and federal standards based on specifications and assessment of potential effectiveness in meeting the agency needs and compatibility
Ensure equal opportunity for all personnel, supervisory, and managerial actions of the organization; as well as consistent emphasis on equal employment opportunity (EEO), affirmative action, and avoidance of discrimination regarding race, sex, religion, national origin, color, age, and physical or mental handicap in employee selection, promotion, training, and various personnel management practices
Information Technology Manager GS-15 Director of Policy and Compliance Division,
Office of the Chief Information Security Officer 2013–2015
As Division Director I was responsible for the management and maintenance of the General Services Administration’s (GSA) security authorization (A&A), NIST Risk Management Framework (RMF), Plan of Action and Milestones (POA&M), Continuous Monitoring, Privacy, and Security Training programs. Further, the division develops and maintains GSA security policies and procedural guidelines and supports the Federal Risk and Authorization Management Program (FedRAMP) as well as security audit coordination efforts.
Created and implemented GSA security policies and procedural guidelines, while supporting the Federal Risk and Authorization Management Program (FedRAMP) and security audit coordination efforts
Assisted management in the strategic planning of information security policies and procedures. Worked with management, department heads, the compliance officer, risk management, quality assurance, human resources, the legal department, and the privacy officer to ensure compliance with the security and privacy regulations and state and federal laws protecting confidentiality and privacy.
Provided leadership to GSA committees, work groups, and others charged with oversight of the entity’s security and privacy program.
Monitored entity operations and systems for security compliance. Reported to management on the status of security compliance.
Revised the security program as necessary to comply with changes in the law, regulations, professional ethics, and accreditation requirements and as necessary.
Reviewed the security features of existing and new computing systems to ensure that they meet the security requirements of existing policies. Reviewed and proposed changes to existing policies and procedures that reflect the existing requirements of the systems to which they apply.
Provided information on GSA’s security policies and practices for employees and others with access to GSA information. Prepared and published papers/articles on good security practices for GSA’s employees and others. Ensured that training conforms to existing policies and procedures.
In coordination with key personnel, developed and implemented the following plans: disaster plan, emergency mode operation plan, backup plan, physical security plan, personnel security plan, access policies, and others. Tested and revised plans as necessary to ensure data integrity, confidentiality, and availability.
Ensured that personnel have uninterrupted access to critical information in the event of a power outage, natural or manmade disaster, or other disruption.
Performed internal audit of data access and use to detect and deter breaches.
Received reports of security breaches, take appropriate action to minimize harm, investigate breaches, and make recommendations to management for corrective action.
Maintain awareness of changes in security risks, security measures, and computer systems.
Information Technology Manager GS-15 Director, Information Resources and Privacy Management Division 2007–2013
Demonstrated effectiveness and first-rate performance in managing the following initiatives:
GSA-wide Privacy Act program:
IT capital planning and budgeting for the Chief People Office (CPO);
Information systems security management for CPO;
As the Information Systems Security Manager I ensure that the full range of OCPO’s responsibilities for providing, enhancing and monitoring the security of IT systems are carried out. I review OCPO’s security certification and accreditation (C&A) packages to ensure compliance with federal and GSA requirements prior to submission to the GSA Senior Agency Information Security Officer (SAISO). In my role I provide analysis and recommendations concerning OCPO IT system’s security documents. I Prepare and coordinate security program procedures to support the Federal Information System Management Act (FISMA) reporting. I manage and provide oversight to OCPO IT system managers and Information System Security Officers (ISSOs) on the preparation of NIST Special Publication 800-26 questionnaires and Plan of Action and Milestones (POA&M) used for FISMA reporting and management.
Held accountability in generating and submitting workforce reports for CPO and other GSA customers
Effectively handled Office of the Chief People Officer (OCPO’s) IT capital planning and investment control (CPIC) process
Took full responsibility in selecting, controlling, and analyzing IT investments over their life cycles
Observed strict adherence of OCPO’s security certification and accreditation packages to federal and GSA requirements before submitting to the GSA Senior Agency Information Security Officer (SAISO)
Conceptualized and communicated security program procedures to support the Federal Information System Management Act (FISMA) reporting
Supervised IT systems manager and information system security officers in preparing National Institute of Standards and Technology (NIST) Special Publication 800-26 questionnaires and POA&M used for FISMA reporting and management
Information Technology Manager, GS-14I2002- 2007 - Deputy Director, Center for Information Security Services (TFI), Office of Information Technology Solutions (ITS), Federal Technology Service (FTS).
Established program goals, objectives, workload measurements and workload standards to ensure that IT services are cost effective and meet client agency needs. Managed a $83M budget and 53 government employees. Performed duties of Information Systems Security Manager such as:
-Conducted full range of C&A activities, including completing site surveys for the deployment process.
-Assigned TDY throughout Continental United States (CONUS) and Outside the Continental United States (OCONUS) to survey GSA sites.
-Managed System Test & Evaluations (ST&Es), and site's security posture. Conducted C&A utilizing NIST and combinations of various government policies and standards, including but not limited to: GSA, DHS, TSA, and DOD.
-Presented briefings, seminars and lectures (to include preparation of in/out briefings while on-site conducting C&A) and ensured up to date training curriculum for all technical and security aspects of the project. Formulated security policies, plans, and directives relevant to the continued development process of NIST initiatives.
-Documented the network design for the site and identified the security posture (specifically, the facility, physical, personnel, administrative, and fire safety precautions for equipment location). Completed the following documents for each site analyzed as part of the submitted package: risk assessment, ST&E, SSA, preliminary residual risk assessment, and trip reports. These documents will become part of the accreditation package, and will be used as the basis to grant the preliminary authority to operate.
Earlier Positions Held:
Acting Associate Chief Information Officer Human Resources/Financial Systems
Information Technology Manager Deputy Director, Information Resources and Privacy Management Division
Information Technology Manager
Information Technology Manager Deputy Director, Center for Information Security Services (TFI), Office of Information Technology Solutions (ITS), Federal Technology Service (FTS)
Information Technology Manager – Secure Communications Manager, Center for Information Security Services (TFI), Office of Information Technology Solutions (ITS), Federal Technology Service (FTS)
Earlier Career
GSA, Washington DC
General Services Administration (GSA) Presidential Transition Support Team Telecommunications Team Leader
Education
Master of Science in Public Policy Management
University of Pittsburgh, Pittsburgh, PA
Bachelor of Science in Information Systems
University of Maryland University College, Adelphi, MD
Professional Development
Certification
Certified Information Systems Security Professional (CISSP)
Training
Harvard Executive Leadership Program
Project
Project Name: President’s Council for Year 2000 Conversion 1999–2000
Role: Project Manager
Overview/Objective: In 1999, the President's Council on Year 2000 Conversion, led by John Koskinen, announced the establishment of the Information Coordination Center (ICC), which served as a monitoring and assessment unit for the federal government. The intention of the ICC was to serve as an information clearinghouse for federal agencies, state and local governments, and the private sector as the Y2K date change approached. I Acted as the government’s technical representative for contract administration, including giving direction to the contractor. Managed all technical aspects of the contract to include, administrative, labor related, modifications, payments and deliverables associated with the building of the National Y2K Information Coordination Center (ICC). Components included data, voice, and video networks, a Web-based information reporting and decision support system, office automation, video and audio conferencing capabilities, television studio capabilities, and information security. This operations center brought together during the millennium rollover, both physically and virtually, all Federal agencies, states, territories, tribal governments, localities, industries, and the international community. Built and managed a Secure Compartmented Information Facility (SCIF) for the intelligence community and other sources to provide classified information, up to and including TOP SECRET/Sensitive Compartmented Information (TS/SCI) to the ICC. Overcame all obstacles to bring the SCIF on line from concept to operation in less then six months. The ICC was fully capable of providing national and international status information to decision makers at the highest levels of the US Government.
Contact this candidate