Puvirajan Jeyarajasingham

**** ****** *** ******, ********, MD 21770

Phone: 240-***-****

Email: adg29q@r.postjobfree.com

Summary:

Mr. Jeyarajasingham is an Information Technology (IT) Professional with seven years of proven ability to successfully lead technology intensive IT projects (for various International Corporations).

Experienced in Risk Management Framework (RMF) based on NIST 800 - 37 and (Acceptable Risk Safeguards) ARS 3.1 guidelines.

Working knowledge of System Assessment & Authorization A&A (Formerly Certification and accreditation C&A) based on NIST SP-800-37.

Experienced in auditing/assessing the systems by using FISMA NIST 800-53A and Acceptable Risk Safeguards 3.1 (ARS) IT security controls.

Skills in developing and maintaining strategic plans; ability performing information System security risk assessments (such as Adaptive Capabilities Testing (ACT) and Security Control Assessment (SCA)) based on NIST SP 800-30, NIST -SP 800-53A rev 4, security control analysis, and risk Assessment and mitigation to minimize security impact on system.

Development and implementation of Security Policies and Procedures, IT Systems Security related documents such as SSP, ISCP, ISRA, SIA, Privacy Threshold Analysis (PTA), Privacy Impact Assessments (PIA), Security Impact Analysis (SIA), Continuity of Operations Planning (COOP), Disaster Recovery (DR), Contingency Planning (CP), Business Impact Analysis, Contingency Plan Testing, and Plan of action and Plan of Action and Milestone (POA&M).

Review and Monitor vulnerability scan reports by monthly.

Develop Test cases for each web-based system; excellent skill in problem solving.

Review Penetration test results and monitor the remediation plan.

Developed and implemented system related documentation such as Policies, Procedures, and Records for Quality Management System (ISO 9001:2015), Information Security Management System (ISO 27001:2013) and Annex A controls, and Information Service Management System (ISO 20000:2011).

Competent and versatile professional with extensive national and international experience in the Non-Government Organization (NGO) sector.

As a mathematics and physics graduate, he is a competent analyst, and has worked on various data, statistical models, and financial management.

Excellent people management, project management, communication, and organizational skills.

Worked effectively across multi-disciplinary teams and has successfully handled a range of high profile and high budget projects and programs, including multi-million international emergency and rehabilitation programs in third world countries.

Education:

Bachelor of Science in Mathematics and Physics

Certifications:

CAP (Certified Authorization Professional) (in Progress)

CompTIA A+ / Network+ / Security+ Certification (2017 and expired in 2023)

Microsoft certified in Professional (MCP) – 2001

IT Training:

Cyber Security FISMA and ARS 3.1 Assessor Training at Arch systems. (2019)

National Institute of Standards and Technology (NIST)’s Special Publications Such as 800-37, 53, 53A, and Risk Management Framework (RMF) Training / Orientation at PM America’s ICDI IT Training Center (2017)

Program Accountability Training (2012)

Commodity Management Training (2010)

Project Cycle Management and Proposal Writing Training (2008)

Skills & Expertise:

Performing FISMA, NIST guidelines, and ARS 3.1 Compliance Tasks (Including Plan, Assessing the Security Controls, review the artifacts, test the controls, and document the findings, etc.)

Vulnerability scans : Nessus and WebInspect

POA&M tool: CFACTS

Networking: LANs, WANs, VPNs, Routers, Firewalls, TCP/IP

Software: Microsoft Office: (Word, Excel, Outlook, Access, PowerPoint)

System Security Assessment and Authorization (SA&A) / Certification and Accreditation (C&A)

Information Assurance (IA)

Knowledge, experience, and skill in conducting IT Security Audit of Major Applications (MAs) and General Support Systems (GSSs)

Developing IT Security Documentation such as System Security Plan (SSP), Information Security Risk Assessment (ISRA), CP, and Security Assessment Report (SAR)

Conducting Adaptive Controls Testing (ACT) and Security Control Assessment (SCA), Risk Assessment Reports (NIST SP 800-63- 3 serious), and Security Control Assessment (SCA) / Security Test and Evaluation (ST&E)

Professional Experience:

IT System Security Analyst / ISSO Contract Support (CMS Project): July 2019 – September 2020.

Perform IT security evaluations, audits and reviews, technical risk assessments, and analysis to ensure compliance with IT security policies and standards.

Configure monitoring alerts and reports. Advise and recommend on additional monitoring configurations

Analyze data to identify anomalies and risk mitigation actions.

Work closely with other IT team members and end users to provide solutions based on business requirements during all phases of the Risk Management Framework (RMF ) using NIST guidelines such as FIPS 199, FIPS 200 / NIST SP 800-53 and ARS 3.1, SP-800-37, etc.) development and life cycle management process.

Responsible to advise and determine the gaps between the current and the target architecture and develop plan for transitioning to target architecture with a given timeline.

Monitor and conduct Security Control Assessment to ensure all controls meet security requirements as stipulated in the SSP and NIST SP 800-53 Rev4.

Perform vulnerability life cycle management analysis to ensure system, application, and database patches are applied to reduce security risks.

Review and monitor vulnerability scan reports (Nessus and WebInspect) and track them monthly by categorize (Critical, High, Medium, and Low).

Develop Security Impact Analysis (SIA) for each system changes.

Coordinate, develop and conduct governance and portfolio management activities associated with ensuring compliance as well as maintain IT Systems Security related documents such as SSP, ISCP, ISRA, SIA, Contingency Plans, Incident Response Plans and Disaster Recovery Plans, and etc.

Perform vulnerability testing, risk analyses and security assessments.

Effectively communicate Technical Information to non-technical personals.

Maintain inventory of all information Security System as part of IT investment portfolio management.

Conduct internal and external security audits.

Review, monitor and track Penetration testing and results.

Executed test cases and created test summary reports.

Cyber Security Lead Assessor - (CLIENT - Center for Medicare and Medicaid Services (CMS) Department of Health and Human Services), December 2018 – to June 2019

Conducted preliminary meeting with Center for Medicare and Medicaid Services (CMS) stakeholders and gathered all required IT system information prior to assessment.

Prepared Security Assessment Plan in preparation for the kick-off presentation with the stakeholders prior to assessment.

Reviewed required artifacts such as System Security Plan (SSP), Information Security Risk Management (ISRA), Contingency Plan (CP), and others (SIA, SDD, VDD, CMP, Continuous MP, Baseline, ACP, Audit SOP, Vulnerability Scan SOP, etc.) to make sure each IT system is following the FISMA NIST SP 800-53 rev4, NIST SP 800 - 63-3 and ARS 3.1 standards.

Download the System Security Plan (SSP) from CMS FISMA Controls Tracking System (CFACTS) for various systems.

Assessed each system based on Test plan Schedule and conducted daily out brief and final out brief.

Performed Document evaluation for SSP, CP, and ISRA.

Developed the SAR, CMS Assessment and Audit Tracking (CAAT) file, finding sheet for each IT system and provided the recommendation for mitigate the risks such as Inherent Risks, Residual Risks, and Inherited Risks.

Performed assessment of security controls for over 25 systems at CMS.

Project Manager USA, Inc. DBA PM America, IT Documentation and Security Specialist, October 2016 – December 2018

Provided technical leadership for the protection of Project Manager (PM) America’s information assets and ensured the confidentiality, integrity, and availability of user and business information in compliance with federal laws, policies and standards, and NIST Guidelines.

Developed and implemented system related documentation such as Policies, Procedures, and Records for Quality Management System (ISO 9001:2015), Information Security Management System (ISO 27001:2013) and Annex A controls, and Information Service Management System (ISO 20000:2011).

Assessed and tested the security controls using NIST (NIST SP 800-53, SP-800-53r3, 800-37) and RMF guidelines within the PM America systems

Ensured all required documents are in place.

Performed and managed information security risk assessments of PM America’s IT systems.

Developed, reviewed, and validated SA&A package documents for PM America’s IT Systems (Major Applications and General Support Systems), including: SSP, RA, CP, SAR, and POA&M.

Instructor_ CompTIA A+ Certification Course (Adventist Community Services of Greater Washington (ACSGW)), February 2018 – June 2018 (Part time)

Led the A+ class and trained the students based on CompTIA A+ Exam Objectives and syllabus.

Prepared students for the exam

Lycatel LLC, Falls Church, VA, Office Administrator, February 2015 – August 2015

Provided administrative and executive support.

Managed the Executive Team Calendar and Records.

Administered the database supporting the Executive Team.

Gathered information and prepared reports, spreadsheets, and presentations.

World Vision International, Mali, Africa, Project Coordinator/Manager, April 2013 – March 2014

Spearheaded investigation, development, and negotiation of more than $9M in major Food Aid Programs.

Led technical design and budgeting to successfully secure $9M bid to fund the project for the community.

Developed and implemented a comprehensive food aid operation plan and established a commodity management system for all project sites.

Worked with the Design, Monitoring and Learning (DME) team and on log frames for each project.

Managed food distribution teams to ensure distribution was in accordance with intentions of the donor and needs of beneficiaries; and investigated and reported anomalies and abuses.

Represented World Vision to local and regional government officials and partner representatives.

Designed and implemented an effective training and development program for staff.

World Vision International, Sri Lanka, Mongolia, Myanmar, and Tanzania, Project Coordinator – Commodity Accountability and Reporting (CAR) and Program Accountability, February 2004 – April 2013

Provided technical support and guidance to commodity (food/Non-Food Item (NFI)) team in the field and at national level. This included full project management including accounting, analyzing and reporting of commodities associated with all types of emergency food program, both local and World food Program (WFP).

Completed assessment of new areas to determine food/NFI needs to design and deliver the project.

Built capability of new staff by conducting training on World Vision Commodity Management Standards; provided oversight to ensure success of project and timely submission of reports.

Attended Implementation Partner meetings at the Food Aid Donor Office providing expert advice on proposed changes or difficulties with respect to their donations.

iOM International (Pvt.) Ltd, Colombo, Sri Lanka, System Engineer, October 1998 – January 2004

Responsible for system maintenance of the on-line real-time system covering front office sales, price payment, distribution, logistic and inventory management; and ensuring this integrated to other systems running on Windows NT & SQL Server.

Analyzed the use of resources and initiated program improvements.

Performed maintenance and upgrades of hardware including remote access and network equipment.

Administered the corporate LAN and countrywide WAN, a network utilizing IPX/SPX and ODI and TCP/IP consisting of eight remote sites.

Contact this candidate