Phone: 240-***-**** Email: firstname.lastname@example.org
Sr. Information System Security Engineer – Risk Mitigation Powerful Strategist Operational Excellence Security Compliance Analysis
An accomplished and business savvy professional with robust experience acquired over the years in delivering optimal results & business value in high-growth environments and establishing key relationships with business segments globally. An innovative, persistent, and optimistic professional performing all functions required to support day-to-day data security operations. Maintain a broad suite of information security infrastructure, accountable for security and networking infrastructure component availability and integrity, monitoring compliance with IT security policy. Participate in the planning, design, installation, and maintenance of security systems to support security policies. Work with Information Technology staff and business units to assess risk and address security issues. Ensure information security issues are responded to during the initial stage of the project life cycle. Test solutions are effectively utilizing industry-standard analysis criteria involving the delivery of technical reports and formal papers on test findings. Interact with business units in relation to varying business and technical plans. Resolve issues by responding to IT threats and vulnerabilities. Conduct routine security risk analysis, evaluate business needs against collision, vulnerabilities, and search resulting risks. Ensure to procure sufficient security requirements adhering to system sensitivity. Provide guidance, recommendations, and best practices for encryption operations. Contribute to the development and execution of effective employee security awareness programs. Exceptional communication, presentation & interpersonal skills with proficiency at grasping new concepts quickly and utilizing the same in a productive manner.
~ Led in obtaining ATOs for 3 different systems within 6 months ~
~ Successfully implemented manual log monitoring process held as a gold standard in place of incapable SIEM tool for CFO systems ~
~ Worked with SQL Developer, DBA, O&M, and TFS team to implement manual monitoring of unauthorized changes in prod for all CFO systems ~
~ Played a critical role on Audit Task Order team that provided outstanding work within 18 months that KPMG confessed is the excellent quality of produced by Task Order for a client that is comparable to 5 years work ~
Skill Areas: Strategic & Operations Planning w Information System Security Audit w Assurance Analysis w Risk Mitigation w Security Compliance Analysis w Process Improvement w Strong Interpersonal Skills w Analytical Skills w Team Leadership w Communications w Critical Thinking w Systems Analysis w Problem-Solving w Time Management w Vendor Management w Attention to Detail w Client Relationship Management w Continuous Monitoring w Security Awareness and Training Program Initiation w Innovation w Management Skills
Synergy BIS (C5ISC) (April 2019 – Jan 2021)
Sr. Systems Security Engineer/IT Security Specialist – Financial Audit
Synergy implements innovative solutions that are faster to build, easier to change, and cheaper to maintain. Our goal is to understand each customer's pain points and needs to provide the highest level of service while maintaining an energetic and rewarding environment for our team members.
Review Privilege Access Management for all the C5ISC CFO system – system roles, privileges, segregation of duties
Review Privilege User Management Program (PUMP) and MFA process to determine access is granted to system users who have been vetted for access/privileges and determine the adherence to those privileges.
Review Access Control policies and procedures – account provisioning per DHS/DoD SELC, RMF-SDLC guidelines
Spearhead functions pertaining to reviewing and updating system documentation working with technical writers and AAs/DBs/IA/ALMS for approval
Analyzed and determined remediations for findings in Control Evaluation Matrix (CEMs) for assigned Product Backlog Items (PBIs) in Microsoft Team Foundational Server (TFS)
Collaborated with Scrum Masters, DBAs, Systems/Application Engineers, O&M, Cybersecurity team in finding solutions and gathering artifacts to remediate assessment findings
Attended daily scrum meetings to update the client on assigned tasks and attending weekly team meeting to evaluate performance and to determine progress towards targeted task deadlines
Made appropriate product recommendations to the client to remediate Audit findings.
Collaborating third party vendors for immediate-, mid- and long-term solutions for impending findings on a department and enterprise level
Responsible for the Financial Audit Task Order Team’s Executive Summary Weekly progress report
Uptick Systems (Dec 2017 – Mar 2019)
Senior Information Assurance Analyst
Uptick Systems Inc. is an IT consulting and staffing workforce solutions firm specializing in providing IT professionals for contract, contract-to-hire, and direct placements.
Teamed up with Sys Admins to review IdAM and PAM policies and procedures on systems and enterprise levels
Responsible for reviewing information system certification and accreditation documentations and responsible for deliverables package for various systems
Developed and executed test plans to ensure that all objectives are met
Implemented and monitored test scripts to assess functionality, reliability, performance, and quality of the service or product
Drafted, reviewed, and updated System security policies
Reviewed and updated POA&Ms, Milestones, and Artifacts
Recommended, implemented, and monitored preventative and corrective actions to ensure that quality assurance standards are achieved
Handled system documentation, reviews, and updates, which included SSP, CM, CP, RA, E-Authentication, PIA, ST&E etc
Career Elites (IQ Solutions, Inc.) (Mar 2017 – Sep 2017)
Senior Information Security Analyst (ISSO)
Career Elites works tirelessly using every channel possible to recruit and wade through the endless resumes and profiles to find that perfect match for your organization.
Pioneered the efforts across handling the entire gamut of functions pertaining to the testing process to ensure the program runs effectively and that any results can be repeatedly replicated
Led in the assessment of system security controls and continuous monitoring efforts in establishing controls effectiveness for the overall system security for various systems relative to NIH, CDC, FDC regulatory guidelines
Tracked and updated system status POA&Ms, Milestones, and Artifacts
Worked with system personnel – Infrastructure, network, help desk to provide to maintain secure systems posture include system hardening initiatives
Led in the implementation of MFA (2FA) using Microsoft Duo for system access, security, and privacy
Interacted with vendors in determining efficient and effective security system automation tools to enhance efficiency performing system audits and artifacts retention, reviews, and updates
Inscope International (Sep 2016 – Nov 2016)
Information Security Analyst / Information Security Assurance
Provides consulting services which includes enterprise strategy, technology assessment, design & prototyping, planning and professional staffing consultancy services.
Analyzed IT requirements and provide objective advice on the use of IT security requirements
Designed, analyzed, and implemented efficient IT security systems
Upgraded systems to enable software security
Led in tracking and updating system status POA&Ms, Milestones, and Artifacts in CSAM
Engaged in Front-End Documentation Reviews and write-ups - Kick-Off, SAP, SCA setup for assigned systems
Coordinated with system personnel ISSOs to provide ITSOs with accurate system reports regarding Milestones, POA&Ms, AORs and Artifacts
Engaged in Back-End Documentation Reviews and write-ups - completed SCA, VAR, SAR, Out-Brief Slide Deck etc. write-ups
FIA Info Systems (Nov 2013 – Feb 2016)
Systems Security Analyst
Provided informational technology (IT) consulting and professional staffing services for contract, contract-to-hire, and direct placement.
Researched security enhancements and make recommendations to management.
Stayed up-to-date on information technology trends and security standards
Investigated security breaches and other cybersecurity incidents.
Led in coordinating and guiding system owners and security system administrators through the C&A
Identified security controls types for the system using NIST SP 800 60 as a guide
Used NIST SP 800 53 as a guide in the selection of security controls identified for the system and FIPS 200 to define minimum security control baseline for info and information system
Led in the security controls assessment using NIST SP 800 53A as a guide to provide information necessary to determine their overall effectiveness
PRIOR EMPLOYMENT DETAILS
FIA Info Systems Sep 2010 – Sep 2013
IT Security Analyst
PROFESSIONAL DEVELOPMENT & CREDENTIALS
Bachelor of Business Administration (BBA) Corporate Finance Baruch College Zicklin School of Business CUNY
Minors: Political Theory Economics
• Secretary for Finance & Economic Students Club
• Student Body Representative for New Baruch College Campus Bookstore - Contract Award Committee
• Founding Member of Baruch College’s Students Law Club
• Writer - Non-fiction
Training: CISA, CISSP - Candidate
Certifications: CompTIA Sec+, CASP+, ISC^2 CAP, AWS CSA, SCRUM-WEB DEVELOPER
Technical Skills: OS Windows, Linux (RedHat) SIEM SolarWinds Security Nessus, AppScan, Fortify CSAM Security Awareness & Training Visio MS Team Foundational Server (TFS) Project Management Agile, Waterfall Scrum for Web Developer Antivirus McAfee, Symantec, Cylance KnowB4 Microsoft Office Suite Internet