JIRE DADA

Address: **** ****** **** **** ******* Park, Maryland 20740. Phone: 240-***-****

Email: adtliz@r.postjobfree.com

PROFILE SUMMARY

An Information Security Professional with vast knowledge of Risk Management Framework, FISMA, OMB, SDLC, and Vulnerability Management. Proficient in developing security authorization packages-SAR, SSP, POA&M. Highly knowledgeable using National Institutes of Standards and Technology (NIST) Special Publications 800-53A, 800-53 rev 3,4, 800-60, 800-37, 800-30, FIPS 199, FIPS 200

Education & Certifications

B.Sc. Geography/Education

Certified Insurance Services Representative

Certified Security+

CORE SKILLS

• Demonstrated experience as a Security Analyst, Information Assurance Analyst, and Assessor.

• Involved in the categorization of Information systems for federal agencies

• Knowledgeable in all aspects of Security Authorization and Continuous Monitoring process using National Institute of Standard Publications 800-30, 800-37 Rev 1, 800-60, 800-53A, 800-53 Rev- 3 & 4, FIPS 199 FIPS 200, OMB A-130 App. III.

• Coordinate in-depth interviews and examine documentation and artifacts in accordance with NIST SP 800-53A and 800-53 rev 4

• Strong Leading ability with proven aptitude to thrive in a team environment but also capable of operating independently.

• Proficient in the use of Vulnerability Scanning tools such as Xacta, Tenable Nessus, Retina Web Security Scanner, Retina Network Security Scanner, and DB Protect, and analyzes security reports for security vulnerabilities.

• Extensive experience developing, analyzing, and updating information security policies and procedures.

• Broad knowledge of Microsoft Windows (Windows 10 and UNIX platforms).

• Microsoft Office expert (MS Word, MS Excel, Outlook, and PowerPoint) with excellent communication and writing skills.

• Excellent team player with Project Management skills.

• Possess time management skills and the ability to work within the stipulated time frame.

PROFESSIONAL EXPERIENCES

2

TIGHTECH CONSULTING Lanham, MD

Security & Information Assurance Officer Dec. 2019 to Present

Develop, analyze, and update information security policies, procedures, standards, and guidelines using National Institute of Standards and Technology guidelines.

Responsible for developing and maintaining the Enterprise System Security Plans (SSPs), Configuration management (CM), Contingency Plan (CP), Continuity of Operations

(COOP), Disaster Recovery Plans (DR), and Incident Response Plan (IRP) and all other system security documentation.

Work in a team to support the architecture, implementation, and ongoing maintenance of the information system and ensure confidentiality, integrity, and availability of information according to NIST 800-53 and FIP 200.

Work with different stakeholders, including system owners, implementation engineers, 3rd-party auditors, and the organizational security team to develop deliverables, recommend security solutions, and maintain the existing Authority to Operate (ATO) for systems and implement new ATOs for other emerging systems and platforms.

Perform risk assessments to help create optimal prevention and management plans.

On task with Information Assurance Managers and other information security officers to make sure all authorization documentation and other deliverables are properly developed, submitted on time, and maintained.

Advise business unit managers, IT development team, and computer users about risks and security controls implementations and safeguards.

Lead a team of six analysts to perform risk assessments, develop and review System Security Plans (SSP), Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and other tasks and specific security documentation in accordance with NIST SP 800-37 rev 4, 800-18, 800-53 rev 4 and 800-34.

Conduct security assessment interviews to determine the security posture of the System and to develop a Security Assessment Report (SAR) after completing the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A.

Perform information security risk assessments and assist with the internal auditing of information security processes. Assessing threats, risks, and vulnerabilities from emerging security issues and also identifying mitigation requirements.

Work with stakeholders and system application teams to conduct testing, interviews, and collection of artifacts relevant to the assessment of security controls.

Review vulnerability and baseline scan report on the client network in accordance with the organization’s Continuous Monitoring Plan and NIST 800-53 and 800-137. International Business Sales and Services Corp (IBSS Corp) Silver Spring, MD Certification & Accreditation Specialist Jun. 2019 to Nov. 2019

Performed system security reviews, certification, and accreditation (C&A).

Facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities.

Examined, interviewed, and tested procedures in accordance with NIST SP 800-53A Revision 4.

Developed Security Assessment Report (SAR) based on assessment results. 3

Performed information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements.

Reviewed Authority to operate (ATO) packages for legacy systems and new systems as well

Analyze other security reports for security vulnerabilities and advise on adequate mitigation action.

Work with IT Operations and Network Engineers to mitigate system vulnerabilities discovered in network devices (routers, switches, VPN Concentrator), servers, and workstations.

Working knowledge of duties required to implement information security controls and lead information security initiatives.

PARADYME MANAGEMENT INC. Greenbelt, MD

Information Assurance Analyst Jan. 2018- Jun. 2019

Supported an itch-free transition of the organization’s information security system to NIST requirements using 800-37 guidelines.

Worked in a team, supported the architecture, implementation, and ongoing maintenance of the information system, and ensured confidentiality, integrity, and availability of the information according to NIST 800-53 and FIP 200.

Worked with varieties of stakeholders, including system owners, implementation engineers, 3rd-party auditors, and the organizational security team to develop deliverables, recommend security solutions, and maintain the existing Authority to Operate (ATO) for systems and implement new ATOs for other emerging systems and platforms.

On task with Information Assurance Managers and other information security officers to make sure all authorization documentation and other deliverables are properly developed, submitted on time, and maintained.

Identified vulnerabilities, recommended corrective measures and ensured the adequacy of existing information controls, supported an ongoing continuous monitoring activity per organization policies.

Advised business unit managers, IT development team, and computer users about risks and security controls.

Contact this candidate