EXPERIENCE

Cotton & Company, August **** to Present

Information Assurance Supervisory Senior

• Performed Federal Information Security Management Act (FISMA) Audits, the IT portion of a Financial Statement Audit, and a Sarbanes-Oxley 404 Compliance Assessment.

• Evaluated systems to determine the adequacy of IT security controls.

• Obtained, analyzed and evaluated data from clients to perform tests on management, operational, and technical controls over financial systems using GAO’s Federal Information System Controls Audit Manual (FISCAM) audit methodology to substantiate transactions, records, and reports.

• Performed interviews with key personnel, reviewed policies and procedures, conducted configuration reviews, and performed compliance testing.

• Assisted in preparing interview write-ups and memos, and planned work on assigned segments of each engagement.

• Developed audit procedures for testing both NIST 800-53 and FISCAM security controls for FISMA audits and financial statement audits.

• Analyzed an organization’s operations and procedures, identified the greatest risks, and developed summaries and analyses of the risks and key activities to determine if appropriate internal controls were implemented to mitigate risks.

• Conducted assessments as part of FISCAM for access control, configuration management, security management, and segregation of duties.

• Reported audit findings and made recommendations for the correction of unsatisfactory conditions to managers and/or partners.

• Reported task progress and statuses to manager and/or partner.

• Prepared work papers and summarized data reports to support work

performed.

Tangible Security, September 2016- August 2017

C&A Analyst

Managed and supported the DoD Information Assurance Certification and Accreditation Process (DIACAP) process for all Information Systems (IS), enclaves, and application systems under the purview of the CIO per DoDI 8510.01

Supported the transition for the organization by updating policies, procedures, and processes as appropriate

Created and delivered DIACAP Implementation Plan and execute DIACAP implementation, conducted validation services, prepared POA&M, and compile validation results.

Prepared a plan to migrate from the DIACAP to the DoD Risk Management Framework

Provided support to the Connection Approval Process (CAP), and IT Portfolio Registry (DITPR).

Attended meetings and working groups as directed that are in support of compliance and C&A activities.

Intellidyne, LLC September 2012- 2016

Information Security Specialist

Assisted in completion of all contractor-related C&A activities following the NIST Risk Management Framework for target application

Evaluated the security posture of system and make recommendations to the System Owner, Certifying Authority and the Approving Authority

Provided application vulnerability assessment for developed system

Evaluated and assessed compliance with established IA policies and regulations

Supported security assessments to ensure client efficiently complies with the IT security requirements and regulations mandated by the Federal government

Reviewed documentation against requirements, automated and manual vulnerability identification testing per client protocols, mitigation validation testing, and the delivery of a written report to senior management of the IA status of a particular system

Conducted physical security audits and performed all facets of NIST requirements form coordinating system reviews and updating documentation to network automatic and manual testing, and writing reports and recommendations for the CA and DAA

Provided clients with security management support of the deployment and sustainment of IA technologies

Coordinated C&A activities with internal and external vendors, partners, agencies, and ensured the delivery of secure system products, and ensured the awareness of current and development security requirements

Supported client in obtaining and maintaining ATO certification of said application

Worked collaboratively in developing test plans and ensuring the security of the application through vulnerability assessments and penetration testing, using the latest client approved automated tools and conducting manual checklists

Assisted in development of POA&M items and addressed various methods, including tabletop and live exercises to eliminate and minimize risk

Managed and tracked compliance to POA&M in addition to assisting with mitigation activity

Performed activities in support of Contingency Plan and testing

Implemented DIACAP directives to accredit various systems

ManTech International, April 2012 –September 2012

Information System Security Officer (ISSO)

Designed security components/devices to complex architectures as well as writing security documentation

Performed implementation and maintenance of information security controls for information systems, ensuring compliance with the NIST and DHS 4300 standards. Focus on NIST 800-37 RMF

Ensured that all information systems are certified and accredited and operated and maintained under components standards and enforces current internal security policies and procedures

Briefed senior management on the security posture of systems and recommends mitigation and remediation for any vulnerabilities

Managed Incident Response and reporting on systems and sites under individual’s purview. Performs security analysis and review on devices and software as required and provides feedback to System Owners and sponsors

CACI International, February 2011-April 2012

Information Security Specialist

Responsible for supporting the provision of operational and technical advice to the Information Assurance Manager, in matters relating to information systems security. Completes work involving the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems, security programs, policies, procedures, and tools

Implemented DIACAP directives to accredit various systems

DCID 6/3

Booz Allen Hamilton, June 2010 to February 2011

Strategic Technology Innovation

Provided assistance with developing concepts for intellectual capital for cyber risks

Specialized in enterprise risk management within the cyber market

SRA International, Inc., March 2008 – June 2010

Information Assurance Analyst

Assisted team in Certification and Accreditation effort

Created Certification and Accreditation Packages for government clients

Supported C&A Policy and procedures

SRA International, Inc

November 2008-June 2010

C&A Analyst (Department of Justice IT Security Staff \ Wireless Management Office)

Responsible for managing DOJ’s Integrated Wireless Network (IWN) Land Mobile Radio(LMR) system security program activities, developing project schedules, briefing DOJ Deputy CIOs and Wireless Management Office (WMO) Director on security program status

Responsible for ensuring WMO systems met FISMA and DOJ Security requirements. This included developing and maintaining System Security Plans, conducting Incident Response and Contingency Plan exercises, performing risk assessment and risk mitigation activities, conducting threat and vulnerability auditing activities, and developing and updating system security policies and procedures

Performed role of Certification &Accreditation liaison between IWN engineering team and DOJ IWN security team

Implementing NIST standards of 800-53 A, 800-37 and 800-60

Blackstone Technology Group November 2006- March 2008

Consultant/Analyst

Investigate and troubleshoot root causes of data quality issues.

Provide ongoing data entry, data analysis, data manipulation, data clean-up and data reporting support

Contribute to data quality improvement and reconciliation efforts.

Assist with creation of the monthly report deliverable to provide Mission Ops information around data trends and recommendations for data integrity improvements.

Update the DIG SOP with new procedures and processes that have been agreed upon by the Government.

Work with the Project Manager and other team members to identify improvements in DIG operations as well as potential improvements to systems and the underlying (i.e., field) data collection activities.

Montesquieu July 2006 – October 2006

Administrative Assistant

Served as a liaison between Alexandria office and main distribution warehouse by processing orders for wine brokers;

Assured that orders were placed properly and timely and followed-up with various customer service issues.

Served in a human resource capacity by reviewing all in-coming resumes, scheduling interviews and requesting additional information from interviewees such as references, etc.

Collected timesheets and processed bi-weekly payroll for all employees at Alexandria office. This included: collecting and compiling necessary information to complete payroll; assuring reports were submitted in a timely and accurate manner; and serving as main contact for any questions or issues for employees and for the headquarter office.

Provided administrative duties as assigned, including but not limited to: assuring office supplies were stocked; ordering additional supplies; and coordinated all mailings, faxes, and copies.

Proxy Governance February 2006- June 2006

Research Associate

Collected data on publicly traded companies (primarily on Russell 300, S&P 1500, and Fortune 500 companies) that are interested in building long-term shareholder value.

Researched and compiled data on each company, including information on board of directors, charter and bylaw provisions, stock ownership, and audit fees.

Prepared research reports using data collected and other pertinent information.

EDUCATION

University Of Maryland

Masters of Business Administration

University of Maryland Baltimore County

B.A., Political Science

SKILLS

Software: Microsoft Access, Microsoft Excel, Microsoft PowerPoint,

Microsoft Word,

Microsoft Project, FrontPage, Navision, Outlook

Languages: Bengali (India) - Fluent Spanish- Proficient

HONORS AND AWARDS

National Poetry Contest Winner, Published by US Library of Congress

TRAINING

Information Assurance Boot Camp

SRA-U SCAM I (Spring 2008 Semester)

SRA-U SCAM II (Fall 2008 Semester)

SRA-U Infosec and You ( Spring 2009)

CERTIFICATIONS

Security +

Contact this candidate