ISSO

MAVIS AWOTWE Woodbridge VA ***** 571-***-**** ********@*******.***

EXPERIENCE SUMMARY

A proactive, enthusiastic, and detailed-oriented professional with more than seven years of in-depth knowledge in information security, cloud infrastructure, and an established role providing support to an array of federal agencies. A wealth of knowledge to guide an organization/agency through a comprehensive evaluation of technical and non-technical security control assessment (SCA), assessment and authorization (A&A), networks, and other safeguards in support of the Federal Information Security Management Act (FISMA), creating and managing Plan of Action and Milestone (POA&M), System Level Continuous Monitoring (SLCM), Contingency Plan (CP) based on proving industrial best practices, standards, guidelines, policies, and compliance. Experienced in Vulnerability Analysis and Assessment, development and implementation of the Plans of Action and Milestones (POA&M) as well as remediation of the documented threats and vulnerabilities.

EDUCATION AND PROFESSIONAL CERTIFICATIONS

Bachelor: Health Administration and Policy - George Mason University (Graduated Cum Laude)

Masters: Cybersecurity Policy and Compliance - George Washington University (In Progress)

Certified Scrum Master

CompTIA Security+

Certified Information Systems Security Professional (In Progress)

CLEARANCE

Public Trust

TECHNICAL SKILLS

Security Authorization Document(s): Hardware/Software Inventory List, Design Diagrams, Vendor Document (s), Secure Configuration Checklist (SCC), Vulnerability Scan Report, Security Test and Evaluation (ST&E), Business Continuity Plan (BCP), and Continuity of Operations (COOP), Configuration management plan, System Security Plan

Security Guidance: National Institute of Standard and Technology (NIST) Special Publication IST 800-53,800-53A, NIST 800-37, etc.

Security Assessment Management Tools: eMASS, XACTA IA, CSAM, RSA Archer, Nessus, and Splunk.

ISO/IEC 2701 Family – Information Security Management

Cloud Services: Amazon AWS, Microsoft Azure, etc.

Risk assessment, Risk mitigation analysis, and FedRAMP.

Facilitate meetings and presentations

Excellent oral and written communication skills

Proficient in Microsoft Office, Visio, ARIS, and JIRA.

PROFESSIONAL EXPERIENCE

ERP International May 2018 to Present

Information System Security Officer

Perform analyses to validate established security requirements and recommend additional security requirements and safeguards.

Review FIPS 199 categorizations, E- Authentication risk Assessment, System Security Plan (SSP), privacy threshold analysis (PTA), Privacy Impact Assessment (PIA), POA&M, and Contingency Plan for completeness and compliance with NIST guidance

Document the results of Certification and Accreditation and technical or coordination activities, prepare the system Security Plans and update the Plan of Actions and Milestones POA&M.

Help guide System Owners and ISSOs through Authorization and Accreditation (A&A) Process, ensuring that Operational, management and technical control securing sensitive Security Systems are in place and being followed according to the Federal Guideline (NIST SP800-53).

Conduct security assessment interviews to determine the security posture of the system and to develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A

Review System Security Plan (SSP)

Implement and support standard procedures for incident response

Develop a System to assist the client to secure the categorizing and selection of controls using NIST SP 800 60, 800 53, and FIPS 199 as well as FIPS 200.

Responsible for Developing the appropriate documentation and reports necessary to validate systems that need security and privacy requirements by the Risk Management Framework (RMF) authorization process.

Report, analyze, coordinate, and respond to any event or cyber incident to mitigate any adverse operational or technical impact.

Extract meaningful info from technical reports and convert them to documentation or summary reports that convey issues/status to leadership.

ASRC Federal November 2015 to May 2018

IT Security Compliance Analyst

Performed and reviewed updated documents to confirm they are FISMA compliant.

Performed security categorization using NIST SP 800-60 and FIPS 199 and reviewed Privacy Threshold Analysis (PTA), and E-Authentication with system stakeholders.

Participated as a member of the Certification and Accreditation team; to perform risk assessment, updated System Security Plan (SSP), Contingency Plan (CP), and Plan of Actions and Milestones (POA&M).

Tracked and updated Plan of Action & Milestones (POA&Ms) for actions following assessment activities and in response to identified vulnerabilities for maintaining system ATO status.

Drafted and finalized Privacy Threshold Assessments (PTA)s, Privacy Impact Analyses (PIAs), E-Authentication Assessments, and System of Record Notices (SORNs).

Provided assessments of the severity of weaknesses discovered in the systems and their environment of operation and recommended corrective actions to address identified vulnerabilities.

Supported the Information Systems Certification and Accreditation process as needed as well as responsible for implementing and maintaining security policies and procedures.

Reviewed, maintained, and ensured all assessment and authorization (A & A) documentation were included in the system security package

LEVICK January 2014 – November 2015

Business Systems Analyst

Worked extensively to define the acceptable values for the business rules.

Responsible for eliciting requirements using interviews of SMEs, document analysis, surveys, site visits, business process description, use cases, scenarios, business analysis, task, and workflow analysis. Ensuring that the requirements are clear, complete, and consistent across the board.

Facilitated the Joint Application Development (JAD) sessions with knowledge workers and IT specialists over several days to define and review documented requirements during sessions with clients and stakeholders to help identify business rules, processes, and system requirements.

Facilitated project Daily Stand-up calls to ensure all members of the team were on the same page, created sprint backlogs, and conducted Sprint planning meetings to select tasks that needed to be completed and defined the time frame for each task.

Developed Use Case diagrams, business flow diagrams, and Sequence diagrams using MS Visio so that developers and other stakeholders can understand the organization's business process.

Participated and made major contributions to sprint planning and sprint retrospective meetings to ensure desired

outcomes are achieved.

Tracked and maintained Stakeholder requested enhancements and changes and served as the SME for the Software Change Request Process (SCR), and performed GAP analysis when changes were requested to ensure a request does not go out of scope.

Facilitated regular meetings with end users to review and validate the business and functional requirements and performed system testing with sample/live data with testers' help to ensure the new system's successful implementation.

ADDITIONAL SKILLS

Information Assurance, IT Governance, Policy & Procedures Development, Information Security Compliance, Continuous Monitoring, Identity Assurance and Management, Threat Monitoring, Incident Response, Vulnerability Analysis, Contingency Planning, Disaster Recovery, Information Security Awareness Training, Assessment & Authorization, and Privacy.

Contact this candidate