Moses W. Winfree Jr. Cell 301-***-**** Sr. Security Analyst

Proposed Position: Sr. Security Analyst/IT Audit/POAM Coordinator

Experience Summary

** ***** + experience in Information Technology, 17 years + experience in IT Security, performing Security Assessment and Authorizations (SA&A) in support of Federal government clients, adhering to FISMA and NIST requirements/guidance. Two years of performing Cloud computing SA&A’s, integrating FedRamp requirements into GRC solutions for 3PAO

companies.

Assisted in developing IT security training requirements. Performed Security Assessment and Authorization (SA&A) in support of Federal clients and assisted in the development of policies, procedures, SOP documentation in compliance with FISMA, NIST and FedRamp standards/requirements. Provided governance of continuous monitoring strategies including annual security assessments, ongoing managemenit of change requests/system changes, quarterly status reporting, POAM remediation and re-accreditation. Supported vulnerability scanning; performed firewall, virus protection reviews. Lead roles in IT audit processes, internal and external (audits), including supporting artifacts/data collection efforts, Notification of Findings and Recommendation (NFRs) in support of FISMA, Financial/CFO and A123 audits and POA&M monitoring and coordination with system owners/designates. Performed reviews and maintenance of Information Categories, E-Authentications, Memorandum of Understanding (MOU’s), Interconnection Security Agreements (ISA’s) and Privacy Impact Assessments (PIA’s).

Professional Experience

US Sedan Limousine Service 07/19 - Present

ActioNet, Sr. Security Analyst, 04/18 – 05/19

Rollover/continuation of Department of Transportation (DOT) IT Security (SA&A) support services, (see Sevatec/INDUS below.)

Acting Team Leader for Security Assessment and Authorization (SA&A) in support of in-house (major and general support systems (GSS)) and Cloud systems for DOT’s Federal Highways Administration (FHWA).

IT audit coordinator in support of the ISSM and ISSO, addressing and supporting artifact/data collection efforts, Notification of Findings and Recommendation (NFRs) in support of FISMA, Financial and A123 audits.

POAM coordinator; reviewed POAMs generated from system assessments, assisted with remediation efforts with clients and developers.

Team coordinator for updating Information Categories and E-Authentications for FHWA Applications.

Coordinated with and provided support/assistance to internal Vulnerability Assessment Team (VAT).

Provided support to multiple projects/task orders.

Sevatec, FITTS Support, Sr. Security Analyst, 04/13– 04/18

Department of Transportation (DOT), FITSS-II, Sr. Security Analyst

Responsible for providing Security Assessment and Authorization (SA&A) support of major and general support systems (GSS) for the Federal Highways Administration (FHWA).

IT audit coordinator for IT Security/Sevatec with the ISSM and ISSO addressing and supporting data collection efforts and Notification of Findings and Recommendation (NFRs) in support of FISMA, Financial and A123 audits.

Analyze vulnerability reports and document the remediation process.

Support continuous monitoring efforts (CDM Initiative) to identify, detect, respond, and recover from security risks by use of security tools such as, Tenable Nessus Security Center scanning and Analysis, HPE ArcSight Logger log review, McAfee Vulnerability Manager, and OSSEC Alerting.

Ability to support multiple projects/task orders.

INDUS Corporation, Sr. Security Analyst,02/10–04/13

Department of Transportation (DOT), FITSS, Sr. Security Analyst, 02/10–04/13

Responsible for providing Security Assessment and Authorization (SA&A) support of major and general support systems (GSS) for the Federal Highways Administration (FHWA).

Serve as audit coordinator for IT Security/Sevatec with the ISSM and ISSO addressing and supporting data collection efforts and Notification of Findings and Recommendation (NFRs).

Ability to support multiple projects/task orders.

Alutiiq Security & Technology, LLC, Sr. Security Analyst, 04/04–08/09

Small Business Administration (SBA),

IT Security Support, Sr. Security Analyst, 04/04–08/09

Responsible for providing certifications and accreditations (C&A’s) support of critical and non-critical systems for SBA.

Coordinate tracking and resolution efforts in support of the POA&M, InfoSec and Audit functions. Provided problem resolutions to weaknesses and vulnerabilities identified in the POA&M(s).

Served as Task Leader for SBA’s IT Auditing process:

Responsible for tracking/monitoring and validating audit findings and provide input to the Plan of Action and Milestones, (POA&M).

Provided and maintained statistical audit input and ongoing statuses and updates for Agency Directors under the Chief Information Officer and supported respective Directors’ staffs in addressing their audits, as needed.

Served as audit coordinator/liaison for the CIO and the Office of the Chief Financial Officer (CFO) and the Office of the Inspector General (OIG).

Revamped and organized the physical inventory and filing system for IT Security’s audits.

Coordinated audit efforts with the IG and their outside consultant KPMG.

Led A123 audit and data collection efforts with the Chief Financial Officer (CFO) and their outside consultant, Kearney & CO along with SBA Program Offices.

Assisted and coordinated efforts in the development of policies, policy notices, procedures, standards and documentation as needed.

Drayton, Drayton & Lamar Inc., Applications Developer/Technical Writer, 03/02–04/04

Housing and Urban Development (HUD), OPETS, Applications Developer/Technical

Writer

Mainframe/COBOL Developer supporting HUD’s OPETS system and DB2 functions.

As a Technical writer, updated system, application and System Methodology documentation (SDM).

Technical writing skills assured up-to-date/accurate documentation for above functions from a multi-functional technical perspective.

Employment History

US Sedan Limousine Service 07/19 - Present

ActioNet, Sr. Security Analyst, 04/18 – 05/19

Sevatec, Sr. Security Analyst, 04/13–04/18

INDUS Corporation, Sr. Security Analyst 2/10–04/13

Alutiiq Security & Technology, LLC, Sr. Security Analyst 04/04–08/09

Education

Degree(s) - None

Certifications

CompTIA Security +

Security Clearance

Maintained Public Trust from 04/04 - 07-19

Contact this candidate