Professional Summary

Information Security Analyst with 9+ years of professional experience specializing in Cybersecurity, Risk management, Governance, Risk and Compliance (GRC), IT Audit management, Project management, Content Management and Training. Expertise in FISMA and NIST Compliance, Risk Management Framework adoption, Risk and Compliance assessment and mitigation, Business Process re-engineering and optimization, and ITIL including change and configuration management.

Experienced in various Project Management Frameworks including Waterfall, Agile, Scrum and Lean Portfolio Management (LPM).

Subject Matter Expertise in FISMA, NIST and Risk Management Framework compliance across multiple domains including Access Controls and Configuration Management.

Skilled and Knowledgeable in all MS Project Management Tools including Visio and SharePoint.

Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Scrum Master (CSM) and PMP.

Pursuing Certified Cloud Security Practitioner certification.

Professional Skills

Excellent analytical, decision making and time management skills. Mature planning, organizing and delegation skills

Strong analytical and problem-solving skills to identify, analyze and mitigate GRC related risks in processes, policies, and procedures

Polished communication skills including the ability to actively listen to the needs of the business; as well as peer-mentoring team members

Knowledgeable and experienced in managing projects with interdependencies between many different stakeholders

General knowledge of operating systems, database, networks, and mobile and cloud technologies

Ability to team well with others to facilitate and enhance the understanding and compliance to security policies. Skills in accelerating change

Certifications

Certified Information Security Manager (CISM) 27 September,2022

Project Management Professional (PMP) 24 February, 2021

Certified Information Systems Auditor (CISA) 01 October, 2020

Certified Scrum Master (CSM) 09 February, 2020

ITIL Foundation Certificate 10 June, 2016

ITIL Intermediate Certificate in IT Release, Control and Validation 13 October, 2016

ITIL Intermediate Certificate in IT Planning, Protection and Optimization 04 November, 2016

ITIL Intermediate Certificate in IT Service Offerings and Agreements 18 November, 2016

ITIL Intermediate Certificate in IT Continual Service Improvement 24 August, 2016

ITIL Intermediate Certificate in IT Operational Support and Analysis 29 July, 2016

Experience

IT Specialist (INFOSEC) Food and Drug Administration (Jan 2023 – Present)

Major Responsibilities & Accomplishments include

Ensuring compliance to various Federal Cybersecurity Legislations, Regulations and Executive orders

Experience with GAO and OIG audits

Conduct Security Assessment & Authorization efforts to ensure compliance to NIST standards

Utilize the eGRC tool Archer to create reports for middle and senior management

Create quarterly FISMA Reports, High Value Assets report and POA&M reports for Senior Management

Develop and execute plans to identify and communicate risk factors and best practices for the enterprise

Provide leadership and subject matter expertise relative to technology, Information Security, Information Management and Business Resiliency Risk regarding assessments.

Evaluate agency processes, assets and workforce to ascertain risk and conduct remediation efforts.

Provide regular progress briefings to stakeholders and Senior Management.

Senior Cyber GRC Analyst/ Audit Liaison (Health and Human Services; HHS) (May 2022 – December 2022)

Major Responsibilities & Accomplishments include.

Ensure CIA of systems, network, data and assets through the planning, analysis, development, implementation, maintenance and enhancement of information system security policies, procedures, and tools within and across the organization.

Ensure compliance to various standards like FEDRAMP, and NIST

Planned and executed Audit and Risk engagements to examine regulatory, operations and data-loss risks associated with IT projects, work with teams to develop risk mitigation strategies, reporting the results to senior leadership.

Participated in review sessions and help in the decision-making sessions when legislative changes, technological improvements and changes happen in the federal world.

Update Policies and other pertinent documentation through the development, implementation stages of the security program.

Create, Track, Monitor and Report on status of Department and OPDIV POA&Ms

Manage and collaborate with stakeholders on OIG, FISMA and GAO Audits to remediate and close open recommendations

Cross Functional Services Information Security Analyst /Vulnerability Management POC FRTIB (2018 – April 2022)

Major Responsibilities & Accomplishments include:

Member of the Program Team that won Best Program Team of the Year Award in SAIC for two years

Coordinate with the management and security teams to develop and maintain IT security policies, architecture, and security across the organization, including performing audits of security systems to maintain compliance with standards and protocols

Lead the development and implementation of security requirements for various IT projects, including system migrations to compliant environments

Support different Internal and External Audits for the agency like System Enhancement Audits, IT Operations Audit, CLA Audits & Mobile Device Management Audits for FRTIB TESS Program

Worked on remediating the Log4j issue across the enterprise

Coordinate with System Administrators to develop and provide system security artifacts in support of ATOs

Work with other Security teams and FRTIB POC’s as part of Continuous Monitoring efforts

Design and formulate cross functional process workflows to comply with business and security requirements

Independently contribute to the development of audit processes improvements and processes across the enterprise.

Key member of the leadership team that closed about 300 Audit Findings in the last 3 years for the Agency across 26 boundaries and 354 systems/resources.

Review and provide pertinent data for System Security Plans and Authorization and Accreditation Documents

Analyze TESS processes, procedures and supporting documentation for compliance with the FISMA/NIST standards for FRTIB

Was recognized as ‘Key contributor’ for work related to CAPs and Audit finding remediations in the Cross Functional Service Tower

Cross Functional Services Project Manager & Technical Lead

Worked as a project manager & technical lead on multiple projects to remediate audit findings and improve existing processes. Some of the key projects are listed below.

Mobile Device Baseline Management CAP: Currently in the LPM Process. Gathering requirements, resources, formulating schedule, providing weekly status reports to Senior Management.

EOL/EOSL CAP: 9-month project to remediate findings related to NIST System and Integrity Family (SI-2) & System and Services Acquisition family (SA-22) controls

Features Delivered as part of this CAP:

Process to identify critical assets

Process to gather and document key EOL dates for critical assets

CMDB Modifications to support processes

Process for monitoring of EOL dates and notifications of impending EOL for assets

Annual review of Critical assets for EOL data refresh

Process for Disposition determination with sufficient time to have a replacement plan or risk acceptance in place before support ends

Removable Media Device CAP: Ongoing 7-month project to remediate findings related to NIST Media Protection Family (MP-4 Media Storage, MP-6 Media Sanitization, MP-7 Media Use controls)

Features Delivered as part of the CAP:

Update processes to identify and track ownership of Removable media devices

CMDB Modifications to support processes

Identify and Gather data on FIPS compliant media

Unauthorized Code Change: 12-month project to remediate findings related to NIST Configuration Management Family (Access Restrictions for Change CM-5) and System and Information Integrity Family (Software, Firmware and Information Integrity SI-7).

Features Delivered as part of this CAP:

Configured Dimensions CM to monitor, Detect and Report potential unauthorized code for distributed code residing in DIM CM

Configured ChangeMan SSM to scan all libraries in ChangeMan ZMF

Developed and implemented a process for TFS to monitor, detect and report UAC for applications such as TSP Web Services (TWS) and Genesys residing in TFS

Database Configuration Management 2019 December – 2020 July

Features delivered as part of this CAP:

Worked with DB administrators and Splunk Tool administrator to assess technical feasibility of integration between Oracle, SQL Server, MySQL, Postgres SQL, DB2 databases and Splunk

Implemented a process to Identify, Select and Draft Security Benchmarks for all information systems that are required to adhere to the FRTIB and EISRM Policy.

Process developed for both Mainframe environment and distributed Systems environment

Stood up the Baseline Initiation and Management Process

Stood up a quarterly review process of baselines managed within the CMDB

Sensitive Datasets Project 2018 April- 2018 December

Assessed the Datasets within the Code Configuration repositories (Dimensions CM and Change Man ZMF and TFS) to determine the sensitivity of data and PII

Assessed Risk associated with access and security controls

Worked on Segregation of Duties (SOD) and Access management processes to establish Annual review of SOD and Access controls.

Partnered with Key stakeholders to identify and execute Business requirements and goals

Worked alongside Tope Secret Administrators to understand how Access is provided through Profile and Acids for Mainframe applications.

Assisted with setting project milestones, timelines, budget and resources

Created and maintained project documentation, plans and progress reports

Enterprise SharePoint Migration Project 2016-2018

Conducted a feasibility study of SharePoint, Alfresco and Documentum based on business needs established by FRTIB.

Lead the development and implementation of security requirements for the project, including system migrations to compliant environments

Created the Charter and the schedule for the project

Provided regular sprint updates to all levels of management

Created, reviewed and provided presentations and SDLC documents

Created a migration plan for the legacy SharePoint site from 2007 to 2010 to SharePoint 2013

Upgraded the backend SQL Server databases and conducted data migration

Migrated Windows 2008 Server to Windows 2012 Server

Designed, planned and implemented the setup of the new SharePoint site with fail over capabilities in the remote fail-over site for FRTIB.

Enhanced the navigation, search and backup capabilities of the SharePoint site.

Analyzed, prioritized and consolidated SharePoint sites prior to migration based on sensitivity, visibility, criticality and traffic of sites.

Established a new SharePoint governance approach by creating an enhanced document hierarchy and architecture for role-based access controls.

Established Documentation Hierarchy and Standardized Terminology definitions for the TESS enterprise

Created, updated and maintained workflows, user guides, processes, technical artifacts, training and procedural documentation for FRTIB information management systems, software and tools

Performed standard electronic file management and archiving

Responsible for protecting, securing, and proper handling of all confidential data held by the enterprise to ensure against unauthorized access, improper transmission, and/or unapproved disclosure of information

Authored the Document Management Plan and standard operating procedure

Trained users and conducted sessions on the usage of the new document repository with enhanced features.

Business Process Analyst (April 2016-December 2016)

Worked as Process Analyst within the Cross Functional Services Team in the TESS program. Responsible for supporting multiple ITSM areas as requested and needed. Worked in the following areas – New Work Intake, Service Level Management Reporting, Configuration Management, documenting requirements for SharePoint Document Center, Tools version migration

Volunteer / Independent Consultant (June 2011 – Mar 2016)

• Co-ordinated with various organizations, including Smithsonian, World Bank, Washington Post and other cultural organizations in the area to plan, budget and organize fund raising and cultural festivals and events

• Was responsible for planning, managing, budgeting, scheduling, coordinating and delivering numerous music, dance and cultural events and program across the Northern Virginia area

• Worked with a wide variety of non-profits to meet their fund-raising goals

• Utilized project management and communication skills to effectively organize and manage activities

Admin Coordinator, Raagamalika School of Music, LLC (June 2005 – May 2011)

• Provided professional leadership to organize, administer, supervise, and evaluate a creative school program with an optimal learning environment

• Supervised a team of up to 6 members and served in a project supervisory role as assigned by assistant superintendent or director; coordinated meetings and conferences with other school and third-party vendors

• Was responsible for designing and rolling out a next generation interactive website with easier access to information and enhanced custom user experience

• Was responsible for all financial and administrative affairs, including establishing LLC tax status, payroll set up and management

• Was instrumental in laying out the vision and execution of a very successful 25th anniversary program involving more than 700 people

• Served as high level liaison between the George Mason University and Raagamalika Music School

Education

Masters in Arts, Madras University

Bachelors in Business Management, Bangalore University

Contact this candidate