Information Systems Risk Management
Resume:
Professional Summary
DoD Risk Management Framework (RMF)
Authorization to Operate (ATO)/ Interim authorization to test (IATT)
STIG (Security Technical Implementation Guide)
POA&M (Plan of Actions and Milestones)
eMASS (Enterprise Mission Assurance Support Service
RTM (Requirement Traceability Matrix)
NIST SP 800-37
Compliance
Requirements Gathering
AGILE-SCRUM
Intuitive and seasoned professional offering advanced knowledge and consulting experience in cybersecurity in support of the Department of Defense (DoD) regulations and policies. Reliable and systematic capabilities with strong leadership, communication, and interpersonal skills.
Knowledge of accreditation packages for information systems, ensuring regulations and security standards are met, executing cybersecurity risk assessments for secure operational capability, and, lastly, assessing vulnerabilities and recommending mitigation strategies.
Demonstrate thoroughness, conscientiousness in work performance, and meticulous attention to detail, which are vital to completing the task.
Computer Skills:
MS Office Suite: Excel, Word, PowerPoint, Outlook. MS SharePoint, MS Visio, MS Access, Quality Center, JIRA, Rational ClearQuest, SAP, Remedy, Momentum, ALM, Confluence, WebI, SQL, eMASS, DITPR/DADMS Integrated IT Portfolio Management and TFS, AzureDevOps
Professional Experience
Information System Security Manager Sep 2024 - Present
Department of the Army
Hours per Week: 40
Fort Belvoir
Implement cybersecurity processes that align with DOD regulations and policies
Oversee contractors’ on the cyber team
Communicate cyber statuses to leadership
Approve access requests
Review and approve ATO packages
Create SOPs and policy documentation
Assist with implementing RMF for the DoD Information Technology (IT). The RMF process enforces a tailored set of security controls and focuses on security as an integral part of a system’s overall lifecycle
Monitor and follow cyber tasking orders while following the Agile SAFe methodology
Create and prioritize backlog items
Sr. Cybersecurity Analyst Sep 2022 - Present
Department of the Army
Hours per Week: 40
POLK Building
Created SOPs and policy documentation such as Continuous Monitoring Tools Strategy, and completeed annual reviews of documentation
Assisted with implementing RMF for the DoD Information Technology (IT). The RMF process enforces a tailored set of security controls and focuses on security as an integral part of a system’s overall lifecycle
Reviewed, confirmed and uploaded control test results
Reviewed and confirmed POAM packages for AO approval
Reviewed and submitted eMASS packages for ATO renewal
Developed security policy artifacts (such as an Audit policy) required to complete the RMF process
Submitted ALT token request and revoke access
Performed reviews to deprovision personnel who left the program
Key Contributions:
Ensured the information system maintains an active ATO
Ensured the program complies with DoD regulations and policies
Senior Information System Security Office (ISSO) Jun 2022-Sep 2022
DISA JSP
Hours per Week: 40
Taylor Building
Supervisor: Natalie Gaines
Established and implemented security procedures and practices in support of Customer goals and current DoD regulations.
Developed and updated assessment and authorization documentation for management and continuous monitoring of information systems
Initiated the authorization or re-authorization efforts and process for new or expiring systems and coordinated, scheduled, and attended required meetings
Authored and reviewed information systems security-related documentation and submit to eMASS
Provided critical thinking to ensure system security requirements are addressed during all phases of the System Development Life Cycle (SDLC)
Provided security engineering review of proposed changes or additions to the IS (including hardware, software, or connectivity) and advised the ISSM of the security relevance
Performed security audits, IAW established procedures. Developed a process for managing, reviewing, and retaining security audit data.
Made decisions and implemented corrective action as required to resolve audit discrepancies
Key Contributions:
Reviewed authorization and assurance documents.
Confirmed the level of risk is within acceptable limits for each software application, system, and network.
Developed assess-only accreditation packages for systems networks
RMF Analyst Oct 2021-Jun 2022
Department of the Army
Hours per Week: 40
POLK Building
Supervisor: Jennifer Averett
Assisted with the implementation of the RMF for the DoD IT. The RMF process enforces a tailored set of security controls and focuses on security as an integral part of a system’s overall lifecycle
Reviewed, confirmed, and uploaded control test results
Reviewed and confirmed POAM packages for AO approval
Reviewed and submitted eMASS packages for ATO renewal
Developed security policy artifacts (such as an Audit policy) required to complete the RMF process to renew an ATO certificate
Completed STIG checklist files with system administrators provided by DISA
Verified security controls that have been implemented
Created POA&Ms for non-compliant controls and close PO&AMs when controls become compliant
Key Contributions:
Ensure the information system maintains an active ATO
Ensure the program complies with DoD regulations and policies
Senior Cybersecurity Engineer Mar 2017-Oct 2021
Department of Navy
Hours per Week: 40
1000 N Glebe Rd 12th floor Arlington, VA 222201
Supervisor: Philip Bowen
Assist with the implementation of the RMF for the DoD IT. The RMF process enforces a tailored set of security controls and focuses on security as an integral part of a system’s overall lifecycle
Create and execute Cybersecurity test cases
Develop security artifacts (such as the SAP, PPSM, SOPs, and Control plans) required to complete the RMF process to achieve an ATO certificate and IATT
Use eMASS to obtain the Information Assurance Certification and achieve an ATO certificate for the program
Complete STIG checklists provided by DISA
Verify security controls that have been implemented
Create POA&Ms for non-compliant controls and closeout PO&AMs when controls become compliant
Work with Navy Validators to ensure eMASS test results are accurate and satisfy NIST Special Publications 800 requirements
Key Contributions:
Perform Control Account manager (CAM) responsibilities
Review authorization and assurance documents.
Confirm the level of risk is within acceptable limits for each software application, system, and network.
Perform vulnerability analysis.
Recommend mitigation strategies based on analysis findings
Develop accreditation packages for systems networks
Review/evaluate the security impact of system changes on networks and computers within the area of responsibility
Ensure adherence to security standards and protocols
Senior Business Analyst Mar 2016-Mar 2017
Department of Defense and Department of Homeland Security
Hours per Week: 40
6120 Executive Blvd Suite 800, Rockville, MD 20852
Supervisor: Amol Shah
Gathered requirements by facilitating interviews with shareholders
Recorded requirements in the Visual Studio Team Foundation application
Defined Features, Product Backlog Items and Bugs
Generated User Stories and Mockups for developers to understand the requirements
Assisted the QA team to make sure all requirements have been covered in scripts and tested properly
Closed-out features at the end of every release
Created and maintained help content, user manuals and training slides
Key Contribution:
Engaged with clients/customers to assess needs and provide assistance
Committed to provide quality products and services as requested by the clients/customers
Business Analyst Feb 2015-Mar 2016
GFEBS
Hours per Week: 40
12015 Lee Jackson Memorial Hwy, Fairfax, VA 22033
Name of Supervisor: Teri Rathweg
Provided support in design by interacting with clients to evaluate AS-IS and TO-BE processes.
Gathered requirements based on what was in scope
Created data flow diagrams and processes using MS Visio
Generated Functional Requirement specifications to guide the design of the application
Developed wireframes of page layouts indicating where functional elements and contents will be placed
Tracked defects, prioritized trouble tickets, incident reports, and change requests for future releases
Assisted in go-live by executing cutover tasks
Performed product and integrated testing to validate functionality
Tier II support for several ERP modules
Business Analyst Apr 2014-Feb 2015
United Health Group
Hours per Week: 40
Boston, MA
Name of Supervisor: Veer Modi
Gathered requirements based on what was in-scope for open enrollment and documented requirements in a BRD
Assisted in identifying project scope, business objective, feasibilities and risks based on Scope/Vision documents
Worked alongside Project Manager in conducting JAD sessions involving SMEs, business users, data administrators, system architects, managers, and development team in order to create a good business process model
Created Data Flow Diagrams and process diagrams using MS Visio
Generated Business requirements document for sign off
Reviewed test plans and test scripts developed by the development team and QA team to make sure all requirements have been covered in scripts and tested properly
Tracked defects and prioritized trouble tickets, incident reports, and change requests for future Releases
Contributed to assessing and reviewing components within the system during Knowledge Transfer (KT) with other clients
Education
M.S., Cyber Security
§ Southern New Hampshire University, Manchester, NH
B.S., Health Care Administration
§ Rhode Island College, Providence, RI
Certifications
COMPTIA Security +
Certified SAFe 6 Practitioner
Security Clearance
Secret
Contact this candidate