Information Systems Security Officer

Location:

Ashburn, VA

Posted:

July 29, 2025

Contact this candidate

Resume:

Professional Experience

Department of Justice (DOJ)

Information Systems Security Officer (ISSO)

May 2024 – Present

In this role I manage and collaborate with the Department of Justice’s Civil Division IT Security Support Team, Civil’s Cybersecurity Team, System Engineers, and other key system stakeholders to provide comprehensive Federal Information System Management Act (FISMA) audit support. I leverage my knowledge and experience of the National Institute of Standards and Technology (NIST), and in particular NIST 800-53 IT controls to assist DOJ in designing and implementing security solutions that safeguarded the confidentiality, integrity, and availability of sensitive information while offering technical support for IT systems, including security improvements, vulnerability assessments, risk assessments, and network security enhancements. I contribute to the design of several moderate and high classified information systems documentation and artifacts that support the Authorization to Operate (ATO) DOJ information systems. Additionally, I conduct comprehensive security tests and audits to identify vulnerabilities and ensure compliance with established security policies and standards.

Jones Wilson & Walls Realty, LLC

Real Estate Agent (DC-MD-PA-VA-WV)

March 2022 - Present

Sehlke Consulting/Aeyon

IT Audit/Cybersecurity Subject Matter Expert

Project: EY – Army

March 2021 – April 2022

In this role I support the EY ACWS Audit team with the delivery of recommendations and guidance on how to best address FISCAM controls in preparation and in support of the US Army’s upcoming audits. ACWS is an information system currently under development, so I am tasked with leveraging my expertise of the US Federal Government’s Software Development Life Cycle (SDLC) to provide pertinent recommendations and guidance. I also use my public sector audit and/or audit readiness experience with a focus on IT controls associated with external/internal audits to support the EY Team. My expertise is also leveraged to provide significant FISCAM testing experience to assist in the performance of IT audits to evaluate the effectiveness of the deployed technical and logical controls, security, segregation of duties, and execute audit procedures. Finally, I use my experience with interpreting controls and analyzing highly technical system documentation to support the EY Team audit initiatives as required.

Iron Flame Technologies, Inc/The Nasir Group

January 2004 –March 2021

US Air Force Global Force Management

February 2017 – March 2021

Program Manager (Classified)

Triumph Enterprises - National Institutes of Health (NIH)

A&A Sr. Manager

September 2016 – June 2017

In this role I am responsible for assisting the NIH Chief Information Security Officer with Authorizing and Accrediting over 300 Federal information systems. As the A&A Sr. Manager: I am responsible for defining and assisting with the deployment of IT user roles, data migration from a Government -of-the-Shelf (GOTS) Governance Risk and Compliance (GRC) Tool to the RSA Archer GRC Tool; I coordinate metrics for compliance briefings for the NIH CIO; I coordinate IT Security efforts with NIH’s Privacy Office; I provide oversight reviews of NIH’s 28 institutes and centers for all security documentation; and managed a team of over 15 IT System Security Officers. I attend meetings and strategy sessions that shaped the security posture of the 28 institutes and centers that make up NIH. In this role I work with NIH Information System Owners to manage system compliance with FISMA audits of their respective information systems; and successfully assisted in getting over fifty percent (50%) of NIH’s moderate and high classified information systems through the Authority to Operate (ATO) certification process.

E-Trade Arlington, VA

Senior IT Risk Consultant

May 2016 – September 2016

In this role I conduct research and consult on efficient and effective enterprise and IT risk assessment and management governance processes and best practices for corporate financial systems. My day-to-day duties also include developing audit frameworks that support deploying industry best practices for IT governance and audit support. I identify IT control deficiencies, information systems that lack IT control compliance with laws, government regulations and management policies or procedures; provide risk and benefit analysis for appropriate remediation actions; and coordinate with E-Trade IT Development and IT Operation teams to facilitate internal and external audits as well as regulatory reviews

United States Army – Special Inspector General Afghanistan Reconstruction (SIGAR) Crystal City VA and Kabul, Afghanistan (Classified Role)

Audit Program Manager

September 2013 – June 2016

In this role I manage a team of six (6) Subject Matter Experts/Auditors that conduct the following needs for oversight: engineer and architecture experts, survey work, counter narcotics, remote monitoring, security, logistics, government contracting, government corruption, and geospatial support.

US Department of Treasury – Bureau of Fiscal Service Parkersburg, WV

Risk Advisory Subject Matter Expert

October 2014 – June 2015

In this role I support the Department of Treasury with assessing their My Retirement Account (MyRA) cloud system. My expertise with IT system accreditation was utilized to assist the Treasury IT stakeholders with achieving a full Authority to Operate (ATO) prior to being offered as a public facing information system that assists US Citizens whose employers do not offer thrift savings or 401Ks with the ability to participate in a government provided thrift savings plan. My role includes reviewing system documentation and offering guidance on remediation efforts to address all known cybersecurity gaps in the information system that have the possibility of being exploited both internally and externally. As a result of my assistance, the MyRA application was FedRAMP approves and received a full ATO.

Washington Metropolitan Area Transit Authority (Metro) Washington, DC

Information System Security Officer (ISSO)

July 2013 – October 2014

In this role, I develop and implement Metro-wide security policies and procedures, ensuring a strong security posture across the organization. I manage corporate-wide IT security awareness training programs and oversee the development of new learning content for Metro’s Incident Response Program. I lead the development of Metro’s PCI-DSS audit policies and procedures while managing a team of project managers responsible for change and configuration management activities. Additionally, I direct a team of Security Help Desk Professionals, ensuring prompt resolution of security-related issues. I manage the development and dissemination of security tips and compliance campaigns to enhance security awareness. I also prepare executive-level presentations detailing Metro’s IT security posture from a compliance standpoint, focusing on PCI-DSS and SCADA requirements. Furthermore, I oversee Metro’s IT Litigation Hold requests and lead the creation and management of Metro’s Privacy and Data Governance Programs to safeguard sensitive information and maintain regulatory compliance.

Non- Audit/FISMA Role – Details Provided Upon Request

United States Army – Davidson Airfield Fort Belvior VA

Telecommunications Project Manager

September 2012 – June 2013

Integration Technologies Group (ITG) Reston, VA

ISO27001 Internal Audit Consultant

June 2012 – October 2012

In this role I conduct ISO27001 engagement scope IT controls in collaboration with clients to assess and address audit needs and requirements. I work closely with ITG's clients as a member of their Internal Audit team, assisting in the identification of IT-related control deficiencies and compliance gaps. I provide subject matter expertise on ISO27001 standards, ensuring clients' adherence to security best practices and regulatory requirements. I contribute to the development of audit reports, highlighting findings and recommendations for improving client IT systems’ information security posture. I collaborate with client teams to implement corrective actions and enhance security controls based on audit findings. My achievements in this role included successfully assisting multiple clients in achieving ISO27001 certification, ensuring alignment with international security standards and regulatory requirements. I was recognized for exceptional communication and interpersonal skills, fostering strong client relationships, and ensuring effective collaboration throughout the audit process.

Department of Transportation – Pipeline Hazardous Material Safety Administration (PHMSA)

Information Assurance Specialist

February 2011 – June 2012

As an Information Assurance Specialist, I provide technical support the DOT-PHMSA Information System Security Officer with National Institute of Standards and Technology (NIST) 800 Series subject matter expertise in support of securing PHMSA’s ten (10) Low – Moderate - High information systems. In this role, I support all vulnerability management processes and procedures as part of PHMA’s continuous monitoring program. My technical expertise was used to assess IT system changes that may have an impact on an information system’s security posture, if implemented, and advise the PHMSA CIO of all impacts. As a member of the PHMSA Change Control Board, I ensure all proposed changes will be performed using secure best practices, as well as ensuring that application code patches and upgrades do not introduce known and unforeseen security vulnerabilities. I also perform Security Test and Evaluations for all PHMSA systems. I managed security accreditation artifacts and documentation for all PHMSA information systems and recorded their compliance in the PHMSA accreditation system CSAM.

Department of Treasury – Office of Financial Stability

Information System Security Officer

July 2010 – January 2011

In this role I assist the Federal Information System Security Officer for the Office of Financial Stability create an information technology security program for a new federal agency that was developed to manage bail-out funds to banks and American industry. As ISSO, I define and assist with the deployment of IT user roles, review OFS IT System audit logs, develop IT security policies and procedures, develop security awareness training, and develop IT access control tools via a custom developed SharePoint Tool. As the contractor ISSO, I attend meetings and strategy sessions that shaped the security posture of the newly formed organization. I advise OFS technical teams on security related issues at OFS Change Control Board meetings. I assist OFS developers with building secure application code by conducting readiness reviews and sitting through test initiatives. I also conduct audits on each OFS production application or system in support of the OFS Certification and Accreditation efforts. I used my expertise of ISMA to develop the following security artifacts for OFS: Risk Assessments; IT Controls Assessments; System Security Plans; Contingency Plans; NIST 800-60 Data Types Report; FIPS 199 Reports; e-Authentication Reports; Security Test and Evaluation Reports; Contingency Plan Test Results and Findings; Configuration Management Plans; Incident Response Plans; and Plan of Action and Milestone Reports. My analysis of the OFS IT systems was used to recommend IT system ATO approval for a three (3) year certification.

Department of Veterans Affairs (VA) Washington, DC

Security Manager, Certification & Accreditation

January 2006 – September 2009

In this role I provide IT Security expertise to the Veterans Administration Executive Leadership Team for the entire continuum of security certification and accreditation activities. I plan, design/build, and implement security controls that properly align government standards (NIST) with the VA’s security requirements and directives. I also work with the VA’s Risk Management Team to support the Risk Assessment auditing process and provide risk assessment analysis reports provided to management. I work with the VA Executive Team to develop and deliver the Application Security Plan used as the essential part of the Certification and Accreditation process for Automated Information Systems. I was responsible for achieving a full Authority to Operate for one the Veterans Affairs mission essential applications with three (3) months of converting a test system to a production system.

Department of Health and Human Services

External Auditor - FISCAM Audit Team Leader

October 2005 – January 2006

As the FISCAM Audit Team Leader, I lead a team of auditors to review several operational divisions of the Department of Health and Human Services. As the lead auditor, my primary responsibilities include to coordinate all audit activities at each operational division, coordinate my team’s audit activities and efforts with the key stakeholders within each evaluated division, coordinate and manage the evidence receipt process, develop the reporting framework for each operational division evaluated, and debrief each evaluated operational division’s senior management team with all of the findings/exceptions found. I also coordinate and oversee the work performed by Ernst & Young Staff assigned to each operational division evaluated.

Manugistics - Rockville, MD

Internal Audit – SOX Testing

Sr. Consultant

August 2005 – October 2005

As a Senior Consultant in SOX Auditing, I led assessments of internal controls over financial reporting (ICFR) to ensure compliance with the Sarbanes-Oxley Act (SOX). I evaluate and test key controls, identify deficiencies, and provide actionable recommendations to enhance compliance and risk management frameworks. I collaborate with cross-functional teams, including finance, IT, and internal audit, to develop remediation plans and strengthen control environments. I prepare detailed audit reports and present findings to senior management, ensuring transparency and regulatory adherence. I also guide organizations through SOX readiness initiatives, improving their control structures and audit preparedness. My expertise in risk assessment and process improvement enabled companies to mitigate financial risks and maintain compliance with regulatory requirements.

Ames True Temper Harrisburg, PA

Internal Audit – SOX Testing

Sr. IT Auditor

June 2005 – August 2005

PHH Mortgage, Mt. Laurel, NJ

Internal Audit – SOX Testing

Audit Team Lead

March 2005 – June 2005

Tyco Electronics

Senior IT Auditor

February 2005 – March 2005

Urban Outfitters

January 2005 – February 2005

Senior IT Auditor

Alliance Bank Client

Senior IT Auditor

November 2004 – January 2005

In this role I manage the client’s Internal IT Auditing activities in preparation for their external audit. My duties include identify and test IT General Controls (i.e. physical access, logical access, back-up procedures, business continuity planning, etc.), Application Controls, End User Computing Controls, and Company-wide Controls. In managing this project, I manage IT audit project planning, develop testable controls, conduct client interviews, map testable items to controls, document test results, and develop client debriefing materials. I also managed the nine (9) client applications through the Sarbanes-Oxley control tests.

Education

Dartmouth University

The Tuck School of Business

Post Graduate Studies, Business Administration and Management

University of Phoenix

Masters of Business Administration (MBA)

Global Management

Graduation Date: 1999

Towson State University

Bachelor of Science (B.S.)

Major: Health Care Administration

Major: Business Administration

Graduation Date: 1996

IT Certifications

Certified Information Systems Security Professional (CISSP) – Certified

IT Skills & Technologies

IBM Big Fix, IT Audit, RSA Archer, CSAM, McAfee EPO, Tenable Nessus, NIST 800 series, FISCAM, FISMA, Risk Management, ATO/IATO/ATT, PaaS, SaaS, FedRAMP, Cybersecurity & Risk Management, IT Governance & Compliance Privacy (PIA/IPA), POA&M/Vulnerability Management, Patch Management

Contact this candidate