Post Job Free
Sign in

Information Systems Security Engineer / Officer

Location:
Washington, DC
Posted:
October 04, 2025

Contact this candidate

Resume:

* * * * *

Andrea Hicks

************@*****.***

www.linkedin.com/in/andreahicks6

240-***-****

Active DoD Security Clearance

PROFESSIONAL PROFILE

Subject Matter Expert in Cybersecurity, Information Systems Security, RMF, NIST, FISMA, FedRAMP, USG Financial Systems and Operations, and USG Travel Systems and Operations An accomplished professional with experience in cybersecurity, information security, financial operations, and travel management. Exhibits excellence in project planning, scheduling, monitoring, supervision, and execution of projects, ensuring completion without incidents or time overruns. Integrate effective management, team leadership, and expertise to achieve organizational goals and objectives, using relevant tools and skills related to my career and profession. Core strengths include project implementation and stabilization, preparation of training modules and process documentation. Proven expertise in assessing training needs to maintain up-to-date skill levels. Meticulous planning and presentation skills, encompassing exceptional communication, administrative and motivational skills, with the ability to work individually or within a team. Demonstrate the capability to navigate and adapt to dynamic and rapidly evolving environments while collaborating effectively with cross-functional teams and individuals who share similar goals. QUALIFICATIONS SUMMARY

US Agency for International Development January 2020 – March 2025 Information Systems Security Engineer / Officer

As the Information Systems Security Engineer/Officer (ISSE/ISSO), served as the principal advisor to the USG Program/Project Manager (PM), Contractor Project Manager (PM), Information System Owner (SO), the Chief Information Security Officer (CISO) and the Authorizing Official (AO) on all matters, technical and otherwise, involving information security. Assisted engineers and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions. Applied system security engineering expertise in system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf (COTS) and government off-the-shelf (GOTS) cryptography; identification; authentication; and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA

(confidentiality, integrity, non-repudiation, availability, and access control); and security testing. Lead Security Assessment and Authorization (SA&A) efforts to support the customer and their IT systems within the agency’s inventory, implementing and enforcing information systems security policies, standards and methodologies; maintaining a healthy security posture for the information systems and/or programs to ensure information systems’ security policies, standards, and procedures are established and enforced. These systems are a combination of General Support Systems (GSS), Major Applications, Minor Applications and Subsystems at various categorization levels. Successfully developed SA&A Packages in accordance with NIST 800SP Series guidelines, FISMA, FedRAMP and the Agency’s policies and procedures. Responsible for vulnerability management, conducting risk assessments, Security Impact Assessments (SIA) to maintain a healthy security posture and/or support the introduction of new system components or PII to an IS. Regularly analyzed and improved system security measures by providing recommendations on system changes, new technologies, vulnerability scan analyses, continuous monitoring activities, and mitigation recommendations on risks and/or threats to the information systems.

• Developed comprehensive project schedules for IT systems, ensuring the timely completion of Security Assessment and Authorization (SA&A) packages designed schedule phase gates employing the Waterfall methodology.

• Completed Security Control Assessment (SCA) tasks, met key dates, deadlines and milestones ensuring receipt of an Authority to Operate (ATO) for both on-prem and cloud systems. In accordance with NIST Risk Management Framework (RMF), determined Baseline IT Security requirements for IT Systems to assign system categorization. Tailored and implemented system Security and Privacy controls based on Information Systems’ categorization using the Cyber Security Asset Management tool (CSAM), and crafted control implementation statements down to the Determine If level. 2 P a g e

Andrea Hicks

240-***-**** ************@*****.***

• Developed the following [but not limited to] SA&A Package artifacts: o Access Control Procedures (AC); Audit Management Procedures (AU) o Business Impact Analyses (BIA)

o Control Assessment Report (CAP) / Security Assessment Report (SAP) o Digital Identity Risk Assessment (DIRA) / E-Authentication Risk Assessments (e-Auth) o Federal Information Processing Standards (FIPS-199) o Incident Response Plan (IRP); Information System Contingency Plan (ISCP) o Privacy Threshold Analyses (PTA) / Privacy Impact Assessments (PIA) o Security Assessment Report (SAR); Risk Assessment Report (RAR) o System Security Plans (SSP)

• Reviewed and updated all SA&A ‘artifacts and documentation’ packages required to maintain IT systems’ Authority to Operate (ATO), adhering to NIST, FISMA, FedRAMP and Agency directives.

• Implemented and enforced Identification and Authentication (IA) security policies and safeguards for all users accessing the information system under ISSE/ISSO responsibility. Key contributor in developing new access request forms. Reviewed access requests to ensure that all fields were complete and that the Terms of Service policies complied with USAID security requirements.

• Provided comprehensive support for Identity, Credential, and Access Management (ICAM). Ensured that authorized individuals received appropriate access required to effectively perform their job tasks. Managed the issuance and maintenance of credentials, and controlled access to resources based on these credentials. Adhered to industry RBAC policy, ensuring users and system support personnel have the required authorization, are indoctrinated and are familiar with internal security practices before granting access to an IS.

• Worked with FedRAMP approved Cloud Services Providers (CSPs) ensuring compliance and adherence to United States Government practices. Provided recommendations for integration with customer tools as appropriate. Leveraged FedRAMP to gain authorization to process, store, or transmit federal information across FedRAMP authorized environments. Solid hands-on experience with Cloud platforms and Service Models (AWS East/West, AWS GovCloud, COLO East/West, Azure; SaaS, PaaS, IaaS), and cloud security protocols which includes controls, and technologies to protect data and systems in cloud environments.

• Oversaw system audit requests, ensuring the collection of evidence, the implementation of security and privacy controls, and the submission of PBC (Provided by Client) documentation.

• Responded to CISA Data Call requests by collaborating with CSPs to ensure the implementation of protections, including those addressing Log4j, DDoS, and SolarWinds vulnerabilities.

• Implemented new standards and methodologies set forth by OMB, such as Multi-Factor Authentication

(MFA) and Zero Trust Architecture (ZTA). Reviewed, provided SIA and approved Change Requests (CRs for CTASKs) for submission to the CCB and ERB. Represented systems at ERB boards, contributed to planning, development and deployment.

• Improved security postures through the implementation of NIST guidelines, leading to reduced vulnerabilities. Conducted thorough reviews of Burp, Nessus, Qualys, and CISA scans for vulnerability management, provided remediation strategies, and offered mitigation techniques.

• Conducted monthly Continuous Monitoring, consistently observing and evaluating the Agency’s information systems’ security protocols to identify vulnerabilities and threats proactively. Implemented measures to address active vulnerabilities promptly. Examined audit logs for timely detection of security incidents, policy violations and fraudulent activities.

• Developed and managed Plan of Actions and Milestones (POA&Ms) to track vulnerabilities and remediation.

• Partnered with 3PAO to conduct systems SCAs at 1-year, 2-year, 3-year (-/3rd’s) and Full intervals.

• Collaborated directly with Project Teams and Agency Bureaus/IOs throughout the SA&A process to address issues and provide answers related to all aspects of the RMF life cycle. Prepared Security Impact Analyses (SIA) to provide a system assessment of any new components or major changes to an information system.

• Governed IT Systems to ensure that each system is operated, used and maintained in accordance with USAID’s internal security policies and practices. Liaised with the Governance Team to properly vet all deliverables for submission to the Authorizing Official (AO).

• Documented IT systems’ risk assessment per client directives and requirements. Completed SIAs as warranted by system changes (architecture, components, authentication mechanisms, etc.). 3 P a g e

Andrea Hicks

240-***-**** ************@*****.***

• Crisis Management- Ensured incident response processes were executed to support incident remediation activities. Conducted annual Incident Response and Contingency Plan Tabletop Exercises (TTX). Utilized analytical and systematic methodologies to solve issues related to workflow, organization, and planning. Delivered technical expertise and practical experience to develop innovative solutions within the cybersecurity domain.

• Consulted with other cyber teams, offering oversight, strategic direction, coaching, guidance, and mentoring on cybersecurity tasks and related matters. Provided all-inclusive training to new and junior Information System Security Officers (ISSOs) to improve their proficiency in managing IT systems and safeguarding the security posture of these systems. This encompassed the Risk Management Framework (RMF) process, the preparation of documentation and artifacts, the management of vulnerabilities, the provision of advice and status reporting to key stakeholders, as well as all responsibilities associated with Information System Security Officers (ISSOs). Library of Congress January 2019 – January 2020

Information Systems Security Officer

As the Information Systems Security Officer (ISSO), serve as the principal advisor to the Information System Owner (SO), Information Business Process Owner (ISBO), the Chief Information Security Officer (CISO) and the Authorizing Official

(AO) on all matters, technical and otherwise, involving the security of an information system. Provide Security Assessment and Authorization (SA&A) support to the client and their IT systems within the agency’s inventory. These systems are a combination of General Support Systems, Major Applications, Minor Applications and Subsystems at various impact levels. Responsible for developing and providing risk assessments, Security Control Assessments (SCA), SA&A documentation and multiple reports, based on NIST guidelines and the client’s policies, procedures, and requests. Responsible for providing security recommendations on any system changes or new technologies, analysis on vulnerability scans, conducting continuous monitoring activities, and offer mitigation recommendations to any risks or threats.

• Key contributor to the migration initiative and efforts to transition the Agency’s cybersecurity framework from Legislative to Executive, ensuring alignment with federal standards such as NIST and FISMA.

• Developed comprehensive project schedules for IT systems, ensuring the timely completion of Security Assessment and Authorization (SA&A) packages.

• Conducted Security Control Assessments (SCA) and Continuous Monitoring for IT systems at 30-day, 90-day and annual intervals, evaluating the Agency’s information systems’ security protocols to identify vulnerabilities and threats proactively. Implemented measures to address active vulnerabilities promptly. Examined audit logs for timely detection of security incidents, policy violations and fraudulent activities.

• Prepared SAR briefings for AO to obtain Authorization to Operate (ATO).

• Developed, reviewed and edited SA&A artifacts and documentation packages to obtain and maintain an information system’s Authorization to Operate (ATO), in accordance with NIST and Agency guidance and directives. Update SA&A documentation and artifacts regularly to remain in compliance with USG guidelines.

• Developed and managed Plan of Actions and Milestones (POA&Ms) to track vulnerabilities and remediation.

• Enforced security policies and safeguards on all personnel having access to the IT System for which the ISSO has responsibility. Document system’s risk assessment per client directives and requirements.

• Selected baseline controls for the IT System using the Library’s Information Assurance (IA) tool, RSA Archer and tailor security controls as appropriate. Document security control implementation in the System’s Security Plan

(SSP) utilizing RSA Archer.

• Conducted research and provided recommendations on software and technologies to address vulnerabilities.

• Reviewed Incident Response and Contingency Plan test results. Review compliance and vulnerability scans and recommend remediation.

• Reviewed and analyzed audit logs for timely detection of security incidents, policy violations and fraudulent activities.

US Department of State January 2012 – January 2019 Security and Travel Teams Manager / Information Systems Security Officer

• Supervised a team of Security SMEs supporting the Department of State’s Financial, Travel and Reporting systems, overseeing access administration and Identity Management procedures. Maintained safe and healthy environments for the Department’s 10,000+ users’ multi-system user accounts which spanned the financial, reporting and travel systems; ensuring that all accounts and systems are secure. 4 P a g e

Andrea Hicks

240-***-**** ************@*****.***

• Enforce access controls for account management, access administration (provisioning, de-provisioning), access enforcements (authentication protocols / internal controls) and access governance (certification, Logging and Monitoring, etc.,) in compliance with regulations and policies. Establish account and system security using role and workflow methodology. Apply security protocols including single sign-on (SSO) and multi-factor authentication (2FA) in the financial, reporting and travel applications.

• First point of contact for all access requests and related inquiries.

• Through mitigation and risk acceptance, ensure System Assurance by conducting regular analyses and reporting on Separations of Duties (SOD); Financial System Application Access reviews; Audit and Compliance requirements. Elevated Privileged user management and Annual Financial System Account Access Verification. Report issues to management promptly for proactive problem solving.

• Principal System Administrator in systems application planning, decision-making, and implementation of Access Control, and Security initiatives. Collaborated with key stakeholders within and between DoS Offices and Bureaus, as a key contributor for the A&A - Artifacts Review and Analysis for IBIS Development and Information System Contingency and Incident Response Plans, in accordance with NIST 800-34, 800-37 and 800-53 Rev4; and the submission of the Notification of Change (NOC) and Authority to Operate (ATO) documentation. Track project findings via Plan of Action and Milestones (POA&M).

• Principal System Administrator on the Budget System Modernization (BSM) Integrated Budget Intelligence System (IBIS) FinPlan and Global Financial Management System (GFMS) Project Cost Accounting System

(PCAS) Projects for access management and training.

• Provide guidance and direction, overseeing the Annual GFMS Account Verifications. Served as the Security Liaison with the DoS Administration Bureau, in all mechanical processes of the GFMS Verification configuration; which included testing web services, the eForm and Workflow, and the Dashboard; as well as loading Bureau Coordinator profiles. Prepare and update regularly, the Bureau Coordinator Contacts List that is critical for direct communications between the DoS Bureau’s and the GFMS Security Team during the annual financial account verification seasons.

• Key designer of the new myData Access Request Form on the ServiceNow platform.

• Represent the interests of the agency in the procurement, installation, implementation, maintenance and training of any related financial systems, system changes and system upgrades.

• Conduct daily, weekly, and monthly audit reviews of access management and data collection, evaluating security and business processes, to ensure all financial systems are secure. Identify and resolve system problems that may adversely affect financial transaction processing.

• In conjunction with the annual Internal and External audits, perform in-house audits to assure compliance with security policies and standards; and recommend enhancements in such areas as data access, personnel changes and confidentiality. Assist in the preparation of required data for the annual financial audit. Prepare staff through Audit Readiness presentations. Provide and verify PBC submissions to external auditors.

• Provided justification responses to Logging and Monitoring (L&M) Security findings.

• Quality Representative (QR) for ISO 9001:2008 and 2015 Certifications; review and train staff on preparing ISSO Certified Quality Work Instructions (QWI). Prepare staff for annual ISO Audits through trainings and presentations.

• Editor of Financial Systems User Guides – create and maintain Information System Security documentation for System Account Management, Security Controls Matrices, Year-End Closing Processing and Instructions, System User Guides (myData, IBIS, PCAS), Account Verification Instruction and Guide, Security Configuration Guide

(User Guide to Security), and the Helpdesk Customer Service Satisfaction Survey.

• Developed and updated annually, the GFMS Account Verification Instruction Guide for Account Holders, Bureau Coordinators and Supervisors. This guide successfully navigates users and authorizing officials through the full life cycle of the account verification process.

• Prepare annual financial account verification documentation and announcements, which are forwarded to groups of 2000+ Account Holders, Bureau Coordinators and Supervisors, advising on key dates and timelines.

• Prioritize multiple competing projects, representing the interests of the agency in the procurement, installation, implementation, maintenance and training of any related financial systems, system changes and system upgrades. Provide oversight and updates to management on new implementation, training and system(s) upgrade projects.

• Maintain superior professional relationships with IS Senior Officials, DoS Bureaus, System Owners and Business Owners.

5 P a g e

Andrea Hicks

240-***-**** ************@*****.***

• Deliver information in-person and via e-communication to bureau personnel on GFSS Security operations to include business process updates, functionality trends, FYIs and/or upcoming activities. Present information in professional, well-written, oral and presentational formats, maintaining very close attention to detail. Audiences include the monthly GFSS Users Group meetings and external meetings with internal and external partners and staff meetings.

• Develop training and continuing education materials for support staff. Train new, junior and less experienced Security Analysts.

Travel Operations Manager

• As the E2 Travel Operations Manager, supported the U.S. Department of State’s Employees and Partners with their CONUS, OCONUS and White House travel and financial operations, providing high-level assistance in all areas of the E2 Travel Solutions and Momentum Global Financial Management Systems

(GFMS) systems.

• Managed the day-to-day operations of the travel team, providing assistance and support on account and application access, issuing and removing secured access to all bureaus within the Department of State’s domestic and international employees and partners. Personally, arranged travel for high-level executives and officials, and processed travel reimbursements.

• Using established business rules/processes, defined how permissions were disbursed and governed in compliance with the DoS security policies. Served as the first level escalation point for VIP and non-executive customers needing a high level of attention and resolution. Ensured that the travel team consistently provided White Glove service. Built strong working relationships with the Department’s Travel Management Company (TMC) and internal business units.

• Assisted travelers, OMS’, senior management and management with general access and account maintenance, essentially verifying login credentials, updating passwords, updating users’ E2 and GetThere Profile information, applying approval routing chains, modifying routing templates and internal DoS Bureau-specific account settings.

• Provided guidance on preparing travel orders and vouchers in accordance with the Federal Travel Regulations (FTR, JFTR, FAM and FAH), GSA City Pairs and the DoS’ specific travel policies.

• Educated and assisted travelers and travel arrangers on the Federal Travel Procedures related to reservations for air, hotel and vehicle; provided additional explanation on how the travel system interfaces with the financial system to obligate and dispensed reimbursement of travel expenses.

• Developed, analyzed and recommended key internal metrics for travel management practices, trends and results.

• Conducted weekly interface reporting on the DoS’ travel and financial systems, to track expenditures, perform audits and compile interface data analyses of travel obligations, travel advances, travel vouchers, rejected and unprocessed travel documents, reconciling the total spending between the Momentum and E2 Travel Solutions systems. Resolved rejected E2 documents that did not properly interface with the financial system and resubmitted for processing. Provided data/reports to management, verbally and in a statistical report. Collaborated with the E2’s Tier 3 and Dev Teams to resolve complex system functionality issues and outages; verified approval routing chains/flows; ensured E2 accounts were within the correct routing chain and routed to the appropriate authorizing officials.

• Completed A-123 audit requests on varying aspects of the DoS’ travel operations, to include travel order and vouchers financial data and the design processes. Composed Quality Work Instructions (QWIs) on how to correct, review and analyze, and process travel authorizations, advances and vouchers. Wrote and maintained technical procedures and documentation for the E2 application including operations, business processes and user guides.

• Performed document and system testing for new software releases, software updates, performance and functionality concerns and document resolutions. Key contributor in regular meetings with the DAA (Domestic Allotment Accounting) and CAA (Central Allotment Accounting) Teams in Charleston, SC, discussed issues that impacted the Department’s budget and document processes, that resulted in negative impacts to the bottom line and/or created a negative impact on production and disbursements.

• Performed analysis on business discord and business processes, to determine the trouble source and develop alternatives and options for resolve. Provided recommendations of alternatives and ensured compliance with Government policy. Worked with business owners, customers and developers to gather requirements, document business rules and coordinate implementation of upgrades and new functionality rollouts. 6 P a g e

Andrea Hicks

240-***-**** ************@*****.***

• Identified and developed intra-office policies, instructions, processes and procedures that addressed all aspects of business-related travel, from the initial request through its completion, ensuring compliance with Department and/or specialized requirements. Kept abreast of requirement changes for official travel taking place originating from localities outside of the assigned duty station, proactively initiating changes in policies, instructions, processes and procedures. Developed and maintained relevant travel documentation on Disaster Recovery, Country Clearances, Visas, Danger Pay, Unrest and general operations. Maintained system documentation and protocols to ensure that additions and modifications are thoroughly documented. Reviewed operating documentation on a bi- yearly basis to ensure accuracy and completeness.

• Provided advice, guidance and direction to carry out access control procedures, ensuring schedule attainment of projects. Resolved Tier 1, Tier 2 and escalation issues in accordance with the company's travel policies.

• Arranged and conducted periodic training sessions on the Department’s policies, business processes and procedures for travel operations; topics included the approval of official travel authorizations, post travel actions that should be completed upon return to the traveler’s primary work site and the time limit to initiate the submission of the travel voucher.

• Hosted a monthly Travel Users Group meeting, to enlighten and keep the DoS Travel Community abreast of current events, policy changes, vendor awards and the day-to-day operations on how to successfully remain in compliance across the board in all areas of Government Travel Operations in accordance with the Federal Travel Regulations (FTR, JFTR, DoS FAM and DoS FAH.)

• Trained and cross-trained new and junior staff on the E2 Travel Team’s daily operations and tasks to enhance their knowledge and strengthen their areas of expertise. Capitalized on coaching opportunities to educate clients and staff in the areas of Government travel operations. Senior Business Analyst

• Provided senior-level financial support on the Department’s financial system’s transactions, spanning billions of dollars, in accordance with the Department of States’ Standard Operating Procedures (SOPs) in the following areas, within Momentum: (1) obligating/de-obligating, accruing, costing and paying legally incurred and properly documented expenditures of funds and/or appropriations; (2) monitoring and reconciling accounts, ledgers and reports; (3) preparing financial reports, reviewing and interpreting reports for end users; (4) review a variety of data entries to transactions and provide interpretations and guidance on how to perform adjustments or corrections of daily activities including transfers, accruals, obligations and payments; and (5) year-end closing/reconciliation.

• Work closely with users to aid in solving a wide range of issues. These issues include account access complications, resolving travel and financial system document rejects, explaining the budget structure, explaining error messages and the root cause, and any other special research requested by users.

• Coordinate with users to run and schedule Data Warehouse reports that aid in the research of their issue. In doing so, exuded proficiency in managing the life-cycle of a reported issue, in which tracked in the Case Management System, a web-based application used to footprint incidents by pulling contact information from a database, gating details pertaining to a client’s issue, and maintaining documented communication.

• Identify and analyze travel and financial system falsities, diverse in nature, distinguishing between relevant and irrelevant information to make logical decisions; works with customers, escalation teams and the vendors to define and modify current procedures, to solve complex problems and provide stable solutions to individual and regional problems. Communicate resolution information verbally and in written narrative form, to convey findings and recommendations, documenting the details of an issue and troubleshooting steps taken in order to escalate the issue or document the identification and resolution, using the Case Remedy ticketing system to track and route problems and requests, and document solutions.

7 P a g e

Andrea Hicks

240-***-**** ************@*****.***

Competencies:

Accounting: Momentum Financial Systems (GFMS, Pegasys), Data Warehouse, Lawson, PeopleSoft, SAP, Salesforce.com, Cognos, Deltek, ERP Financials, Project Cost Accounting System, IBIS, IPP Hardware/Software: Laptops, Workstations, Modems, Memory, Printers, Scanners, Cisco Routers, Hubs, Servers, E2 Travel Solutions, GovTrip, Fed Travel, FedRooms, Travel Manager, Momentum Financial Systems, XE, Oanda, Exchange, MS Office Suite, McAfee, Norton, Acrobat, Remedy, Active Directory, ERP Financials, Cornerstone-SAP, Cognos, Salesforce.com, PeopleSoft, Citrix, Calyx Point, SecureCRT, Plus, AMS, Potter, PutTy, ITSM, SPLUNK, PingFederate

Environments, Tools & Programming Languages: Business Objects, Citrix, FoxPro, MS Outlook, Paradox, Remedy, CASE Remedy, NetCool, ITSM, RADAR, LDAP, RSA Archer, ServiceNow

Networks, Protocols & Operating Systems: Windows 9x, ME, NT, XP Professional, XP Media Center, Windows 2000/2003, RedHat Linux, RHEL7, UNIX, Windows 2007; LAN/WAN, TCP/IP, WINS, DNS, DHCP, TELNET, VPN, FTP, Ethernet, HTTP

Specialized Skills: White Glove customer service; financial system analysis, information system security; vulnerability management, collecting and organizing information;



Contact this candidate