Information Security Manager with 20+ Years in Federal Programs
Resume:
ANDREA BRANTLEY
Stephens City, Virginia ***** 703-***-**** **********@***.***
SUMMARY
Information Systems Security Manager with over 20 years of cybersecurity experience and more than 7 years leading security programs in federal environments. Expertise in developing risk-based governance frameworks, roadmaps, and RMF authorizations to support mergers and acquisitions and ensure continuous compliance. Skilled at guiding cross-functional teams through security strategy, policy development, and accreditation processes to maintain operational readiness.
EXPERTISE
•Technical Skills: Vulnerability Assessments, Secure Systems Engineering, Network Security, Monitoring & Incident Response, Disaster Recovery, Government Security Systems, Enterprise-Level Solutions
•Governance & Compliance: Risk Management Framework, Risk Management, Governance, Risk & Compliance, Certification & Compliance, GRC Tools
•Program Management: Expert Project Management, Resource Management, Security Program Management, KPI Development
•Leadership & Communication: Team Leadership, Coaching & Training, Communication and Collaboration, Client Relations, Presentations, Cross Functional Partnership, Executive Communication
•Strategic & Analytical: Strategic Planning, Strategic and Analytical Thinking, Data Analysis, Documentation & Review
PROFESSIONAL DEVELOPMENT
•Governance, Risk, and Compliance Certification (CGRC): 2012
•Federal IT Security Institute – Manager (FITSP-M): 2010
•Certified Secure System Lifecycle Professional (CSSLP): 2009
•Certified Information Security Manager (CISM): 2007
•Certified Information Systems Security Professional (CISSP): 2003
WORK EXPERIENCE
Department of Veterans Affairs
Information Systems Security Manager 2022 - Present
Lead role for the Veteran Experience Services (VES) Portfolio while developing, maintaining, and enforcing information security policies, standards and procedures across the VES Portfolio product lines. Ensures appropriate operational security posture is maintained for the information systems, applications, and product lines, while working in tight collaborations with the ISSO and ISO.
•Provided Veteran Experience Services (VES) Portfolio Assessment and Authorization activities cybersecurity support to system owners and Risk Management Framework system stewards, serving as security program manager to enhance cross functional partnership and coordinate with security and privacy architects.
•Successfully maintained the security posture of the VES product line environments by meeting regularly with ISOs, ISSOs, and developers, educating teams on products and applications, resulting in maintained ATOs and adaptive security posture through KPI development.
•Coordinated and implemented security program strategy aligned with enterprise standards, establishing KPIs to measure security performance across policies, standards, and processes.
•Maintained and ensured operational security posture for systems in a customized Risk Management Framework (RMF) to confirm that established security processes and procedures were followed.
•Conducted periodic reviews of information systems to ensure compliance with the security authorization package.
•Managed preparation and review of system documentation, Assessment and Authorization (A&A) artifacts to include Systems Security Plans (SSPs), architecture diagrams, contingency plan, incident response plan, and other artifacts.
•Supported programmatic initiatives and risk management review boards, delivering executive communication on security outcomes.
SAIC
Veterans Relationship Management 2010 - 2022
Includes progression in oversight and leadership in the same contract, eventually assuming a new position with greater responsibilities.
•Led security program management for two new VRM environments with multiple applications, defining roadmaps and KPIs, resulting in successful ATOs and continuous monitoring readiness.
•Transformed a new contract, with no ISSP, into a thriving VRM security team by writing job descriptions, hiring individuals for the team, providing training, and securing additional positions – leading to a promotion to ISSM.
NRC SLES Certification & Accreditation Lead 2009 - 2010
First position with SAIC, facilitating Certification and Accreditation managerial support to the U.S. Nuclear Regulatory Commission, Office of Nuclear Security and Incident Response/Safeguards Information LAN and Electronic Safe (SLES).
•Revamped SLES A&A package from scratch, resulting in a successful ATO award with improved compliance and minimal deficiencies.
•Worked closely with the NRC stakeholders and NSIR/SLES team to ensure NSIR/SLES systems were correctly vetted within the Nuclear Regulatory Commission HQ users, as well as regional and offsite users.
•Expertly coordinated security-related activities through the NSIR PM and Federal Information Security Management Act (FISMA)
Compliance and Oversight Team, CSO.
•Ensured that changes to SLES met all information technology security requirements for recertifying and accrediting the system;
ensured the SLES infrastructure architecture met security technical configuration standards before implementation.
Compumatics Group
Principal Consultant /Senior InfoSec Engineer Vienna, Virginia · 2004 - 2009
Successfully provided and maintained information assurance for National Security Applications and Engineering Division (AED). Led system and software developers in designing, developing, and implementing secure operating systems, networks, and database products.
•Oversaw AED ATO projects, led meetings, and worked with O&M contractors to successfully obtain ATOs and maintain security
boundaries, resulting in a 100% success rate for the team's security impact analyses and major changes.
•Directed organizations within the Architecture/Engineering Division (AED) in the successful completion of legacy and emerging
Certification and Accreditation systems and processes.
•Ensured and maintained full-life cycle management and engineering support to Architecture/Engineering Division (AED), including
requirements analysis, technology assessments, implementation and continuing assessments.
NETSEC
Senior Security Engineer Herndon, Virginia · 2002 - 2004
Gained valuable experience in Security, leading INFOSEC engineering and analysis efforts for the Intelink Management Office,
providing ongoing deliveries of national security projects.
•Worked closely with the NETSEC Security Team to develop multiple, new ATO packages for applications in a government customer
environment; ATOs were granted for all systems/applications, to acclaim from all stakeholders.
•Analyzed Intelink enterprise system security plans, policies, and guidelines, while observing DCID 6/3, NSA and NIST guidelines.
•Expertly compiled and translated national security requirements into system security documentation.
•Coordinated with Engineers and Systems Administrators to develop and implement system security solutions.
Symantec Corporation
Senior Systems Engineer
Reston, VA
Galaxy Computer Service, Inc.
System Engineer
Manassas, VA
TASC and Trident Data Systems
Network-System Administrator/Team Lead
United States Army
System Administrator/Network Operations
EDUCATION
University of Maryland, European Division
Bachelor of Science, Information Systems
Contact this candidate