Post Job Free
Sign in

Federal IT Audit & RMF Security Specialist

Location:
Houston, TX
Salary:
$120000/yr
Posted:
July 10, 2026

Contact this candidate

Resume:

ROWLAND PRINCE JOHNSON

Houston, Texas, ***** 346-***-**** **************@*****.***

Active Secret Clearance

Pro-active and results-oriented IT Audit professional with broad experience in all aspects of Audit. Analyzes security issues, determines cause and impact, and identifies the corrective action needed to eliminate and prevent the event from happening in the future. An adept Information Systems Security Engineer (ISSE) and Information Systems Security Officer (ISSO) with experiences in Risk Management Framework (RMF) processes; Development of the System Categorization using NIST SP 800-60 & FIPS 199; Development of the PTA (Privacy Threshold Analysis) PIA (Privacy Impact Analysis); Development of the Electronic Authentication (e-Authentication); Selection /Development of the System Security Control using NIST SP 800-53 Rev-5 & FIPS 200; Implementation of the System Security Controls; Development of the System Security Plan (SSP) using NIST SP 800-18 & NIST SP 800-53 Rev 5; Development of the Change Control Board (CCB); Development of the Contingency Plan (CP); Development of the Contingency Plan Test (CPT) using NIST SP 800-34 & Table Top Exercise; Assessment of the System Security Controls; Penetrating Testing (Pen Testing) & Vulnerability scanning; Development of the Security Assessment Plan (SAP) using NIST SP 800- 53A Rev 4/5; Development of the Security Assessment Report (SAR) using NIST SP 800-53A Rev 4; Development of the Plan Of Action & Milestone (POA&M); Risk Assessment Report (RAR).

CORE COMPETENCIES

Federal Information Security

Security Best Practice Validation

Big IS/Data Environments

Cyber Security Assessment & Management

(CSAM)

Federal Information Security Management Act (FISMA)

NIST Special Publications (NIST SP)

Plan of Action & Milestone (POA&M)

Certification & Accreditation (C&A)

Risk Management Framework (RMF)

Security Plan (SP)

Security Assessment Report (SAR)

Supply Chain Risk Management (SCRM)

MITRE ATT&CK Framework

OWASP Top 10

Cyber Threat Kill Chain

HITRUST

Continuous Monitoring (CM)

Security Categorization (SC)

DISA STIGs

Cloud Computing

HIPAA

ISO27000

DHS 4300A, CBP HB 1400-05D

Incident Response & Contingency Planning

CORE COMPETENCIES

Federal Vulnerability Remediation Asset Manager (VRAM)

Enterprise Mission Assurance Support Service (eMASS)

Team Foundation Server

CSAM

SCAP Tools

SQL Language

Nessus Tenable. Sc

WebInspect

Splunk

HP Fortify

STIGs Viewer

Assured Compliance Assessment Solution (ACAS)

WORK EXPERIENCE

INFORMATION SYSTEM SECURITY OFFICER (ISSO) SEP 2021 – PRESENT

DEPARTMENT OF HOMELAND SECURITY

Lead and conduct Pre-Security Assessment and Authorization (A&A) activities, including stakeholder identification, change

request submissions, appointment memorandums, and IT Security Kickoff meetings.

Support the ISBO in day-to-day IT security operations and coordination activities.

Assist with reviewing the system security posture and report findings to the ISBO, CISO, and Authorizing Official (AO).

Perform Information System Categorization by identifying information types and completing FIPS-199 assessments.

Facilitate and support Business Impact Analyses (BIA), Privacy Threshold Analyses (PTA), and Privacy Impact Assessments (PIA).

Develop, maintain, and update system security documentation, including SSP, SAR, IRP, ITCP, CMP, ISCM Plan, and System Administration Plan.

Coordinate initial and annual IT Contingency Plan (ITCP) testing in collaboration with the OCIO BCDR office.

Develop and manage inter-agency security documentation, including MOUs, MOAs, ISAs, IT Security Waivers, and Risk Acceptance Memorandums.

Document and maintain security control implementation details, ensuring updates are performed at required intervals.

Coordinate vulnerability and compliance scans and support Security Control Assessments (SCA).

Track remediation activities and manage Plans of Action and Milestones (POA&Ms), submitting completed items for closure.

Prepare and present Security Assessment Reports (SARs) to support ATO issuance or renewal.

Perform Information Security Continuous Monitoring (ISCM) activities to maintain ongoing system compliance.

Develop and manage A&A project schedules, including milestones, dependencies, and resource coordination.

Determine baseline security requirements, identify system boundaries, and implement controls based on FIPS categorization.

Ensure IT systems are operated, maintained, and disposed of in accordance with internal security policies and standards.

Enforce security policies and safeguards for all personnel with access to assigned IT systems.

Verify that users and system support personnel have appropriate authorization, need-to-know, and required training prior to system access.

Document security control implementation and risk assessments in the client’s GRC tool per established directives.

Monitor and review system security and audit logs.

Update A&A documentation and artifacts on a recurring basis and following approved system changes

INFORMATION SYSTEMS SECURITY OFFICER (ISSO) FEB 2014 – AUG 2021

COMPQSOFT, INC

DEPARTMENT OF DEFENSE US NAVY/SUBMEPP

Analyze and update System Security Plan (S.S.P.), Risk Assessment (R.A.), Privacy Threshold Assessment (P.T.A.), Privacy Impact Assessment (P.I.A.), Contingency Plan (C.P.), FIPS 199, Contingency Plan Test (C.P.T.), System Security Test and Evaluation (ST&E), Security

Assessment Reports (S.A.R.) and the Plan of Actions and Milestones (POA&Ms)

Assist System Owners and ISSO in preparing Assessment and Authorization (A&A) packages for the company's I.T. systems, making sure that management, operational, and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4

Manage the A.T.O. timeline/ schedule and keep the team on the schedule

Experience managing the A.T.O. process (all steps)

Designate systems and categorize their Confidentiality, Integrity, and Availability (C.I.A) using FIPS 199 and NIST SP 800-60

Conduct Self-Annual Assessment (NIST SP 800-53A)

Effectively interact with the client and educate the client on the A.T.O. process

Perform Vulnerability Assessment. Make sure that risks are assessed, evaluated, and proper action has been taken to limit their impact on the Information and Information Systems

Create standard templates for required Security Assessment and Authorization (SA&A) documents, including Risk Assessments, Security Plans, Security Assessment Plans and Reports, Contingency Plans, and Security Authorization Packages

Support NIST Risk Management Framework (R.M.F.) based Assessment and Authorization (A&A) activities.

Monitor and prepare required actions and documents about the A&A of the system throughout its lifecycle, including security evaluation findings and residual risks.

Conduct comprehensive reviews of security authorization documents to ensure the appropriate NIST security guidelines were used during the assessments and select security controls relevant to the confidentiality, integrity, and availability of the systems.

Review and process Interconnection Security Agreements (I.S.A.s), Policy Waivers, Approval to Test (ATT), and Interim Approval to Operate (IATO) documents.

Review I.S. security plans and other A&A documents for all applications to determine if the organization's mandated procedures and tasks are followed.

Assist the Government in preparing a written justification, when appropriate, to obtain a written waiver of policy for the mandated security feature

JR. DATABASE ADMINISTRATOR JAN 2011 – FEB 2014

RISGROUP, INC

Monitored and ensured the database was OFA-compliant and optimized for performance.

Supported the creation of databases, tablespace, tables, indexes, and other database objects.

Supported performance tuning exercises, database security as well as RMAN backups.

Helped in designing and implementing backup strategies for the department, using utilities like a Data

pump for supplementation.

Worked heavily in test and dev environments; Created and maintained multiple Test and

Development databases for various application testing.

Shadowed senior DBAs in migrating various Oracle versions from Windows to the Linux platform.

Helped in developing database-related policies, standards, naming conventions, operating procedures,

and best practices that support the organization’s operational requirements.

Monitored user sessions and helped in workload management tasks.

EDUCATION

Master of Science (Information Technology Education)

University of Education, Ghana

Master of Business Administration (Organizational Behavior)

University of Ghana

Relevant coursework: Cybersecurity Policy & Governance, Incident Response & Recovery

CERTIFICATIONS

ISACA, USA: Certified Information Security Manager (CISM)

CompTIA: Security+

Microsoft Certified: Azure Security Engineer Associate



Contact this candidate