information systems security officer isso resume example with 7+ years of experience

Jessica Claire
  • , , 609 Johnson Ave., 49204, Tulsa, OK 100 Montgomery St. 10th Floor
  • Home: (555) 432-1000
  • Cell:
  • :

Information Security Analyst with passion for aligning security architecture plans and processes with security standards and business goals. Extensive experience developing and testing security framework for all system/application or environment in a growth-oriented organization with focus on conducting security control assessments for Federal and Non-Federal Organizations using NIST SP 800-53 Rev4 and NIST documentation Series. Knowledge and management of Federal Government C&A practices and policies, particularly FISMA, Fed Ramp NIST SP 800-53, 800-171 and ability to analyze technical outputs and recommend process improvements at an enterprise level and testing of Security controls and and security framework. Authorized to work in the US for any employer.

  • NIST SP 800-60
  • FIPS
  • NIST 800-53 rev 4 & rev 5
  • Risk Management Framework (RMF)
  • FedRAMP
  • Cloud AWS
  • Certification and Accreditation(A&A)
  • Risk assessment(RA)
  • Contingency Planning(CP)
  • Incident Response(IR)
  • Disaster/ Recovery Response Plan
  • Security Impact Analysis(SIA)
  • Privacy Threshold Analysis( PTA)
  • Privacy Impact Assessments(PIA)
  • System Security Plan(SSP)
  • Security Audits(SA).
  • ISO 27001
  • Vendor Risk Assessment
  • Knowledge of Cybersecurity Maturity Model Certification (CMMC)
  • HIPAA Security and Privacy controls.
  • Plan of Actions & Milestones (POA&M)
  • Vulnerability scanning tools ( Nessus, Splunk, Synack).
  • Continuous Monitoring
  • Zscaler zero trust
  • Excellent analytical and problem-solving abilities to identify and fix security risks.
Information Systems Security Officer (ISSO), 05/2022 to Current
Bae SystemsChantilly, VA,
  • Working knowledge of NIST SP 800-37, SP 800-39, SP 800-53, SP 800-53A, SP 800-34, SP 800-18, SP 800-128 during documentation, review and update.
  • Reviewed and updated System Security Plan (SSP) using SP 800-18 guidelines.
  • Reviewed and updated Risk Assessment (RA) using NIST SP 800-30 guidelines.
  • Reviewed and updated Contingency Plan (CP) using NIST SP 800-34 guidelines.
  • Reviewed and updated documentation for SOPs & Audit artifacts
  • Performed Information Systems Security Audits and Certification and Accreditation (C&A) Test Team efforts.
  • Tracked vulnerabilities from identification to remediation and verification.
  • Performed Security Impact Analysis (SIAs) for all proposed changes to production environments and provided guidance/approvals for requested changes to the application/system.
  • Provide support for project/workstream management activities.
  • Implemented NIST 800-53 r5 security and privacy controls in compliance with FISMA, HIPAA, and FedRAMP.
  • Execution of Contingency Plan testing (CPT), Incident Response (IR) testing, and post-testing documentation.
  • Serve as a trusted information security analyst to the government clients
  • Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.
  • Planned and implement updates to System Security Plans (SSPs), Information Security Risk Assessments (IS RAs), Privacy Threshold Analysis (PTA), Privacy Impact Assessments (PIAs) and other security artifacts for the program.
  • Work with technical team to document requirements and test plans and coordinate deployment activities.
  • IT security policy and procedure development, update and review, and response to an audit request or audit support/coordination
  • Coordinated system security audits with the audit team and penetration testing with internal and external assessors for each COTS product and System maintained as part of the Enterprise.
  • Collected and managed all appropriate artifacts required to demonstrate security control compliance.
  • Documented risks and monitor remediation.
  • Performed risk assessments to help create optimal prevention and management plans.
  • Managed POA&M process for designated IT systems and provided timely detection, identification, and alerting of non-compliance issues.
  • Planned, developed, implemented, and maintained programs, polices, and procedures to protect the integrity and confidentiality of systems.
  • In-depth knowledge of penetration testing and intrusion detection on systems.
  • Audited networks and security systems to identify vulnerabilities.
  • Prepared and implemented Assessment and Authorization (A&A) documents and procedures.
  • Reviewed and creation of mitigation reports from compliance and vulnerability scanning tools (Nessus, Synack and other tools ).
  • Analyzed system risk to identify and implement appropriate security countermeasures.
  • Minimized risk of damage from security breaches by putting business continuity or disaster recovery plans in place.
  • Applied cybersecurity policy and procedures to systems and networking in an Enterprise environment in order to review controls and package artifacts for validity.
Information Security Analyst, 07/2018 to 05/2022
BrenntagBakersfield, CA,

Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).

  • Performed assessments of systems and networks within the networking environment and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations and periodic audits.
  • Document the results of Certification and Accreditation(C&A) activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M
  • Investigate suspicious activity and collaborate with other technology associates to fully secure confidential information and systems as assigned.
  • Performed onsite analysis, diagnosis and resolution of hardware for end users and provide recommendations and implement solutions.
  • Assisted System Owners and ISSO in preparing certification and Accreditation package for company's IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4.
  • Performed Vulnerability Assessment. Made sure that risks are assessed, evaluated and proper actions had been taken to limit their impact on the information and information Systems.
  • Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.
  • Conducted I.T controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard.
  • IT security policy and procedure development, update and review, and response to an audit request or audit support/coordination.
  • Support the development, documentation and management of security control plans that include IT security measures to attain and maintain compliance with various regulatory requirements, including but not limited to CMMC, NIST, FIPS, HIPAA, etc.
  • Manage the day-to-day operations of the data privacy program, including incident response(IR), drafting privacy impact assessments(PIA), and managing data subject access requests.
  • Conduct Assessment & Authorization (A&A) Kick-off Meetings.
  • Review system security plan (SSP) for accuracy and completeness.
  • Coordinate and work with program management office to support project planning activities, including drafting, and maintaining robust project plans, documenting decisions and dependencies, and spotting and remediating potential gaps and weaknesses in program controls.
  • Assist with routine compliance and audit functions to ensure regulatory scanning requirements are satisfied
  • Identified and enhanced forward continuous process improvement opportunities.
  • Ensured accuracy of policies, procedures, and transaction documentation.
  • Worked with third party contacts and network supply teams as necessary to resolve transaction discrepancies in a timely manner.
  • Evaluate the effectiveness of compliance policies, procedures, and processes, systems, and controls.
  • Review completed documentation for completeness, accuracy, and quality.
Jr. Security Analyst|, 04/2015 to 04/2018
BrenntagBedford, TX,
  • Updated Assessment and Authorization(A&A) packages for systems, making sure that management, operational and technical security controls adhere to formal and well-established security requirements authorized by NIST SP 800-53 Rev 4.
  • · Initiated kick-off meetings to collect system information to assist in the categorization phase using FIPS 199 and NIST SP 800-60.
  • Tracked vulnerabilities from identification to remediation and verification.
  • Assisted the POA&M process for designated IT systems and provided timely detection, identification, and alerting of non-compliance issues.
  • Responsible for Information System Security policies, reviews, and updates.
  • Performed risk assessment analysis to support certification and accreditation.
  • Tracked, monitored, and documented compliance of security policies and procedures.
  • · Assisted with security assessments, investigations, and reports
Information Security Analyst, 01/2015 to 02/2015
Boltos SolutionsCity, STATE,
  • Reviewed violations of computer security procedures and developed mitigation plans.
  • Recommend improvements in security systems and procedures.
  • Supporting the A&A of the government environment, by providing guidance to, and coordinating the efforts of, relevant system operators across the environment
  • Provide technical knowledge and analysis of client systems in tactical operational environments, high-level functional systems analysis, and design integration, documentation, and implementation advice on exceptionally complex problems requiring extensive knowledge of the subject matter for effective implementation
  • Development and existing assessment and accreditation (A&A) packages identified by the government.
  • Support major portions of large or medium projects, including A&A efforts. Gather facts through research, interviewing, and surveys.
  • Analyze the client's business, draw conclusions, prepare final reports, and give presentations. Interface with project managers, software developers, and other technical and functional support staff.
  • Use In-depth consultative expertise and business knowledge to practice business objectives and processes
  • Serves as the team member supporting the analysis of general network technical problems, and providing recommendations and technical support in solving these problems
  • Worked with these internal customers to respond to escalations
  • Develop and maintain relationships with internal and external customers to formulate information security governance solutions for Company.
  • Worked with stakeholders and manage project teams (internally) and/or externally.
Education and Training
No Degree: Certificate in Business Analytics, Expected in 10/2020 to Harvard University - Cambridge, MA,
Bachelor of Science: Business Administration And Management, Expected in 12/2013 to University of Phoenix - Phoenix, AZ,
Associate of Applied Science: General Studies, Expected in 12/2009 to Prince Georges Community College - Largo, MD,
  • Completed the A&A process ahead of scheduled and minimized the systems vulnerability through implementation of security solutions and safeguards tailored to the clients environment.

  • CompTIA Security+
  • CISA - Certified Information Systems Auditor-In Progress

Additional Information

Training attended:

  • Certified in Information System Audits Training- CISA (Udemy)
  • Information Technology and Quality Assures(Attach Academy)

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • Harvard University
  • University of Phoenix
  • Prince Georges Community College

Job Titles Held:

  • Information Systems Security Officer (ISSO)
  • Information Security Analyst
  • Jr. Security Analyst|
  • Information Security Analyst


  • No Degree
  • Bachelor of Science
  • Associate of Applied Science

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: