Results-driven IT professional with notable success in planning, analysis, and implementation of security initiatives. Strengths in providing comprehensive security frameworks with expertise in risk management, unauthorized access, viruses and a wide range of vulnerabilities and threats. Skilled in managing internal vulnerability management program and identifying and executing action plans for vulnerability remediation. Knowledge of security tools, CSAM, NESSUS, WEBINSPECT AND DBPROTECT, technologies and best practices with more emphasis on FISMA/NIST. Years of experience in system security monitoring, auditing, evaluation, SA&A, Risk Assessment of General Support Systems (GSS) and Major Applications (MA) and a strong advocate of teamwork.
● Led security assessments of local and cloud systems to determine compliance with NIST 800-53A rev 4 requirements.
● Led kick-off and close-out meetings with various stakeholders.
● Managed project timelines for security assessment activities.
● Developed deliverables including Security Control Assessment Plan (SCAP), Prepared by Client (PBC) List, Rules of Engagement (ROE), Work Breakdown Structure (WBS), Security Assessment Report (SAR), Vulnerability Assessment Report (VAR) and other deliverables.
● Reviewed System Security Plans (SSP), Risk Assessment Reports (RAR), and Privacy Impact Assessments (PIA), policy and procedure documentation, Security Control Assessment Plans (SCAP), Plan of Actions and Milestones (POA&M) and Remediation Plans.
● Reviewed control tailoring to effectively safeguard sensitive data and validated those controls against NIST 800-53 rev 4, 800-37, 800-60, and FIPS 199/200 requirements.
● Interviewed subject matter experts (SMEs) to validate details of system documentation.
Conducted reviews of various security scan reports from Nessus, Web Inspect, Splunk and IBM BigFix tools and documented findings in vulnerability assessment reports.
● Supported ISSO in developing security certification and accreditation packages (SC & A) in order to secure an Authority to Operate (ATO) for systems under review.
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
Companies Worked For:
Job Titles Held: