SEARCH

Information Systems Security Officer Resume Example

Resume Score: 80%

Love this resume?Build Your Own Now
INFORMATION SYSTEMS SECURITY OFFICER
Professional Summary

Highly motivated, self-paced Information System Security professional with over 4 years years of progressive experience in Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), and Vulnerabilities Management using Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS), Applicable NIST standards and and guidance . Demonstrated skill identifying business risks and compliance issues and designing proactive solutions.

Skills
  • Developing Security Plans
  • Security Documentation Specialist
  • Gap Analysis
  • Business Impact Analysis
  • Information System Security Management
  • Vulnerability Assessment and Management
  • Team Player
  • Risk Assessment and Management Framework
  • Problem-Solving Skills
  • Quality Assurance and Testing Skills
  • Project Management and Support
  • System Operation Support
  • Communication Skills
  • System Development Lifecycle (SDLC)
  • Security Life Cycle Management
  • Regulatory Compliance and Standards related to NIST, OMB, FISMA and FedRAMP
Work History
Information Systems Security Officer, 02/2017 to Current
Company NameCity, State
  • Implement Risk Management Framework (RMF) in accordance with NIST SP 800-37
  • Coordinated with System Owners to categorize information system into Low, Moderate and High using FIPS 199 and NIST 800-60 as a supplemental guidance
  • Selected system security controls based on the categorization using FIPS 200 and NIST 800-53 as a supplemental guidance.
  • Manage the Assessment and Authorization of Five (5) systems.
  • Ensure security policies, procedures and recommendations comply with FISMA, NIST, Organizational guidelines and technical best practices.
  • Developed, reviewed, and updated Information Security System Policies, System Security Plans, and Security baselines in accordance with NIST, FISMA, OMB App. III A-130 and industry best security practices. Applied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53, FIPS 199, FIPS 200 and OMB A-130 Appendix III.
  • Develop a variety of Assessment & Authorization deliverables including; System Security Plan (SSP), Security Assessment Report (SAR), Contingency Plan (CP) and Continuous Monitoring Plan for review and approval for Authorization Official.
  • Led team to prepare, collate, remediate and validate security artifacts in order to pass ATO audits
  • Created and updated other documents such as System Categorization (FIPS199), Audit Policy and Procedure, Incidence Response Plan (IRP), ISCP/IRP After Action Report, Media Protection yearly before Re-Authorization of the systems or whenever there are changes to the systems.
  • Responsible for reviewing documents from the assessors such as Executive Summary, Risk Assessment Report (RAR), Security Assessment Plan (SAP), Status Report and Ongoing Authorization Document.
  • Develop Plan of Action and Milestones (POA&M) for identified vulnerabilities and ensure compliance and remediation through monthly updates.
  • Prepare quarterly POA&Ms documents and ensure they are signed by the System Owners.
  • Provide ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, and FISMA.
  • Manage all phases of software development lifecycle to include analysis, design,development and testing while maintaining appropriate controls.
  • Manage change control to ensure the integrity of the solutions deployed and prevent unauthorized changes.
  • Ensure alignment between information security program and other business functions to support integration with business processes.
  • Ensure that risk assessments, vulnerability assessments and threat analysis are conducted periodically and consistently to identify risks.
  • Present identified risks to system Stakeholders and ISSM monthly to ensure the timely remediation.
  • Provide ongoing Continuous Monitoring to assigned systems using Nessus, IBM BigFix, Solarwinds, DBProtect, WebInspect and Netsparker.
  • Create and manage security and awareness oversight and training as required.
  • Create business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies.
  • Assisting System Owners in establishing and implementing the required security safeguards to protect computer hardware, software, and data from improper use or abuse.
  • Fostering communication and collaboration among system stakeholders to share knowledge and to better understand threats to information.
  • Responsible for preparing the Risk Acceptance Memo(RAM) and ensure that it is signed by the System Owner and the Authorizing Official
  • Generated, reviewed and submitted system security package to FedRAMP for systems hosted in a cloud environment.
  • Reviewed scan reports identified critical vulnerabilities and coordinated with system owners to remediate vulnerabilities.

·

Information Security Analyst, 04/2014 to 02/2017
Company NameCity, State
  • Led Kick-off and on-going meetings.
  • Coordinated with System Owners to determine system categorization.
  • Conduct Information System Risk Assessment (ISRA) to identify system threats, vulnerabilities and risk, and generate reports.
  • Develop Contingency Plan (CP) for information systems.
  • Develop Continuous Monitoring Plan (CMP) for information systems.
  • Participate in product design reviews to provide input on security requirements and potential problems or areas of vulnerabilities.
  • Recreate standard templates for required security assessment and authorization documents; Risk Assessment (RA), System Security Plan (SSP), Contingency Plan (CP) and Security Plan (SP).
  • Apply appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53, FIPS 199, FIPS 200, NIST SP 800-53A rev4 and ARS 3.1
  • Assess security controls and develop Security Assessment Report (SAR).
  • Ensure cyber security policies are adhered to and that required controls are implemented.
  • Developed Certification and Accreditation (C&A) artifacts and system security documentation
  • Review security logs to ensure compliance with policies and procedures and identifies potential anomalies.
  • Assisted Organization's Business Development (BD) team in writing security portion of business proposals.
  • Gathered data for Contingency Plan Table Top Exercise (CP TT&E) and prepared the After-Action Reports (AAR).
  • Develop Security Control Assessment Report (SAR) containing passed and failed controls with source and comments for each control.
  • Facilitate kickoff meetings as well as briefing meetings with system stakeholders throughout the IT Security Control Assessment process.
  • Develop Security Assessment Plan (SAP) and Conducted Security Test and Evaluation (ST&E) according to NIST SP 800-53A.
  • Review penetration test reports for control deficiencies: internal external penetration testing, network and application (including web application) penetration testing, social engineering.
  • Manage vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network.
  • Performed vulnerability assessments to identify residual risk and determine corrective actions to mitigate known vulnerabilities to limit impact.
  • Assisted with Updating and reviewing A&A Packages which include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 199, POA&M, and more
  • Provided security support in order to integrate information assurance/security throughout the System Life Cycle Development of major and minor application releases.
Business Analyst/Test Analyst, 01/2011 to 04/2014
Company NameCity, State
  • Elicit requirements using interviews, document analysis, requirement workshop and workflow/process analysis and translating them into user stories to give a clear detailed and complete understanding of project deliverables
  • Acted as a liaison between business and technical teams to obtain a detailed business and functional requirements that will make system development easier for the technical team.
  • Used Agile techniques including daily standup, continuous integration using, Agile Craft, and Test Driven Development (TDD) to ensure smooth functionality of the Legacy Suite
  • Maintains the product backlog and acts as a proxy product owner in generating user stories, acceptance criteria and test cases.
  • Participated in the development and grooming of product backlog stories by breaking down large and complex user stories into small prioritized form
  • Assisted in developing test plans, test cases, User Acceptance Testing (UAT), manual testing and trained end-users.
  • Provide Production Support by acknowledging tickets and resolving users' issues
  • Participated in sprint planning, daily stand up and sprint retrospective meetings
  • Works with the team to prioritize backlog and assist in release and sprint planning activities.
  • Obtains feedback from the stakeholders during sprint demonstrations and adjusts user stories to meet these needs.
  • Responsible for creating and updating daily sprint burn down chart to graphically represent the task versus the effort needed to complete the task
  • Proactively communicate and collaborate with external and internal customers to analyze business needs and functional requirements in order to deliver the required artifacts as needed.
  • Utilize MS Visio to create various flow charts, use case and sequence diagrams, detailing the various actors and how they interact with the system to achieve a goal.
  • Collaborate with developers and Subject Matter Experts (SME) to analyze tradeoffs between usability and performance needs.
  • Administer Software Change Request Process (SCR) by conducting an impact analysis for managing all software change requests effectively.
  • Support configuration management team with software release information or enhancements and maintain all project artifacts.
  • Assist in developing test plans, test cases for sprint stories and coordinated user acceptance testing(UAT) to ensure that the implementation meet the requirements and assist in tracking defects
Education
Bachelor of Science: English Language And Literature, 02/2009
University Of Ado Ekiti - City
Certifications/Training

· CompTia Advance Security Practitioner (CASP+)

· Certified Data Privacy Solutions Engineer (CDPSE)

· Certified Scrum Master (CSM)

· FedRAMP Information System Security Officer (ISSO) Training

Build Your Own Now

DISCLAIMER

Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.

Resume Overview

School Attended

  • University Of Ado Ekiti

Job Titles Held:

  • Information Systems Security Officer
  • Information Security Analyst
  • Business Analyst/Test Analyst

Degrees

  • Bachelor of Science : English Language And Literature , 02/2009

Similar Resumes

View All
Information-Systems-Security-Officer-resume-sample

Information Systems Security Officer

Reisterstown, Maryland