IT Security Specialist Resume Example

Develop, implement, test and review an organization's information security,
Protect medical device information and prevent unauthorized access.
• Provided input to and draft cyber security documentation and carry out activities leading to security certification and accreditation of medical equipment information systems and devices.
• Obtained information regarding medical device security from medical device manufacturers to support the RMF process.
• Selected the appropriate security control baseline for medical technologies using NIST 800-53 r4.
• Categorized the information system using FIPS and NIST 800-60
• Performed the A&A process following NIST 800-37 as a guide.
• Assembled cyber security documentation and/or packages for medical devices and submit them for consideration and approval.
• Keep abreast of DoD and Navy IT and cyber security policy changes and how they affect medical technology procurement and deployment.
• Performed the implementation phase of RMF and System Level Continues Monitoring Strategy (SLCMS)
• Developed a Detailed Architecture Diagram (DAD) depicting the information system to be Assess and Authorized (A&A)
• Analyzed Security Technical Implementation Guide (STIGs), security content Automated Protocol (SCAP) and Assured Compliance Assessment Solution of Nessus scanning results.
• Produced Nessus and SCAP scans for the information system been assess and Authorize, analyst all noted vulnerabilities from the scan results.
• Performed self-assessment on the information system by evaluating the scans results and fix any early vulnerabilities noticed before the actual IV&V testing takes place

• Developed Security Assessment Report (SAR) detailing the results of the assessment along with a plan of action and milestones (POA&M) to the Designated Authorizing official to obtain the Authorization to Operate (ATO).
• Conducted a review of the plan of action and milestone (POA&M) process to ensure corrective actions and timely mitigation of the vulnerabilities.
• Supported the Information System Security Officer (ISSO) and collaborated with the system's Information System Owner (ISO)
• Reviewed the system security plan for the security controls put in place or planned
• Collected and validate artifacts from the system owner to support quality information system audit and review.
• Performed Security control assessment (SCA) using NIST 800-53Arev1 per NIST, FISMA standard and guidelines.
• Prepared Security Assessment and Authorization (SA&A) packages to ensure that management, operational and technical security controls adhere to NIST SP 800-53 standards.
• Reviewed organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance following NIST standard guidelines.
• Monitored security controls post authorization to ensure continuous compliance with the security requirements.
• Ensured all POA&M actions are completed and tested in a timely fashion to meet client deadlines.
• Monitored controls post authorization to ensure continuous compliance in accordance with FISMA guidelines
• Developed and conducted SCA (Security Control Assessment) according to NIST SP 800-53A to assess the adequacy of management, operational privacy, and technical security controls implemented