| 20,000+ Fresh Resumes Monthly | |
|
|
| | Click here or scroll down to respond to this candidateValery Oben, US Citizen, Secret ClearanceCISA, CISM, CSM, Security +, CISSP in progressNorth Ridge RD, Ellicott City, Maryland Street Address PHONE NUMBER AVAILABLE EMAIL AVAILABLEProfessional ExperienceNational Oceanic and Atmospheric Administration/National Ocean Service/ Center for Operational and Oceanographic Products and Services Program, Silver Spring, MD May 2018- Present Job Title: Information Systems Security OfficerWork hours: 40 Hours/WeekOversaw and supported a 24x7 organization that provides critical real time mission essential function that ensured the safety of the nations coast, protection of life and property and blue economy. He oversaw staff in the areas of Helpdesk and Operational Support, Network and Security Architecture, and Software/Application Development support teams. Developed all the policies, processes, and associated documentation to transition to the Risk Management Framework and the 800-53 rev4. Developed strategic plans for Information systems division in alignment with CO-OPS strategic direction and Annual Operational Plan (AOP) milestones. Oversaw CO-OPS shared services provided to other program offices i.e. Azure Cloud provisioning, Infrastructure Support, IT Security and Help desk services. Developed diversity initiatives and training for the division in support of diversity and inclusion initiatives. Developed spending plans and ensure timely execution of IT budget and other grant funding. Managed resource and capacity planning for organizational IT projects Ensured that staff is maintaining the 24/7 real-time operational environment, which includes operations of cloud and on-premises relational database and Linux web servers, monitor LAN/WAN performance. Created a positive and productive work environment for team and team leads. Oversaw twenty-five contractor staff to ensure work products are delivered in a timely manner to meet mission objectives. Approved all IT purchases and acquisitions in CBS and Comparison Suite i.e. services, equipment, software, and hardware. Provided training, guidance and mentorship to direct reports and other employees within Program office and NOAA. Resolved employee disputes/conduct issues; engage when needed with workforce management office for disciplinary actions. Worked with senior management to determine scope of projects to determine resource allocations and deliverables. Implemented 508 Compliance Working group to determine methodology to meet organizational objectives. Worked with Work Force Management Office to develop position announcements for all federal IT hiring actions. Interviewed and hired federal staff for open vacancies. Managed all aspects of the PORTS and NWLON OMB 300 Investment via e-CPIC and serve as the Federal Program Manager for CO-OPS in compliance with the Clinger-Cohen Act of 1996 Valery Oben, CISA, CISM, CSM, SEC+2 Coordinated activities during planned and unplanned operational IT outages, includes weekend and holidays and report status of resumption activities to senior management. Developed project plans for internal divisional initiatives and ensured completion. Oversaw the software and changed control board to ensure changes are documented and implemented. Developed PWS for IT acquisitions and served on technical review boards. Oversaw the enterprise technical review board to ensure all infrastructure, network, and security changes are managed and approved. Advised on IT Security risks and issues to IT Program with Senior Management Reviewed and provided feedback on IT Security POA&M and vulnerability status. Coordinated and addressed resolution to escalated IT issues and concerns throughout organization. Oversaw training and development of IT Staff regarding system development lifecycle and project management lifecycle.Federal Student Aid (FSA), Washington, DC February 2016 May 2018 Knight Federal INC Job Title: Information System Security Manager Office of the Chief Information Officer Work hours: 40 Hours/WeekSuccessfully, developed and created the Enterprise-Wide Information Assurance department at FSA in compliance with FISMA. Developed all the policies, processes, and associated documentation to transition to the Risk Management Framework and the 800-53 rev4. Managed and trained government and contractor Information System Security Officers (ISSO) Served on Technical Review Board for Source Selection Process for agency security acquisitions. Assisted in the writing of Statements of Work and Task Orders Served as mentor to government staff. Served as advisor to Chief Information Security Officer and serve as Acting CISO during absences. Interviewed and recommend hire contractor and government candidates. Developed position requirements, qualifications, and duties and recommended selection of candidates. Provided input into contractor and government performance evaluations. Managed and delegated contractor and government resources to ensure on time completion of tasks. Established Risk Management Framework and Continuous Monitoring Program Oversaw Continuous Monitoring efforts for enterprise-wide systems. Assisted team with the technical understanding of network and infrastructure systems and applications. Managed Risk Assessment team and deliverables Provided reports on state of security project based on disparate inputs internal and external information. Developed IT governance, risk and compliance strategy and policy Assisted in the development of network security architecture and security policies for cloud computing efforts. Presented and developed material for IT security brownbag and ISSO training sessions. Managed several IT security cloud projects (FEDRAMP) Responsible for approving Security Assessment & Authorization (A&A) package submissions Valery Oben, CISA, CISM, CSM, SEC+3 Served as a voting member at the technical and change management review boards. Provided quality assurance, collaborated on critical IT projects to ensure that security issues are addressed. Advised senior management including CIO on several FSA cloud initiatives. Obtained concurrence and approval from CISO on governance strategy and policy. Assisted in the development of security architecture and security policies for cloud computing efforts. Developed Waiver and Exception Standard Operating Procedures (SOP) for security vulnerabilities. Developed Common Control Catalog and assessed common security controls. Assisted with OIG Audit of security program by preparing deliverables and responses. Established Plan of Action and Milestones (POA&M) and Info Security Vulnerability management process and respective SOPs Reviewed all policies, mandates from NIST, OMB, DOC, and other ISO standards for compliance and impact. Participated in DHS Continuous Diagnostics and Mitigation (CDM) Strategies and Implementations Formulated and evaluated plans, policies, and strategies to develop long range plans that improve productivity, reliability, and resource utilization for all Agency programs. Spearheaded the Authorization and Accreditation of over two hundred systems as a part of the FSA IT resiliency effort. Successfully attained full accreditations for all resiliency systems Multiple awards and commendations from both the Department of Homeland Security and the Federal Emergency Management Agency for the successful completion of the resiliency effort Successfully lead and completed the FSA IT resiliency initiative FY14, effectively taking the FSA from 30% to 82% on the FISMA scorecard Successfully attained and maintained a green FISMA score for all systems under my purview. Successfully spearheaded the Federal Insurance and Mitigation Administrations effort to improve the risk posture of the NFIP increasing its investment rating from 2 to 4 (scale of five, where 5 is excellence). Reduced the NFIPs Notice of Findings and Recommendation from 8 to 1 from the DHS Office of the Inspector Generals (OIG) annual financial audit. Department of Education, Washington, DC February 2015 February 2016 Job Title: Cybersecurity EngineerWork hours: 40 Hours/WeekI performed strategic analysis of customer objectives to support major applications and leveraged my cybersecurity background to provide analysis of program-based and security objectives, while, successfully executing project management duties. Perform POA&M IV&V functions - POA&M reviews,splits, reassignments,duplicates/consolidation etc. within the timelines and specifications identified in the POA&M SOP. Work with ISSOs/Contractors providing ways, strategies, and procedures to ensure the closure of FSA High Value Assets (HVA) open POA&Ms in CSAM to improve the overall FSA Cybersecurity Risk framework Scorecard using appropriate Artifacts and remediation evidence packages. Valery Oben, CISA, CISM, CSM, SEC+4 Ensure that the Information Systems Security department's policies, procedures, and practices as well as other systems user groups are compliant with FISMA, NIST, FedRamp and general agency standards. Review and validate artifacts and evidence packages of POAMS in CSAM. Review System Security Plans (SSP) using NIST 800-18 as a guide, perform updates on Security Assessment Report (SAR), Plans of Action and Milestones (POAMs), Risk Assessments, Create change control procedures, drafts and reviews. Perform initial assessment review and continuous monitoring of assigned systems and make recommendations based on vulnerability; high, moderate, or low. Develop solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation. Perform evaluation of policies, procedures, security scan results, and system settings to address controls that we deemed insufficient during Certification and Accreditation (C&A), RMF, and continuous monitoring. Conduct weekly security awareness training. Perform Step 5 assessment of the RMF using NIST 800-53a as a guide and coordinate final decisions by initiating meetings with the System Owner (SO). Manage the POA&M process, and coordinate with ISSOs, auditors, and assessors for inputs to support processes. Review and approves or rejects CSAM POAM Creation Templates. Ensures correct entry of data, and that POA&Ms are actionable with a clear remediation recommendation. Approve or reject Mitigation Strategies for open POA&Ms, Approve or reject AR, provide feedback to ISSOs, auditors, and assessors on rejected CSAM. Create POA&Ms in CSAM following approval by the ECG. Validates remediation evidence for open POA&Ms and supporting documentation for ARs. Close POA&Ms and ARs upon receipt and validation of sufficient evidence. Process Audit Accountability and Resolution Tracking System (AARTS) POA&Ms in CSAM, working with the Office of the Compliance Officer (OCO) to obtain remediation evidence. Education B.S. Information Systems University of Maryland ( in progress) Associate degree/College of Technology/BDA University. Certifications Certified Information Security Auditor (CISA) Certified, March 2021 - Present Certified Information Security Manager (CISM) Certified- Present CompTIA Security Plus (SEC +) Certified Scrum Master (CSM)Awards NOAA Bonus Recipient |