| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Greenbelt, MDEMAIL AVAILABLEPHONE NUMBER AVAILABLEEDUCATION/CREDENTIALSHoward University, B.S. Information SystemsSecurity + CertificationActive 6C Public Trust ClearanceWORK EXPERIENCESkyePoint DecisionsPOA&M Analyst for the Department of Education (DoED) 02/2022 - PresentResponsible for reviewing POA&M evidence submitted by System Owners into CSAM (GRCT- Governance Risk and Compliance Tool) within the Federal Student Aid (FSA) Division to complete the mitigation/remediation process.Monitored and track Very High POA&Ms for dozens of systems in the FSA divisionReviewed Vulnerability Scan Reports as well as evidence submitted by System Owners to remediate POA&M findingsReview evidence for False Positive findingsGenerated Reports in CSAM (GRCT) to track open and Closed POA&M findingsConducted audits for the submitted evidence to ensure the evidence provide supports the remediation of the POA&M.Report and Present the status of POA&M findings to system owner on a weekly basisAssisted System Owners with preparing and reviewing their SSP for systems to acquire their ATOJacobsISSO Support/FISMA Analyst for the Department of Education (DoED) 06/2020 02/2022Responsible for reviewing and assessing Security Documentation for systems within the Federal Student Aid (FSA) Division as well as monitor the mitigation process for the POA&Ms associated with the systemsAssisted as a Senior Resource to assist the Government ISSOs in their day-to-day operationsWorked with ISSOs in reviewing and updating the SSP for their systemsAssisted in ensuring that all system are following the 6 steps to the Risk Management Framework prior to receiving their ATOAssisted ISSOs in conducting Annual Assessments on the required security controls for their systemsFollowed HITRUST Guidelines to ensure that updates are being implemented to counter new threats and attacksAssist with tracking the mitigation process to complete and close Plan of Action and Milestones (POA&Ms) for both vulnerability related and policy/procedure based POA&Ms.Review security documentation for dozens for systems in the FSA division in preparation of receiving their ATOConducted annual assessments for dozens of systems in the FSA divisionPrepared slide decks for weekly POA&M Tracking Meetings in support of the government clientMonitored and track Very High POA&Ms for dozens of systems in the FSA divisionReviewed Vulnerability Scan Reports as well as evidence submitted by System Owners to remediate POA&M findingsGoldbelt HAWK 11/2018 - 05/2020CyberSecurity Analyst Auditor for the Department of Commerce (DOC)Maintain FISMA and the Financial Statement Audit Action Plan reporting, documenting the status for ATOs, as well as the POA&Ms associated with the audit findings on a monthly basis, which are reported to the CISO and Deputy CISO on a quarterly basisReviewed and tracked Track the status of 5 bureaus Notification of Finding and Recommendations (NFRs) through their Audit Action Plan (AAP) on a quarterly basis for 5 bureaus on a monthly and quarterly basis while conducting the Financial Statement AuditReview the artifacts of each POA&M associated with each AAPGenerated monthly and quarterly reports and used a risk rating scoring method to track the status of each audit findingReview security documentation to ensure the information regarding the system is accurate and up to date for the system to receive their ATOTrack and monitor the risks associated with various systems and programs throughout the Department by using Cyber Security Asset Management (CSAM)/ Governance Risk and Compliance Tool (GRCT) to review system documentation routinely, and update the risk management within the systemAttain/Agensys 08/2017 - 11/2018Policy and CyberSecurity Analyst / CSAM Administrator for the Department of Commerce (DOC)Responsible for providing assistance in FISMA reporting for users on the Cyber Security Asset Management (CSAM)/(GRCT) tool as well as monitored, reviewed and assessed security hundreds of systems.Generated monthly reports tracking the ATO status for close to 300 systems as well as monitored over 4,000 POA&Ms for those systemsConducted an IT Compliance Check for around 200 systems ensuring their security documentation is accurate and up to dateServed as a CSAM (GRCT) Administrator to hundreds of users across the 11 bureaus of Department of CommerceProvided assistance with developing IT Security Baseline Policies by establishing minimum standards for all the bureaus within Department of CommerceConducted the FISMA Assessment for close to 300 systems across the 11 bureaus of the Department of Commerce by utilizing the CIO FISMA Metrics to satisfy the NIST Cyber Security FrameworkAECOM/ASI Government 03/2012 - 03/2017Information Assurance Analyst / Alternate ISSO for the General Service Administration (GSA)Responsible for reviewing/assessing Security Documentation for over a dozen systems in the Telecomm Industry ensuring that all of the systems are following the Assessment & Authorization(A&A) processReviewed Vulnerability Scan Reports on a quarterly basis for over a dozen systems in search of vulnerabilities and ensuring previous vulnerabilities has been remediatedReviewed Plan of Actions and Milestones (POA&Ms) for over a dozen systems on a quarterly basis verifying that is matches the scan reports and tracked the status of all vulnerabilitiesReview the System Security Packages (SSP) for over a dozen systems ensuring that all security controls are detailed and compliant with the NIST 800-53 rev 4 guidelines including all required embedded documentsReviewed all required security documents ensuring that all documentation is up to date for over a dozen systems to receive their ATO.Participated in the FISMA Annual Assessment for over a dozen systems by reviewing evidence (screenshots, etc.) that support the selected security control within the test case.Managed Personal Identifiable Information (PII) and processed incoming employees Contract Information Worksheet (CIW) into GCIMS for the approval of a NACI/MBI for Personnel SecurityERT (Earth Resources Technology) 07/2011 - 3/2012IT Security Specialist for the Department Of Commerce, National Oceanic Atmosphere Administration (NOAA)Responsible for network security migration from Microsoft Outlook to the Google CloudResponsible for network security compliance according to NIST 800-53Developed the System Security Package for NOAAs Google Apps for GovernmentDeveloped Plan of Action and Milestones (POAM) to mitigate issues generated during program migrationStructured the Configuration Management Plan (CMP) for the Google Cloud ServiceDeveloped additional security documents such as the Risk Assessment Report (RAR), Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Business Impact Analysis (BIA), and the Contingency Plan (CP)Provided support to users for Google Apps for Government (GAfG)MSI (Management Solutions Incorporated) 09/2009-07/2011Information Security Engineer for the Department Of Commerce, Census BureauResponsible for Managing and Tracking new systems and servers prior to reaching the networkMonitored the development of new systems and servers for the Census Bureau networkResponsible for security compliance for each system/serverResponsible for the IT logistics for all Census Bureau systems and serversManaged the progress of POAMs and updated the status through Cyber Security Assessment and Management (CSAM)/Governance Risk and Compliance Tool(GRCT)Create Security Packages for each system/server before it hits the networkE&E Enterprises Global Inc. 04/2009 - 09/2009Information Assurance Analyst for the Department Of Commerce, Census BureauResponsible for monitoring new systems, servers and POA&MsTracked all systems and servers on to the network using a phpmysql databaseReview NCJ (Non-Compliance Justification) Forms for proper descriptions and explanations of systems vulnerabilitiesTracked the status of POAMs through CSAM ensuring all deadlines are being metContinuous Monitoring through regular assessments of the systems and serversEnergy Enterprise Solutions 10/2006 - 03/2009Technical Support Specialist for the Department Of Energy (DOE)Responsible for providing technical support for the Trusted Agent toolPrepared test cases for the Trusted Agent applicationMonitor the Trusted Agent tool ensuring that it is fully functioningManage the application to ensure it accurately generates FISMA reports and C&A Tracking.SharePoint Database Specialist for the Business Development GroupResponsible for creating, uploading, and maintaining the Single Source Intranet SiteCreated a database inside of the single source intranet site for the user to locate proposalsUploaded dissected parts of a proposal to be edited/tailored to be used again for future proposalsMaintained and tracked all Business Development Proposals used to obtain government contractsBusiness Analyst for the Department Of Energy (DOE)Responsible for the IT inventory within the OE team of the Department of EnergyCreated a database using Microsoft Access that resolved and organized the IT Inventory issues within the Office of Electricity Delivery and Energy Reliability (OE) saving the customer approximately $2,000 monthly.Maintained the data in the database ensuring that it operated on real time using SunflowerCreated Standard Operating Procedures (SOPs) for the clients understanding of proper protocolHIGHLIGHT OF SKILLS- Certification & Accreditation - Trusted Agent- Assessments & Authorizations - CSAM/GRCT- FISMA - Risk Management Framework (RFM)- NIST 800-53, Rev 4 - FIPS 199, FIPS 200- Cyber Security Analysist - System Development Life Cycle (SDLC)- POAM Tracking - SOC-2- Verbal and written communication skills - Solid Team Work- FISCAM - Personnel SecurityApplicationsSecurity Manager Microsoft ProjectMicrosoft Outlook Lotus NotesMicrosoft Office Suite (365, Word, Excel, Access, and PowerPoint) CSAMGoogle Cloud Trusted AgentReferences: Available upon request |
