| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name , PMP, CSSLP,CSQA,CSPE,CSTE,CQSPE,CSA,CSPM,CSEST,CMSQ,CQE,CMST,CSBAStreet Address
Cell Phone: PHONE NUMBER AVAILABLE Work Phone : PHONE NUMBER AVAILABLE e-mail: EMAIL AVAILABLEhttps://www.linkedin/in/suburgessSYNOPSIS:Candidate's Name also serves on the IV&V IEEE 1012 Standard for Verification and Validation, ISO 29119 for Software Testing Standard, ISO 20000 IT Service Management, as well as participating in the DHS Software and Supply Chain Assurance (SSCA) Forum to identify information technology risks and develop new cybersecurity and privacy standards.Ms. Burgess is experienced in implementing standards, auditing, performing assessments, audit remediation as well as and managing efforts such as: New York MMIS Information Security and Privacy Officer, Medicaid programs such as State Level Registry (SLR), Provider, Member/Third Party Liability (TPL), PBM, EPIC and Financials, ACA, MECT, MITA requirements, HIPPA, Information Security and Privacy controls, HITECH, NIST 800-53 v4, NIST 800-53A, Incident Response, NIST 800-30, NIST SP 800-37, MARS-E 2.0, OWASP, PCI, CMMC, NIST SP800-171 and ICD 503, HL7, ICD 10, FIPS 140-2, FIPS 199, PMI PMBOK, Agile and Sprint methods, test planning and automation, generating SSPs, Information Assurance, ISO 27001/2, SANS CIS20 Critical Controls, SOC1/2 audits, NIST 800-171, ISO 9001, Capability Maturity Model Integration (CMMI), FISMA, Health Information Trust Alliance (HITRUST), Sarbanes-Oxley, OMB A123 Circular, ISO 27001/2, FedRAMP, VDI, RMF, DIACAP, C&A, Quality Assurance, DISA STIGs, ATOs, FARS, SDLC, POA&M's,Information Technology Infrastructure Library (ITIL), EU Privacy, CAPA, Cloud Services, CMS Seven Standards, da Certification and Accreditation (C&A), data analytics, PCI DSS, disaster recovery, Control Objectives for Information Technology (COBIT), DOD 8510, Earned Value, ATOs, Proposal Responses, ISO 12207 Standard for Software Life Cycle Processes as well as ISO 15288 for System Life Cycle Processes.Ms. Burgess received the Quality Assurance Institutes (QAI) Lifetime Achievement Award for overall contributions to the Information Technology profession, Keynotes at industry conferences and was the subject of a feature article in Computerworld. Susan co-authored, with Mr. William Perry the past CEO of QAI, the Quantitative Software Testing Assessment Rating (Q*STAR) methodology for measuring the effectiveness of all phases of Testing. Served as a Trainer, Examiner, Team Leader and Mentor for the US Senate and Maryland Performance Excellence Awards and the Malcom Baldrige Award.PROFESSIONAL EXPERIENCEBurgess Consulting Laurel, MD March 2022 to PresentPrincipal ConsultantProviding clients with consulting expertise implementing standards and models such as IEEE 1012, IV&V, CMMI DEV/ SVC, SCAMPI Appraisals, IS0 20000, ITIL, ISO 9001, ISO PHONE NUMBER AVAILABLE, FISMA and ISO 14001 as well as CMMC.Helping clients develop processes and procedures for Governance, Risk and Compliance (GRC), to align with their business goals while managing risks as well as meeting applicable industry and government regulations.Perform internal company audits and generate a POAM to resolve findings as well as supporting third party external audits.Performing IV&V documentation review and activities needed for the Authority to Operate (ATO) which aligned with FISMA.Worked with client team to perform verification and validation activities to assure all requirements are met as well as assuring adequate test coverage by automation or manual testing, error handling, regression and stress testing is addressed.Helped client to develop a test strategy, policy and test cases based on best practices as defined in ISO 29119.Developed a comprehensive NIST 800-53 Rev. 4/5 System Security Plan (SSP) to assess the Contractors compliance, including all CMS and HIPAA requirements, as well as establishing internal security and privacy controls which included: risk assessments; configuration management, security policies; system and communications protection; personnel security; awareness and training; physical media/environmental protection; contingency planning; intrusion detection; maintenance; system and information integrity; incident response; identification and authentication; access control and annual compliance audit. Developed client policies and processes for Supply Chain and Risk management for goods and services.Created Quality Control Plans, User Acceptance Test (UAT) Plans, Project Management Plans, System Security Plans (SSP), Disaster Recovery, Continuity of Operations Plans, and Quality Assurance Surveillance Plans and acquisition documentation.Conduent (Formerly Xerox State Healthcare) Albany, New York May 2015 to February 2022Information Security and Privacy Officer (ISO)Served as the Information Security and Privacy Officer (ISO) for the New York Medicaid Management System (NYMMIS) contract. The NYMMIS security and privacy controls are based on the Center for Medicare and Medicaid (CMS) Moderate plus requirements and are based on NIST 800-53 Rev.4, HIPPA Security and Privacy Rules, ACA, FIPS 140-2, HITECH, ITIL, RMF, FIPS 199 and 200, CIS, FISMA, OWASP, FedRAMP, Health Information Trust Alliance (HITRUST), CMS as well as compliance with the NYS Office of Information Technology Services (ITS) standards. The NYS Medicaid project includes components such as State Level Registry (SLR), Provider, Member/Third Party Liability (TPL), PBM, EPIC, Financials as well as MECT and MITA requirements.When I started on the NYMMIS project as the Information Security Officer (ISO), I needed to create a comprehensive System Security Plan (SSP) or a Security, Privacy and Confidentiality Plan (SPCP). Initially, I reviewed the contract and the associated RFP to help:understand the scope of project and planned schedule and deliverablesascertain what federal, state or regulatory requirements or laws that need to be followedidentify which standards or methodology that will need to be adhered to e.g. NIST 800 series, CMS, ISO, FISMA, HITRUST, ITIL, ACA, COBIT, MARS, HIPPA, CCSFP, FedRamp, FIPS, CAPA, HL7, OMB, CMMC or FARS as well as client required policies, processes and proceduresdenote all security and privacy requirements and controls to be used per NIST 800-53 R4Identified Teaming partners, data centers to be used, Cloud services, legacy systems to be used on the projectVerify architecture components, tools for anti-virus, firewalls, vulnerability scanning, identity and access managementIdentify stakeholders, requirements for project reporting, vendors, risk management and customer meetingsThe NYMMIS Security, Privacy and Confidentiality Plan (SPCP) was based on NIST 800-53 Rev.4 and associated controls to protect the Confidentiality, Integrity, and Availability (CIA) of Protected Health Information (PHI) and Personally Identifiable Information (PII) to assure data was encrypted during transmittal, at rest, in process, and archival for all NYMMIS Medicaid information. As the Information Security and Privacy Officer (ISO), typical responsibilities included:Regularly presented security and privacy audit and assessment findings, risk areas, incidents, data breach status and required remediations to senior management at the State of New York and Xerox and our teaming partners.Oversaw compliance to the SPCP by all teaming partners, Cloud Services and Data Centers.Implemented policies, procedures and processes for security and privacy for entire contract.Worked with NYS client to conduct the Privacy Impact Assessment (PIA) required by CMS.Developed Interconnection Security Agreements (ISA) to assure secure encrypted data transfer of PHI/PII.Responsible for Incident Response, Root Cause Analysis and remediation to reduce the risk of it happening again, Unauthorized Exposure and Breach management as well as reporting to Senior Management.Worked with Corporate Xerox attorneys to address incidents and non-compliance by teaming partners.Developed a Security and Privacy Requirements Traceability Matrix that identified the control and the owner who was responsible for implementation which was used for management reporting purposes and compliance metrics.Compliance auditing of the teaming partners and data centers for the security and privacy controls.Created Corrective Action Plans (CAP) to address incidents, risks, breaches as well as audit findings.Developed POA&Ms, performed risk assessments as well as compensating security controls to protect PHI/PII.Served as the Point of Contact (POC) for all Third Party Audits for SOX and SOC 2, ISO 27001/2, ISO 9001 and SSAE 16/18 as well as any remediation activities as well as reporting results to Senior Management and the Client.Assured adherence to Security and Privacy Service Level Agreements (SLA).Reviewed Vulnerability scans as well as NIST 800-37 and NIST 30 Risk Assessments.Oversaw IDS, SIEM, Multifactor Authentication, Identity Assurance, Penetration Testing at Data Centers.Participated in Agile Sprints, User Stories and Test Case generation for functional requirements.Developed and conducted training on security, privacy, incident response and safety.Involved in disaster recovery, CMS certification documentation requirements as well as COOP for NYMMIS.Responsible for the physical security of staff at various NYMMIS site facilities.Burgess Consulting Laurel, MD April 2012 May 2015President/Principal ConsultantProvided consulting activities implementing standards and models such as CMMI DEV/ SVC, SCAMPI Appraisals, IS0 20000, ITIL, ISO 9001, ISO 27001 and ISO 14001.Performed IV&V assessments and testing for Maryland Health Care Exchange (HIX) using HIPAA, HHS, EDI, CMS, and MITACreated Quality Control Plans, User Acceptance Test (UAT) Plans, Project Management Plans, System Security Plans (SSP), Disaster Recovery, Continuity of Operations Plans, and Quality Assurance Surveillance Plans and acquisition documentation.Assessed requirements for testability, executed test plans for mobile applications, generated manual and QTP/ALM test cases, created risk-based testing strategies, functional and requirements testing, generated operational scenarios for end-to-end testing, Software as a Service, Agile Sprints, and managing product backlog.Developed policies, procedures, and security controls in accordance with NIST 800-53: Security and Privacy Controls for Federal Information Systems and Organizations to include all phases of the SDLC.Developed a comprehensive System Security Plan (SSP) to assess the Contractors compliance, including all CMS and HIPAA requirements, as well as establishing internal security controls which included: risk assessments; configuration management, security policies; system and communications protection; personnel security; awareness and training; physical/media/environmental protection; contingency planning; intrusion detection; maintenance; system and information integrity; incident response; identification and authentication; access control; annual compliance audit and Federal Information Security Management Act (FISMA) evaluation, plan of action and milestones; identifying vulnerabilities, accountability and audits; certification assessment and criteria for collection, storage, access, and destruction of information assets.Utilized CMS MITA Framework 3.0 and Seven Standards to implement security and privacy principles as guidelines for system enhancements across the entire SDLC for the development and testing of several HMOs and PPOsDeveloped HIPAA Privacy and Security training briefings for project team and assured compliance via project assessments and vendor audits.Worked as a Subject Matter Expert at Honeywell Government Systems, now KBRWyle, to support various proposals and internal audits.NTT Data (formerly Keane Federal Systems) McLean, VA 12/2006 04/2012Senior Director, Quality Management IV&V PracticeFormerly, the Senior Director, Quality Management responsible for the project management and technical oversight of the Independent Verification and Validation (IV&V) practice including staffing as well as profit and loss. Responsible for overseeing implementation of ISO 9001:2008 and CMMI Level 3 for Development as well as CMMI for Services efforts for the company. In addition, responsible for developing proposal responses and technical solutions for the government and public sector client in the areas of quality, testing, IV&V, process improvement and configuration management. Interfaced with our off-shore staff in India providing technical support across various time zones. Directed the new Independent Verification and Validation (IV&V) practice at Keane Federal and NTT Data Systems.Created the Keane Independent Verification and Validation for Information Technology (KIVVIT) methodology based on IEEE 1012:2016, DHS, ISO, NIST standards as well as the PMBOK, ITIL and CMMI guidelines. The KIVITT methodology was cited in a GAO report as being an effective methodology on a large DHS CBP project.Managed an IV&V geographically dispersed team of 30 people who performed internal ISO 9001, ISO 14001 and CMMI audits and on-site client testing. Yearly staff Performance Appraisals were done to provide feedback to the employees and determine training needs and opportunities for growth as well as succession planning.Supported numerous federal government and Department of Homeland Security (DHS) clients such as the Federal Emergency Management Agency (FEMA), Department of the Interior (DOI) and Customs and Border Protection (CBP) Secure Border Initiative as a subject matter expert in testing, metrics, quality, configuration management and business process re-engineering. Acted as IV&V Program Manager to approve invoices, generating weekly status reports, monthly program reviews, hiring staff as well as interfacing directing with the customer. Susan was also involved in doing an IV&V end-to-end assessment of the DHS United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program to determine the overall status of the project for the government.Supported a Federal Bureau of Investigation (FBI) contract in Washington, DC. as the Quality Manager for the Security Management Information System (SMIS) responsible for establishing processes and procedures to assure quality for integration of over forty new and legacy applications. Other duties include project management oversight of software development and integration efforts; system acceptance testing, risk management assessments; earned value analyses; financials, process and product auditing; requirements analysis; and configuration management. Responsible for assuring contract compliance to standards such as CMMI and the FBIs Information Technology Life Cycle Management Directive (LCMD).Catalyst IT Services Baltimore, MD 9/2006 - 11/2006Vice President of Quality AssuranceFormerly, the Vice President of Quality Assurance for a very small business, responsible for the testing and quality assurance practice including profit and loss; customer satisfaction, business development, requirements analysis as well as testing of software development projects across platforms specifically for Service Oriented Architecture (SOA).General Dynamics Network Systems Fairfax, VA 4/2001 - 5/2006Director, Process and Quality Assurance(Acquisition History - formerly Veridian Information Technology Systems- position Vice President of Quality Assurance, and formerly The SIGNAL Corporation position Vice President of Quality Assurance)Formerly, the Director of Process and Quality Assurance at Signal Solutions, Inc., a General Dynamics Network Systems Company where she oversaw the corporate ISO 9001:2000 registered Quality Management System (QMS), the ISO 14001 Environmental Management System registered and OHSAS 18001 compliant Health and Safety program. Responsible for: managing quality processes and procedures; setting metrics; conducting management reviews; setting quality objectives; root call analyses; oversaw quality assurance for projects; internal compliance audits; managing departmental budgets and resources; oversaw recycling efforts; software testing; customer satisfaction; facilitating process improvement; cost estimation for new work; implementing risk management and mitigation; conducting trend and root cause analyses as well as resolving corrective actions.Served as the Point of Contact (POC) for the Registrar for ISO 9001 and ISO14001 and the CMMI Lead Appraiser for contract negotiations, audit planning and Site Visits. Frequently presented ISO 9001, CMMI and ITIL audit findings with recommendations for process improvements to executive management.Additionally, contributed to proposals, supported projects, and internal programs such as the Software Engineering Institute (SEI) Capability Maturity Model Integration (CMMI) and Information Technology Infrastructure Library (ITIL) initiatives as well as being certified in quality, testing, program management, and process improvement. Frequently interfaced with top management and staff from other divisions of the company.Served as the Program Manager for a CMMI Level 2 certification attained in nine months as well as being responsible for Process and Product Quality Assurance (PPQA) audits and process improvement for ISO 9001 for the company.Information Technology Business Group, Inc. Rockville, MD 5/95 4/2001Managing Director of I.T.B.G., a Small, Disadvantaged, Woman-Owned consulting business. Responsibilities include overseeing and directing all projects, supporting new business development, assuring customer satisfaction, and interviewing and approving new hires into the division as well as supporting working on various consulting assignments as outlined below.At Amtrak, Susan led the System and User Acceptance testing for the Amtrak Food and Beverage Point of Sale system. The testing included all aspects of on-board service including: all functionality of the POS devices, end to end testing to include testing of all interfaces to legacy systems, on-board terminal functionality, reporting, and POS functions.Worked with Ann Taylor Inc., a leading fashion retailer going to on-line shopping to perform project assessment and to assess the testing required. She subsequently assumed responsibility for system integration effort and test management for acceptance testing for their website and PCI transactions.Served as the Quality Manager on the Departmental Grants Management System (DGMS) at Department of Housing and Urban Development (HUD) responsible for testing the system including designing and developing test processes, plans, cases, procedures and scenarios for testing requirements, stress, verifying the user guide, threads, load, capacity, interfaces with other systems, performance under key operational conditions with Oracle access and the data repository. At the Office of Real Estate Management (OREMS, responsible for leading a team to develop exemplar models for IT initiatives in support of Clinger-Cohen, OMB and Raines Rules. Created models of effective Business Cases, Project Plans and Work Breakdown Structures (WBS) for activity-based costing.Susan was the acting Director of Quality Assurance for 24/7 Media, Inc., an Internet Services provider located in Alexandria, VA responsible for developing a quality assurance infrastructure and a Y2K Remediation Plan reporting directly to the CIO to establish processes and procedures for on-line pop-up advertisements.Worked as the System Acceptance and IV & V Lead for the Department of Commerce, Bureau of the Census Program in Bowie, MD. Responsible for the staffing, establishment of teams and performance of IV&V, System Acceptance and Requirements Verification Testing for the Data Capture and Imaging System supporting the Year 2000 Decennial Census. Duties included: Technical Lead for Independent Verification and Validation (IV&V), System Acceptance Test (SAT) and Requirements Verification Test (RVT) and CMMI Level 3 audits.Supported Computer Sciences Corporation (CSC) corporate MIS department in establishing test plans and scenarios, developing test schedules, supervising testing the software components as well as performing risk assessments in the implementation of the Labor Cost Distribution (LCD) system that interfaces with SAP R3 product and legacy systems.Worked as the Task Order Project Manager (TOPM) and Subject Matter Expert with the Defensive Investigative Service (DIS) to develop a comprehensive Configuration Management (CM) system to support all DIS locations across the country. Developed a comprehensive CM strategy including processes that encompassed software, hardware, and documentation change control management.Supported the Federal Aviation Administration (FAA) William J. Hughes Technical Center in Atlantic City, NJ to assess the FAA test methodology to implement improvements in configuration management and testing.Worked on the IRS Document Processing System (DPS) Client-Server project at Lockheed Martin Federal Systems to digitally image tax returns for storage and retrieval of data. As Senior Test Engineer, responsible for requirements analysis and verification, preparing test plans and procedures, developing testing metrics to assess progress, McCabe complexity analyses, and system level, performance, and user testing.Aeronautical Radio, Inc. (ARINC) Annapolis, MD 10/1989 05/1995As Principal Quality Planning Analyst, responsible for overall Quality Management functions of the ARINC Data Network Service (ADNS), a distributed packet switching network that serves the airlines and related industries. The responsibilities include evaluations, assessments, audit inspections, corrective actions, as well as risk and value analyses of the deliverables to assure compliance to appropriate standards. These duties included participation in design reviews, code walkthroughs, requirements evaluations, vendor quality audits, testing, documentation assessments, as well as functional and physical configuration audits.EDUCATION:M. B. A. in Management Frostburg State UniversityB. S. Ceramic Engineering Alfred UniversityPAST CLEARANCES:Department of Defense (DOD) Top Secret Clearance with SSBI. Previously held clearances at DHS Customs and Border Protection (CBP) - DHS Suitability, Federal Emergency Management Agency (FEMA), internal revenue Service (IRS), Department of the Interior (DOI), DOE L as well as a Federal Bureau of Investigation (FBI) SCI and a CI polygraph, as well as a Top Secret with NASA.CERTIFICATIONS:Project Management Professional (PMP)Certified Secure Software Lifecycle Professional (CSSLP)ISO 9001 Quality Management System (QMS) Lead AuditorISO 14001 Environmental Health and Safety Lead AuditorCertified Software Project Manager (CSPM)Certified Software Test Manager (CSTM).and Certified Software Test Engineer (CSTE)Certified Software Quality Manager (CSQM) and Certified Software Quality Analyst (CSQA)Certified Quantitative Software Process Engineer (CQSPE)CMMI Appraisal Team Member and Certified Quality Examiner (CQE)Certified Software Process Engineer (CSPE)Certified Software Business Analyst (CSBA)Certified Senior Examiner of Software Testing (CSEST)Certified Software Process Improvement Capability Determination (SPICE) Assessor (CSA)PROFESSIONAL MEMBERSHIPS:Project Management Institute (PMI)International Information Systems Security Certification Consortium, Inc, (ISC)Quality Assurance Institute (QAI) President, Quality Assurance Association of Maryland (QAAM)Senior Member - American Society for Quality (ASQ)Information Technology Service Management Forum (itSMF)Elected Senior Member of IEEE and Member of IEEE Computer Society Standards CommitteeDepartment of Homeland Security (DHS) Software Assurance Forum (SwA)Cambridge Whos Who Registry of Executives, Professionals and Entrepreneurs |
