Information Security Analyst
Current Managed and documented risks in alignment with NIST SP 800-30 and SP 800-37, utilizing a nine-step process to assess threats, vulnerabilities, and security controls surrounding information systems, including evaluating the likelihood and potential impact of exploits on system operations. Ensured compliance with information security policies by guiding and coaching internal teams on the proper use of information technology and best practices for safeguarding organizational… Show more Managed and documented risks in alignment with NIST SP 800-30 and SP 800-37, utilizing a nine-step process to assess threats, vulnerabilities, and security controls surrounding information systems, including evaluating the likelihood and potential impact of exploits on system operations. Ensured compliance with information security policies by guiding and coaching internal teams on the proper use of information technology and best practices for safeguarding organizational systems. Prepared and reviewed Authorization to Operate (ATO) packages for over 1,200 systems and facilities, including key documents such as SSP, RA, CMP, ISCP, DRP, IRP, and PIA. Collected and evaluated assessment artifacts to ensure compliance with NIST SP 800-53 rev 4 control requirements. Contributed to the FIPS 199 security categorization process and selected appropriate technical, operational, and managerial controls according to NIST SP 800-60 guidelines. Developed Plan of Action and Milestones (POA&M) to address corrective actions stemming from System Test and Evaluation (ST&E). Show less