Lead Information Security Analyst
Current• Documented and managed Risks in accordance with SP 800-30 and SP 800-37 using nine steps to evaluate the threats, vulnerabilities and security controls surrounding the Information System as well as the likelihood of an exploit and the impact it will have to systems operations• Responsible for monitoring compliance with information security policies by coaching others within the organization on acceptable uses of information technology and how to protect organization systems• Prepared and reviewed Authorization to Operate (ATO) packages (i.e., SSP, RA, CMP, ISCP, DRP, IRP and PIA) for over 1200 systems and facilities• Collected and evaluated assessment artifacts to determine compliance with the NIST SP 800-53 rev 4 control requirements• Participated in the FIPS 199 process in which security categorization takes place, and selecting the technical, operational, and managerial controls using NIST SP 800-60 guidelines• Developed POA&M (Plan of Action & Milestones) document to take corrective actions resulting from ST&E (System Test & Evaluation)