Senior Information Technology Security Analyst
CurrentInformation Security Analyst within the Department of Veterans Affairs (VA), Quality, Privacy, and Risk (QPR), Strategy and Governance Division (SAGD), working remotely with minimal direct supervision. Work to ensure the Department’s Risk Management Framework initiatives are successfully implemented. Accomplished through authority to operate package reviews, security control assessments (review of NIST SP 800-53 rev4 control families), vulnerability assessments, code reviews, WASA scan reviews, and review of information system plans of action & milestones.Divisions subject matter expert on the VAs Governance, Risk, and Compliance (GRC) tool RiskVision. This tool is used for the processes of Assessment & Authorization (A&A) and the Continuous Monitoring of VA’s Information Systems. Responsible for training Division on RiskVision, and specific portions of the tool. Such as Plans of Actions and Milestones (POA&Ms), reviewing evidence to ensure compliance, and general how-to instruction of the tool.Also, responsible for training of the NIST SP 800-53 Rev 4, Access Control and Configuration Management control families, and the review of POA&Ms.