Perform Analysis, Informations Security Risk Assessment (ISRA), System Security Planning (SSP), Contingency Planning (CP), and development and maintenance of supporting documentation. Support the Security Testing and Evaluation (ST&E) and Certification and Accreditation (C&A) processes.Conduct security audits to validate system compliance with FISMA, OMB, FIPS, and NIST standards. Work in close collaboration with Architecture and Development teams, conduct research, respond to data calls, provide recommendations related to system vulnerability and security. Support project security reviews and ensure compliance with technical and physical safeguards; privacy and security procedures.

Maintains a thorough working knowledge of and adheres to organization/project policies,regulations and procedures.Prepares report for workshops, seminars, conferences, meetings and trainings attendedpertinent to the efficient dispatch of duties.Develops and maintains System Security Plan for information systems.Coordinates work related activities with other organization staff and offices.Assist in the development of organizational, system and technology goals; assist in thedevelopment of detailed plans for goal accomplishment.Maintains centralized documentation of all network and system changes.Responsible for monthly risk management reporting for systems and technology toinclude, but not limited to, assessing risks, recommending new procedures and policies toreduce risks as evidenced by the submission of the monthly risk management report.Manages organization systems inventory.Develops Plan of Actions & Milestones (POA&M) for technology issues/problems.Ensures computer networks and workstations are operational and secure.Manages technology to include, workstations, servers, software, peripheral devices,phone systems, SCAP tools, etc.Prepares, maintains and tests organizational technology plan, including contingency anddisaster recovery plans and procedures.Stays abreast of trends and innovations in the field of information systems/technologythat could benefit the organization; documents findings/rationale and recommendations to

Knowledgeable of IT concepts and able to understand, interpret, apply, and evaluate/assess the implementation of security policies/regulations/NIST SP 800-53 controls and other NIST SP and FIPS requirements. Advised and work with ISSOs, system owners and developers to insure new and existing systems incorporate security controls.Tracked and adhere to deadlines.Flexible and able to adapt to the ever changing C&A requirementsConducted in house testing for system upgrade which included: user manuals, and production testing.Developed, updated, and formatted content for project training documentation which included: Plan of Action and Milestone (POAM) and wizard templates guidance PowerPoint slides, Word and Excel. Provided helpdesk support to Institutes and Centers (IC's) by completing password reset for users, updating test passwords, and field level access in the system for users.Reviewed Certification and Accreditation (C&A) related documentation to provide comments and or suggestions.Knowledgeable of Trusted Agent software

Responsible for developing or updating the Information Technology Contingency Plans (ITCP) and Business Impact Analysis (BIA) documents Gathers data through discussions with application/GSS stakeholders during working/validation sessions and through documented IT processes/procedures, including all aspects of application/GSS failure, recovery, and reconstitution.Identify problems and recommend corrective actions.Develop Security Assessment Reports (SAR) decisions for the Chief Program Officer (CPO) in compliance with FISMA and NIST guidance.Prepare correspondence, procedural documentation, and reference materials for management.Review executed production documentation for completenessConduct internal, QA and stakeholder requirements review sessions and gather feedback.Perform security assessments using the NIST SP 800-53 controls and NIST SP 800-53A methodology. Document those assessments and the Plan of Actions & Milestones (POA&M) items.Perform security test and evaluations (ST&Es) and document the results.Perform risk assessments and document the results.Perform system data categorization using NIST SP 800-60.Develop system security plans and document them.Advised and worked with system owners and developers to insure new and existing systems incorporate security controls.Develop system contingency plans and document and assist in the coordination of contingency plan tests.Develop and maintain all C&A documentation. Track and adhere to deadlines, especially C&A deadlinesMonitor and document POA&M progress.

Performed risk assessments and documented the results.Performed security assessments using the NIST SP 800-53 controls and NIST SP 800-53A methodology. Documented those assessments and the Plan of Actions and Milestones (POA&M) findings.Performed security test and evaluations (ST&Es) and documented the results.Performed system data categorization using NIST SP 800-60.Developed system security plans and documented them.Advised and worked with system owners and developers to insure new and existing systems incorporated security controls.Developed system contingency plans and assisted in the coordination of contingency plan testing.Tracked and adhered to deadlines, especially C&A deadlines.Monitored and documented POA&M progress.Developed and maintain all C&A documentation.Developed and provided presentations for C&A managers and staff for the FY06 and FY07 Agency requirements. Developed and presented C&A training for DCS staff based on company policy.Reviewed and provided comments on contractor-developed documents such as the; security risk assessments, security plans, security assessment results and Plans of Action and Milestones.Reviewed various security-related OMB and NIST draft documents, providing assessment and comments.

Developed project documentation:Workflow diagramsControlled substance act (CSA) training (utilized as a training tool for DEA agents and new Diversion Investigators (DI) trainees)Standard Operating Procedures (SOP's)System development lifecycle (SDLC) methodologies for security certification and accreditation (C&A)System Security Plan (SSP)Business process re-engineeringFacilitated Business Process Re-Engineering Joint Application-Design (JAD) sessions for the client.Conducted in state and out of state training sessions for phases I and II of the client's enterprise application.Planned and conducted meetings with business unit in order to resolve questions or further clarify requirements identified during the analysis phase.Participated in documenting requirements gathering sessions with functional process owners and users.Translated requirements into system specifications and detailed program specifications.Managed task scheduling, and communication needs.Coordinated system implementationLiaison between technical staff and users during software development and testing activities.