Giorgio Bruno
West Haven,CT
Summary
A US Army veteran Security Assessment and Authorization (SA&A) professional knowledgeable in the Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), Security Life Cycle, and Vulnerability Management using FISMA, and applicable NIST standards with the required knowledge to obtain ATO on information Systems. A proven project and team leader with a strong customer service background and exceptional communication abilities in various languages. Among the functional areas of expertise are:
· Information Systems Security · PII Analysis
· Privacy Policy & Compliance · Security Controls Assessment
· Project Management. · POAM Remediation
· Risk Mitigation · Security Life Cycle
· Systems Risk Assessment · SDLC
· ATO Packages Documentation · A&A Process Support
· Help Desk Support · Quality Assurance & Delivery
· IAM framework · FedRAMP
Overview
8
8
years of professional experience
1
1
Certification
Work History
Assessment and Authorization Specialist
Vaco
08.2020 - Current
- Support privacy compliance activities to include the development of Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), and System of Records Notice (SORN)
- Develop and maintain Assessment and Authorization (A&A) documentation including but not limited to Contingency Plan, Incident Response Plan (IRP), and Configuration Management Plan (CMP)
- Responsible for ensuring that all deficiencies from SCAs and vulnerability scans are addressed in a POA&M, track remediation actions and report status to senior leadership
- Tailoring and applying appropriate information security controls for Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199, FIPS 200 and OMB A-130 Appendix III
- Analyze data types to determine the risk level of information systems based on NIST 800-60 guidelines
- Work with stakeholders to review system and network vulnerability scan reports in order to identify and remediate potential risks
- Update IT security policies, procedures, standards, and guidelines according to department and federal requirements
- Develop and review ATO packages such as the System Security Plans (SSP), Plans of Action and Milestones (POA&M), Security Assessment Reports (SAR), and related security documents
- Develop Rules of Behavior (RoB), E-Authorization, Interconnection Security Agreement (ISA) and a Memorandum of Understanding (MoU) for the system assigned
- Monitor controls post-authorization to ensure continuous compliance with security and regulatory requirements
- Research new developments in IT security to recommend, develop, and implement new security policies, standards, procedures, and operating doctrines across a major global enterprise.
Information Assurance Specialist
Lockheed Martin
02.2020 - 08.2020
- Ensured system security authorization controls contain accurate implementation statements and assessments results, and the completion of appropriate security artifacts to support findings
- Developed and maintained a variety of IA related documentation such as A&A packages, SOP, accreditation requests and risk assessments that were consistent with FISMA annual requirements
- Reviewed and validated compliance with the Risk Management Framework (RMF) security controls and Plan of Action and Milestones (POAMs) on GSS and major systems
- Conducted independent assessments of all required security controls via appropriate methods including interviews, examinations, and testing as well as prepare the SAP and SAR
- Completed Security Authorization packages, to include system security plans, security assessment reports, POAM summaries, and a continuous monitoring plan/assessment schedule, and presented an executive briefing to senior management
- Responsible for creating a risk mitigation strategy and ensuring security configurations were maintained in accordance with the agency's mandated policies
- Ensured system security authorization controls contain accurate implementation statements and assessment results, and the completion of appropriate security artifacts to support findings
- Developed and maintained a variety of IA related documentation, such as A&A packages, SOPs, accreditation requests, and risk assessments, that was consistent with FISMA's annual requirements.
Help Desk – Training Coordinator
Imperial Gutenberg S.R.L.
09.2015 - 02.2020
- Attended professional development technology courses to increase knowledge base and learn new information
- Reporting to senior leadership with updated training curriculum status and employment advancement
- Troubleshooting Information Systems and re-establishing proper functions of IT devices
- Set up computers and networking systems and delivered step-by-step instructions on basic use
- Maintained inventory and upkeep for multiple devices and computers
- Emphasized web etiquette and practical applications of technology for professional use
- Facilitated computer lab of Up to 20 people from Beginner to intermediate computer use and designed appropriate and specialized lesson plans
- Planned and implemented curriculum to teach up-to-date technology to multiple employees
- Worked with School-like organization to implement computer literacy program and technology use into day-to-day instructions for employees.
Education
Bachelor of Science - Computer Science
Gateway Community College
New Haven, CTSkills
- Windows XP/Vista/7/8/81/10
- Mac OS X
- Microsoft Office Suite
- SharePoint
- Splunk
- McAfee Virus Scan Enterprise
- SQL
- JavaScript
- Java
- Nessus
- GRC RiskVision
- EMass
Expertise Areas
- Information Systems Security
- PII Analysis and documentation
- Vulnerability Assessment
- System Documentation
- Privacy Policy & Compliance
- Security Controls Assessment
- Project Management and Support
- POAM Remediation
- Risk Mitigation
- Security Life Cycle
- Systems Risk Assessment
- Systems Development Life Cycle
- ATO Packages Documentation
- A&A Process Support
- Help Desk Support
- Quality Assurance & Delivery
- IAM framework
- FedRAMP
Certification
- S+ - COMPTIA Security+
- CGRC - ISC2 Certified Governance Risk and Compliance (In Progress)
- CISM -ISACA Certified Information Security Manager
- CSM - Certified Scrum Master
Languages
Italian
Native or Bilingual
Spanish
Limited Working
French
Limited Working
Portuguese
Elementary
Timeline
Assessment and Authorization Specialist
Vaco
08.2020 - Current
Information Assurance Specialist
Lockheed Martin
02.2020 - 08.2020
Help Desk – Training Coordinator
Imperial Gutenberg S.R.L.
09.2015 - 02.2020
Bachelor of Science - Computer Science
Gateway Community College
Similar Profiles
Howard RochonHoward Rochon
Tax Consultant at VACOTax Consultant at VACO
Esa SyedEsa Syed
Senior Manager, Data Science at VacoSenior Manager, Data Science at Vaco
Jordan NevelsJordan Nevels
Technical Recruiter at VacoTechnical Recruiter at Vaco
Gabriel OrtizGabriel Ortiz
Director, Client Solutions at VacoDirector, Client Solutions at Vaco
JENNA DECECCHIJENNA DECECCHI
Licensed Clinical Social Worker at Stokes Counseling ServicesLicensed Clinical Social Worker at Stokes Counseling Services