Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Affiliations
Computer Software Skills
Security Clearances
Work Availability
Work Preference
Languages
Interests
Timeline
Generic
O. Anthony Avens

O. Anthony Avens

Accokeek,MD

Summary

Senior information assurance, security, and audit professional with over 20 years of domestic and international experience in information technology (IT) security, finance, transportation, telecommunications, mobile computing, news media, education, insurance, manufacturing, and healthcare industries. Proven ability to identify, assess, and ensure compliance with industry standards. Successfully cultivated relationships with over 22 federal agencies to assess their IT governance, risk, and compliance (GRC) obligations, achieving a 95% success rate with 28 systems obtaining approval and authorization to operate (ATO).

Overview

20
20
years of professional experience
8
8
Certification

Work History

Senior Information Systems Security Officer (ISSO) and Security Subject Matter Expert (SME)

Interim Business Solutions, LLC
03.2004 - Current
  • Responsible for managing cybersecurity risks for eight (8) systems and mobile applications (including Uber and Lyft) while ensuring compliance with agency and vendor security contract requirements
  • Engage with system stakeholders, Information Systems Security Manager (ISSM), Chief Information Security Officer (CISO), Privacy Office, Legal, and Authorizing Official (AO) throughout all phases of the Risk Management Framework (RMF)
  • Spearhead stakeholders to develop, document, review, and maintain the System Security Plan (SSP), Privacy Threshold Assessment (PTA), Privacy Impact Assessment (PIA), System Security Categorization, Business Impact Analysis (BIA), Risk Assessment, Contingency Plan (CP), CP Test Report, Incident Response Plan (IRP), IRP Test Report, Hardware and Software Inventory, Configuration Management Plan (CMP), Supply Chain Risk Management Plan, Memorandum of Agreement (MOA), Memorandum of Understanding (MOU), and Interconnection Security Agreement (ISA)
  • Coordinate with independent security controls assessment teams to conduct Assessment & Authorization (A&A) and develop the Security Assessment Plan (SAP), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M), and ensure timely remediation of system vulnerabilities
  • Perform continuous compliance monitoring of security controls to ensure they are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the cybersecurity requirements
  • Apply extensive knowledge of the Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standards and Technology (NIST) Special Publication (SP) 800 series (e.g., 800-37, 800-53, 800-171, etc.), Federal Information System Controls Audit Manual (FISCAM), Statement on Standards for Attestation Engagements (SSAE) No
  • 18 Service Organization Control (SOC) 1 and 2, Payment Card Industry Data Security Standard (PCI DSS), Office of Management and Budget (OMB) Circular A-123, and other pertinent federal laws, regulations, and guidance
  • Analyze the technical operating system, database, compliance, penetration test, and web application scan results for prioritization, tracking, and remediation
  • Maintain cybersecurity dashboards to include system ATO status and expiration dates; total count of open Critical, High, Moderate, and Low-risk vulnerabilities; contract security deliverable due dates; data call response status; etc
  • Assess 39 monthly operating system, database, web application, and compliance technical scan reports to ensure vulnerabilities are accurately documented and tracked until remediated
  • Perform reviews of cloud computing environments, including Amazon Web Services (AWS), Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), etc.
  • Develop and present regular status reports on security activities, accomplishments, and any concerns
  • Liaise with stakeholders to support the Office of the Inspector General (OIG) audit team requests to include Meeting Request Lists (MRLs), Prepared by Client (PBC) lists, and respond to Notifications of Findings and Recommendations (NFRs)
  • Facilitate reading room sessions for federal agency customers and their security controls assessment and audit teams to access and review system documentation
  • Investigate and resolve security incidents (e.g., conduct investigations, examine root cause analyses (RCAs), and review incident response reports)

Senior Technical Consultant

Impact Innovations Group, LLC
05.2003 - 03.2004
  • Company Overview: National Archives and Records Administration – System Certification and Accreditation Support
  • Evaluated security risks to identify the potential impact on the confidentiality, integrity, and availability of IT resources and provided recommendations to mitigate 5High and Moderate risks

Project Manager

MAXIMUS Corporation
04.2000 - 04.2003
  • Company Overview: U.S. Air Force (USAF) Security Certification and Accreditation
  • Assessed airport and air carrier security control mechanisms (e.g., ID badges, smart cards, biometrics, closed-circuit television (CCTV)) used to protect and monitor sterile airport areas

Senior Information Risk Management Consultant

KPMG, LLP
11.1996 - 04.2000
  • Provided IT audit and consulting services to various public- and private-sector clients

Senior IT Auditor

The Washington Post Company
02.1992 - 11.1996
  • Led private-sector general and application control reviews and audits, domestically and abroad

Education

Bachelor of Science - Business Information Systems (Major), Accounting (Minor)

Virginia State University
Petersburg, VA

Skills

  • Security policy development
  • Incident response
  • Disaster recovery planning
  • Business continuity planning
  • Threat analysis
  • Problem-solving
  • Attention to detail
  • Excellent communication
  • Decision-making
  • Risk assessment
  • Written communication
  • Business continuity
  • Regulatory compliance
  • Security planning
  • Vulnerability analysis
  • IT project management

Accomplishments

    Successfully cultivated relationships with over 22 federal agencies to assess their IT governance, risk, and compliance (GRC) obligations, achieving a 95% success rate with 28 systems obtaining approval and authorization to operate (ATO).

Certification

  • Certified Information Systems Security Professional (CISSP), 2001
  • Certified Information Systems Auditor (CISA), 1999
  • Certified FISMA Compliance Practitioner (CFCP), 2009
  • Certified Risk and Information Systems Control (CRISC), 2011
  • Certified Data Privacy Solutions Engineer (CDPSE), 2021
  • Certified Governance, Risk and Compliance (CGRC), 2009
  • Certified in Homeland Security (CHS), 2004
  • Certified Software Manager (CSM), 1999

Affiliations

  • International Information Systems Security Certification Consortium (ISC2)
  • American College of Forensic Examiners Institute (ACFEI)
  • ISACA Washington, DC Chapter (GWDC)
  • Bank of America Advisory Panel

Computer Software Skills

Microsoft Windows, Linux, UNIX, Apple iOS, Google (Chrome and Android), Google Suite (Calendar, Docs, Sheets, Slides), Microsoft Office 365 (Word, Excel, Outlook, PowerPoint, SharePoint, Visio), Intuit (QuickBooks, Quicken, TurboTax), RSA Archer, Cyber Security Asset Management (CSAM), AppDetectivePro, Burp Suite, DbProtect, Qualys, Rapid7, Tenable Nessus, Tripwire, WebInspect

Security Clearances

  • Secret, Inactive
  • Public Trust Minimum Background Investigation (MBI), Inactive

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Work Preference

Work Type

Contract Work

Work Location

HybridRemoteOn-Site

Important To Me

Work-life balanceCompany CultureWork from home option

Languages

English
Native or Bilingual

Interests

Travel

Timeline

Senior Information Systems Security Officer (ISSO) and Security Subject Matter Expert (SME)

Interim Business Solutions, LLC
03.2004 - Current

Senior Technical Consultant

Impact Innovations Group, LLC
05.2003 - 03.2004

Project Manager

MAXIMUS Corporation
04.2000 - 04.2003

Senior Information Risk Management Consultant

KPMG, LLP
11.1996 - 04.2000

Senior IT Auditor

The Washington Post Company
02.1992 - 11.1996

Bachelor of Science - Business Information Systems (Major), Accounting (Minor)

Virginia State University

Similar Profiles

  • Monique Leiba

    Monique LeibaMonique Leiba

    BILLING & COLLECTIONS OPERATIONS LEAD at Solutions for Medical Business, LLC.BILLING & COLLECTIONS OPERATIONS LEAD at Solutions for Medical Business, LLC.

  • Claudia Drake

    Claudia DrakeClaudia Drake

    Personnel Assistant I - Site Security Manager at Chenega Analytic Business Solutions, LLCPersonnel Assistant I - Site Security Manager at Chenega Analytic Business Solutions, LLC

  • ESTHER CHEMOTIO

    ESTHER CHEMOTIOESTHER CHEMOTIO

    Database Administrator at Tezza Business Solutions-LLC-Database Administrator at Tezza Business Solutions-LLC-

  • Anthony McGee

    Anthony McGeeAnthony McGee

    Security Officer at United Security Forces, LLCSecurity Officer at United Security Forces, LLC

  • Mikayla Adams

    Mikayla AdamsMikayla Adams

    Lead Teacher at Victorious Kids Child Care CenterLead Teacher at Victorious Kids Child Care Center

CREATE PROFILE
O. Anthony Avens