Ser Nay

Ø Manage evidence within the Governance Risk and Compliance (GRC) application such as CSAM, aiding the incorporation of security controls throughout the monitoring phase.

Ø Compile Authorization Packages (including SSP, POA&M, and SAR) for Information Systems presented to the Authorization Officer.

Ø Collaborate with Information System Owners, Developers, and System Engineers to formulate and implement customized security controls for safeguarding system information.

Ø Ensure system architecture, dataflow, network diagrams are developed consistent with system design.

Ø Demonstrate proficiency in the day-to-day execution, supervision, and continuous monitoring of security configurations, conduct SIA, change management and system hardening using DISA Stigs

Ø Conduct security Categorization (FIPS 199), assess and review Privacy Threshold Analysis (PTA), PIA, E-Authentication, Contingency Plan and Testing, Incident Response Test, and SORN to ensure compliance and completeness.

Ø Conduct both full functional, tabletop exercises on Contingency, Disaster Recovery and Incident response test

Ø Prepare system for SCA, participate in control testing by assessors, respond to questions during interviews, examination and testing of system controls prior to SAR development.

Ø Ensure the proper implementation and operation of selected security controls throughout all phases of the Information System lifecycle and develop system procedures and policies.

Ø Possess good experience with cloud computing service models (SaaS, IaaS, PaaS) and deployment models in private, public, and hybrid environments. Distinguish between on-premises and off-premises environments.

Ø Upload all security-reviewed and updated A&A Packages, including System Registration, System Security Categorization, e-Authentication Assessment CP, CPT, SSP, SAP, SAR, and POA&M, using CSAM.

Ø Monitor, evaluate, and report on the status of information security systems, directing corrective actions to eliminate or reduce risks.

Ø Proficient in developing POAMs in response to reported security vulnerabilities, overseeing corrective and mitigation actions to manage Information System risks until closure.

Ø Perform Vulnerability management and utilize a variety of vulnerability tools to scan the system, identify trends, and root causes of system failures. Work on remediation and propose mitigation strategies not addressed in the SSP.

Ø Ensure scans are performed on assigned systems such as Database scan, Pen Test, Code Scans, App scan and track remediation of vulnerabilities through POA&Ms.

Ø Created and implemented a security and privacy assessment plan aligning with the amended NIST SP 800-53A requirements for each security assessment project. SCA activities should encompass assistance for RMF steps 4-6.

Ø Examined and assessed Assessment & Authorization (A&A) packages, which encompass System Security Plans (SSP), Risk Assessments, Information System Contingency Plans (ISCP), Backup Standard Operating Procedures (SOP), Incident Response Plans (IRP), Configuration Management Plans (CMP), Hardware/Software lists, Network Diagrams, Data Flows, System Change Requests/Proposals, Vulnerability Scan Reports, Test Reports, and Plans of Actions & Milestones (POA&Ms). Evaluate these elements for thoroughness, precision, and document the efficacy of control, plan, and procedure implementation.

Ø Conduct Kick-off and exit interview briefing meetings with system team and document findings in SRITM.

Ø Formulate and communicate precise and succinct findings and recommendations to stakeholders and decisions.

Ø