Profiles search
CHERISSE LINCOLN
IT Specialist, Audit & Privacy Specialist at FSA
Randallstown, MD, United States
Details
Experience:
• Executing audit work. This encompasses execution of the planned approach for the audit in a team-based environment, interacting closely with various levels of staff and management throughout FSA.
• Discuss findings with management and contribute ideas for corrective action to improve processes by making practical and value-added recommendations.
• Establish positive working relationships with management and other business units within the Agency.
• Review the adequacy of information systems and reporting to ensure sufficient information is being conveyed to senior management.
• Conduct monthly meetings with the Information System Security Officer (ISSO) community informing them of upcoming changes and required reviews for Privacy. Serves as a liaison to the ISSO and Information System Owner (ISO) community to clarify and resolve privacy issues/concerns. Provide guidance and advice on Privacy Act, E-Gov Act, and other Federal laws ensuring compliancy.
• Provide ad-hoc reporting for privacy items such as Privacy Threshold Analyses (PTAs), Privacy Impact Assessments (PIAs), and System of Records Notices (SORNs).
• Assess operational deficiencies and disclosures concerns within FSA Privacy Team and work with upper management as well as system teams to develop plans for privacy improvements.
• Conduct meetings with FSA system ISSO/ISO as well as provide feedback on the PTAs, PIAs, and SORNs for FSA systems.
• Assisted in the creation of the FSA Privacy SharePoint site. Maintain the site by updating status details for all the systems PTA/PIA/SORN (high level charts).
• Work collaboratively with the different business units to update the privacy controls within the System Security Plan (SSP), Interconnection Security Agreements (ISAs), Memorandum of Understandings (MOUs), and Computer Matching Agreements (CMAs).
• Participate in the DoE Privacy Incident Response Team (PIRT) tabletop exercises as well as participate in the weekly PIRT Advisory Group (PAG) meetings.
2016 : Present
Federal Student Aid an Office of the U.S. Department of Education
IT Specialist
• Notifying the CISO of actual or suspected computer-security incidents, including PII and PHI breaches, using procedures specified in the RMH;
• Serving as a focal point for information security and privacy incident reporting and subsequent resolution;
• Ensuring that information security notices and advisories are distributed to appropriate CMS and contractor personnel and that vendor-issued security patches are expeditiously installed;
• Assisting the CMS CISO in reviewing CMS contracts for systems to ensure that information security is appropriately addressed in contract language;
• Ensuring that information security-related documentation at each phase of the CMS XLC meets all identified security needs;
• Maintaining the security documentation for systems under your purview, according to the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 (as amended) and the security requirements of the CMS Information Security Acceptable Risk Safeguards (ARS) - CMS Minimum Security Requirements (CMSR) and the procedures and standards of the RMH;
• Ensuring NIST SP 800-53 (as amended) are appropriate to the system based on the FIPS 199 security categorization;
• Assisting the System Owner (SO), Information Owner/Business Owner (IO/BO), and CISO in POA&M management;
• Reinforcing the concept of separation of duties by ensuring that no single individual has control of any critical process in its entirety per NIST SP 800-53 (as amended);
• Assisting the SO, IO/BO, and CMS CISO in ensuring that all requirements specified by the ARS - CMSR and the procedures and standards of the RMH, are implemented and enforced for applicable information and information systems;
• Ensuring that the appropriate operational information security posture is maintained for an information system and as such, work in close collaboration with the SO;
• Serving as a principal advisor on matters involving the security of an information system;
2014 :
CMS
Information Security Specialist, ISSO
• Manage the Plan of Action and Milestone (POA&M) process for over 25 systems.
• Performs security assessments to ensure system compliance with NIST methodology.
• Develop the final Security Assessment and Authorization (SA&A) documents upon completion of assessment effort for approval.
• Devises system security characterization and categorizations in accordance with FIPS 199 methodology.
• Assists in the development of security policies and procedures, and ensure compliance with all applicable regulations and requirements.
• Assisted in the development of the continuous monitoring process.
• Provide guidance on implementing information security.
• Serve as a project lead and monitor project progress, schedules, and ensures project deadlines are met.
2010 :
SAIC
Information Security Analyst
• Designed, developed and implemented new web interfaces and layouts for the rental industry.
• Hand-coded HTML while optimizing pages for search engine rankings, resolving cross-browser issues, and writing reusable code in PHP.
• Design, analyze, test, debugs, document and implement complex computer programs and applications for the rental industry using PERL, PHP, MySQL, MS SQL, Javascript, & CSS.
2006 :
Visual Data Systems
Wed Programmer
• Discuss findings with management and contribute ideas for corrective action to improve processes by making practical and value-added recommendations.
• Establish positive working relationships with management and other business units within the Agency.
• Review the adequacy of information systems and reporting to ensure sufficient information is being conveyed to senior management.
• Conduct monthly meetings with the Information System Security Officer (ISSO) community informing them of upcoming changes and required reviews for Privacy. Serves as a liaison to the ISSO and Information System Owner (ISO) community to clarify and resolve privacy issues/concerns. Provide guidance and advice on Privacy Act, E-Gov Act, and other Federal laws ensuring compliancy.
• Provide ad-hoc reporting for privacy items such as Privacy Threshold Analyses (PTAs), Privacy Impact Assessments (PIAs), and System of Records Notices (SORNs).
• Assess operational deficiencies and disclosures concerns within FSA Privacy Team and work with upper management as well as system teams to develop plans for privacy improvements.
• Conduct meetings with FSA system ISSO/ISO as well as provide feedback on the PTAs, PIAs, and SORNs for FSA systems.
• Assisted in the creation of the FSA Privacy SharePoint site. Maintain the site by updating status details for all the systems PTA/PIA/SORN (high level charts).
• Work collaboratively with the different business units to update the privacy controls within the System Security Plan (SSP), Interconnection Security Agreements (ISAs), Memorandum of Understandings (MOUs), and Computer Matching Agreements (CMAs).
• Participate in the DoE Privacy Incident Response Team (PIRT) tabletop exercises as well as participate in the weekly PIRT Advisory Group (PAG) meetings.
2016 : Present
Federal Student Aid an Office of the U.S. Department of Education
IT Specialist
• Notifying the CISO of actual or suspected computer-security incidents, including PII and PHI breaches, using procedures specified in the RMH;
• Serving as a focal point for information security and privacy incident reporting and subsequent resolution;
• Ensuring that information security notices and advisories are distributed to appropriate CMS and contractor personnel and that vendor-issued security patches are expeditiously installed;
• Assisting the CMS CISO in reviewing CMS contracts for systems to ensure that information security is appropriately addressed in contract language;
• Ensuring that information security-related documentation at each phase of the CMS XLC meets all identified security needs;
• Maintaining the security documentation for systems under your purview, according to the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 (as amended) and the security requirements of the CMS Information Security Acceptable Risk Safeguards (ARS) - CMS Minimum Security Requirements (CMSR) and the procedures and standards of the RMH;
• Ensuring NIST SP 800-53 (as amended) are appropriate to the system based on the FIPS 199 security categorization;
• Assisting the System Owner (SO), Information Owner/Business Owner (IO/BO), and CISO in POA&M management;
• Reinforcing the concept of separation of duties by ensuring that no single individual has control of any critical process in its entirety per NIST SP 800-53 (as amended);
• Assisting the SO, IO/BO, and CMS CISO in ensuring that all requirements specified by the ARS - CMSR and the procedures and standards of the RMH, are implemented and enforced for applicable information and information systems;
• Ensuring that the appropriate operational information security posture is maintained for an information system and as such, work in close collaboration with the SO;
• Serving as a principal advisor on matters involving the security of an information system;
2014 :
CMS
Information Security Specialist, ISSO
• Manage the Plan of Action and Milestone (POA&M) process for over 25 systems.
• Performs security assessments to ensure system compliance with NIST methodology.
• Develop the final Security Assessment and Authorization (SA&A) documents upon completion of assessment effort for approval.
• Devises system security characterization and categorizations in accordance with FIPS 199 methodology.
• Assists in the development of security policies and procedures, and ensure compliance with all applicable regulations and requirements.
• Assisted in the development of the continuous monitoring process.
• Provide guidance on implementing information security.
• Serve as a project lead and monitor project progress, schedules, and ensures project deadlines are met.
2010 :
SAIC
Information Security Analyst
• Designed, developed and implemented new web interfaces and layouts for the rental industry.
• Hand-coded HTML while optimizing pages for search engine rankings, resolving cross-browser issues, and writing reusable code in PHP.
• Design, analyze, test, debugs, document and implement complex computer programs and applications for the rental industry using PERL, PHP, MySQL, MS SQL, Javascript, & CSS.
2006 :
Visual Data Systems
Wed Programmer
Company:
Federal Student Aid an Office of the U.S. Department of Education
Profile Photo
