Profiles search
Mansoor Nasir
Cybersecurity - Audit Liaison at U.S. Department of Labor
Ft. Washington, MD, United States
Details
Experience:
2020 : Present
U.S. Department of Labor
Cybersecurity - Audit Liaison
A-123 IT specialist - IT focus June 2014 to July 2017
Section Chief of A-123 July 2017 to November 2017(detail)
FACT - A-123 Specialist IT focus November 2017 to July 2017
Enterprise Operation Security Analyst July to November 2018 (detail)
FACT - A-123 Specialist IT focus November 2018 to present
•Developed and implemented all Information Technology (IT) related transaction for A-123 Compliance
•Developed control test plan for all financial systems internal control assessment with similar processes leveraging FISMA (NIST 800 series) Compliance.
•Review FISMA Annual Security Control Assessment SOP to ensure completeness for implementation.
•Review Financial Systems SSP, SAR, SAP, and POAMs to ensure the system ATO is current and Information System Continous Monitoring activities are in place.
•Developed an external financial system review for compliance with A-123 (FISMA, FFMIA)
•Established and assessed controls overall financial management system reporting requirements from the GAO.
•Created integrated internal control and monitoring program in compliance with both Treasury Department and GAO guidelines.
•Implemented an efficient governance, risk, and compliance framework (FISCAM and FISMA) to meet A-123 compliance guideline for Financial Systems.
•Review FISMA Annual Security Control Assessment Results for compliance with all Financial Systems.
•Based on A-123 review of the FISMA compliance of the Financial Systems, made recommendations to improve Security Control assessment(SCA) process and procedures.
•Provided and supported External System Review team to address GAO’s recommendation by implementing reviews of SSAE-16/SSAE18 reports and Continues Monitoring (Continuous Authority to Operate)
2014 : 2020
Internal Revenue Service
IT Auditor -A-123
•Provided assistance to information system security officer with IT governance, management risk, and compliance requirements.
•Development a Compliance Continuous Monitoring program for all US Mint information systems.
•Developing and updated US MINT information security policies, procedures and compliance strategies to be in-line with FISMA requirement utilizing NIST standards (800-37, 800-53 rev 4, 800-30, 800-137, etc)
•Prepared briefs for management, providing to system status operating status, Annual Assessment and outstanding POA&MS.
•Managed all FISMA required documents such as US Mint Contingency Plan, E-authentications, PIA, System Security Plan (SSP), Security Control Assessments (SCA), Security Assessment Reports (SAR) and POA&M’s with related artifacts.
•Assisting in the development of lessons learned and future policy and procedural guidance in order to reduce the risk of potential network attacks
•Assisted in identifying common control relevant to all systems within the US mint environment.
•Reviewed system POA&Ms and updated any changes with TFIMS AND TAF.
2014 : 2014
United States Mint
IT Specialist
TFS Group, Inc.
August 2009 – Present (4 years 5 months)
•Responsible for making configuration changes to Cisco ASA firewall and concentrator for both Headquarter and Disaster site.
•Responsible for redesigning and maintaining network using various network/security monitoring tools and documenting changes.
•Worked with systems team to evaluate new emerging technologies for application load balancing (Citrix Netscaler), performance and high availability (e.g. SharePoint 2010, Exchange 2010 and CCH–Teammate).
•Coordinated with Qwest (Centurylink) network services installation and testing of 12 OIG field office sites circuit turn-ups.
•Responsible for configuring SSH on network devices via RADIUS authentication enabling access control for all devises.
•Reviewing IT-INFOSEC security, FISMA, NIST 800-53, DHS 4300 requirements pertaining to DHS-OIG deployment of operating systems, database software.
•Responsible for evaluating and monitoring IT infrastructure systems for compliance with security requirements and reporting findings to ISSM.
•Assisted security team with scanning operating systems to identify risks and vulnerabilities using Tenable security center, Nesses vulnerability Scanner, and Symantec Altiris, and End point Protection.
•Assisted security team with FY13 FISMA System Inventory.
•Assisted IT- Security team in implementing continuous monitoring tools for security information event management.
•Member of IT –Teammate implementation team, responsible for troubleshooting networking issues.
•Updated network devices and servers with patches during monthly maintenance, and updating configuration management.
2013 : 2014
TFS Group, Inc.
Network Analyst -ISSO
•Prepared Certification and Accreditation (C&A) packages for final approval based on National Institute of Standards and Technology (NIST) standards.
•Conducted Security Controls Testing and Evaluation based on NIST SP 800-53A.
•Develop ST&E Plans, ST&E Reports, RA Reports; SSPs; and POA&Ms for Major Applications (MAs) and General Support Systems (GSS) in accordance with NIST SP 800-18 Revision 1, 800-30, 800-37, 800-53 Revision 3, and 800-53A
•Offered advice and assistance to Information System Security Officers (ISSOs) through the C&A process.
•Used the automated C&A tool, Trusted Agent FISMA (TAF), to track documentation.
•Implemented Tenable Security Center in HRSA environment and created relevant Dashboards required by management.
•Analyzed scan results produced from Tenable’s Security Center, Nessus Vulnerability Scanner, Nnap, AppScan Secure Fusion (RAS) and provided Infrastructure team with findings for remediation.
•Developed risk assessments, security plans and risk mitigation plans to identify security risks for new systems and architectures.
2011 : 2013
Senet International
Cyber Security Analyst
U.S. Department of Labor
Cybersecurity - Audit Liaison
A-123 IT specialist - IT focus June 2014 to July 2017
Section Chief of A-123 July 2017 to November 2017(detail)
FACT - A-123 Specialist IT focus November 2017 to July 2017
Enterprise Operation Security Analyst July to November 2018 (detail)
FACT - A-123 Specialist IT focus November 2018 to present
•Developed and implemented all Information Technology (IT) related transaction for A-123 Compliance
•Developed control test plan for all financial systems internal control assessment with similar processes leveraging FISMA (NIST 800 series) Compliance.
•Review FISMA Annual Security Control Assessment SOP to ensure completeness for implementation.
•Review Financial Systems SSP, SAR, SAP, and POAMs to ensure the system ATO is current and Information System Continous Monitoring activities are in place.
•Developed an external financial system review for compliance with A-123 (FISMA, FFMIA)
•Established and assessed controls overall financial management system reporting requirements from the GAO.
•Created integrated internal control and monitoring program in compliance with both Treasury Department and GAO guidelines.
•Implemented an efficient governance, risk, and compliance framework (FISCAM and FISMA) to meet A-123 compliance guideline for Financial Systems.
•Review FISMA Annual Security Control Assessment Results for compliance with all Financial Systems.
•Based on A-123 review of the FISMA compliance of the Financial Systems, made recommendations to improve Security Control assessment(SCA) process and procedures.
•Provided and supported External System Review team to address GAO’s recommendation by implementing reviews of SSAE-16/SSAE18 reports and Continues Monitoring (Continuous Authority to Operate)
2014 : 2020
Internal Revenue Service
IT Auditor -A-123
•Provided assistance to information system security officer with IT governance, management risk, and compliance requirements.
•Development a Compliance Continuous Monitoring program for all US Mint information systems.
•Developing and updated US MINT information security policies, procedures and compliance strategies to be in-line with FISMA requirement utilizing NIST standards (800-37, 800-53 rev 4, 800-30, 800-137, etc)
•Prepared briefs for management, providing to system status operating status, Annual Assessment and outstanding POA&MS.
•Managed all FISMA required documents such as US Mint Contingency Plan, E-authentications, PIA, System Security Plan (SSP), Security Control Assessments (SCA), Security Assessment Reports (SAR) and POA&M’s with related artifacts.
•Assisting in the development of lessons learned and future policy and procedural guidance in order to reduce the risk of potential network attacks
•Assisted in identifying common control relevant to all systems within the US mint environment.
•Reviewed system POA&Ms and updated any changes with TFIMS AND TAF.
2014 : 2014
United States Mint
IT Specialist
TFS Group, Inc.
August 2009 – Present (4 years 5 months)
•Responsible for making configuration changes to Cisco ASA firewall and concentrator for both Headquarter and Disaster site.
•Responsible for redesigning and maintaining network using various network/security monitoring tools and documenting changes.
•Worked with systems team to evaluate new emerging technologies for application load balancing (Citrix Netscaler), performance and high availability (e.g. SharePoint 2010, Exchange 2010 and CCH–Teammate).
•Coordinated with Qwest (Centurylink) network services installation and testing of 12 OIG field office sites circuit turn-ups.
•Responsible for configuring SSH on network devices via RADIUS authentication enabling access control for all devises.
•Reviewing IT-INFOSEC security, FISMA, NIST 800-53, DHS 4300 requirements pertaining to DHS-OIG deployment of operating systems, database software.
•Responsible for evaluating and monitoring IT infrastructure systems for compliance with security requirements and reporting findings to ISSM.
•Assisted security team with scanning operating systems to identify risks and vulnerabilities using Tenable security center, Nesses vulnerability Scanner, and Symantec Altiris, and End point Protection.
•Assisted security team with FY13 FISMA System Inventory.
•Assisted IT- Security team in implementing continuous monitoring tools for security information event management.
•Member of IT –Teammate implementation team, responsible for troubleshooting networking issues.
•Updated network devices and servers with patches during monthly maintenance, and updating configuration management.
2013 : 2014
TFS Group, Inc.
Network Analyst -ISSO
•Prepared Certification and Accreditation (C&A) packages for final approval based on National Institute of Standards and Technology (NIST) standards.
•Conducted Security Controls Testing and Evaluation based on NIST SP 800-53A.
•Develop ST&E Plans, ST&E Reports, RA Reports; SSPs; and POA&Ms for Major Applications (MAs) and General Support Systems (GSS) in accordance with NIST SP 800-18 Revision 1, 800-30, 800-37, 800-53 Revision 3, and 800-53A
•Offered advice and assistance to Information System Security Officers (ISSOs) through the C&A process.
•Used the automated C&A tool, Trusted Agent FISMA (TAF), to track documentation.
•Implemented Tenable Security Center in HRSA environment and created relevant Dashboards required by management.
•Analyzed scan results produced from Tenable’s Security Center, Nessus Vulnerability Scanner, Nnap, AppScan Secure Fusion (RAS) and provided Infrastructure team with findings for remediation.
•Developed risk assessments, security plans and risk mitigation plans to identify security risks for new systems and architectures.
2011 : 2013
Senet International
Cyber Security Analyst
Company:
U.S. Department of Labor
Profile Photo
