Yannick Ekpe,

Cell: 919-***-****, acv9t8@r.postjobfree.com

Information Security and FISMA Compliance Analyst.

Detailed knowledge of security tools, technologies and best practices with more emphasis on FISMA/NIST and Sarbanes-Oxley 404. Over five years of experience in system security monitoring, auditing and evaluation, C&A and Risk Assessment of GSS (General Support Systems) and MA (Major Applications).

Summary of qualifications

Perform Certification and Accreditation documentation in compliance with company standards

Develop, review and evaluated System Security Plan based NIST Special Publications

Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems

Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A and NIST SP 800-53R4

In depth knowledge of COOP, COSO and COBIT Frameworks

Compile data to complete Residual Risk Report and to insert contents into the POA&M

Ability to multi-task, work independently and as part of a team

Strong analytical and quantitative skills

Effective interpersonal and verbal/written communication skills

Professional Experience

Evergreen Information Security and Technology 06/2013-Present

Information Security Analyst

Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M)

As consultant I work with System Owners and ISSO in preparing certification and Accreditation package for Systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4

Categorization of systems using FIPS 199 and NIST SP 800-60

Conduct Risk Assessment

Perform Vulnerability Assessment. Make sure that risks are assessed, evaluated and a proper actions have been taken to mitigate their impact on the Information and Information Systems

Created documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages

Evergreen Information Security and Technology 01/2012 to 6/2013

SOX 404 Compliance testing Analyst

Perform IT risk assessment and document the system security keys controls

Meet with IT team to gather evidence, develop test plans, testing procedures and document test results and exceptions

Design and Conduct walkthroughs, formulate test plans, test results and develop remediation plans for each area of the testing

Wrote audit reports for distribution to management and senior management documenting the results of the audit

Conducted risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard

Participate in the SOX testing of the General Computer Controls

Develop a Business Continuity Plan and relationship with outsourced vendors

Evaluate clients key IT processes such as change management, systems development

Computer / data center operations and managing security at database, network and application layers

Professional Training

Certification and Accreditation Document Review training, March 2013

Information Assurance Awareness training, April 2013

Anti-Phishing training, June 2012

CAP: Certified Authorization Professional Training, September 27-29, 2012

Webcast: Information Security and Privacy – FISMA “Next Gen,” March 22, 2012

Enterprise Certification & Accreditation Training January 2012

Information Systems Security training, December 2012

Project Management training, American Management Association, July 2012

A+, Computer Institute, Rockville, MD, August 2012

FISMA Compliance Certification, FISMA Center, Columbia, MD, September 2012

Education

Wake Technical Community College, Raleigh, NC

Associate Degree in Business Administration, 2012

Associate Degree in Accounting, 2012

Business Core Certificate, 2012

Certifications

Actively working to become a Certified Information Security Auditor (CISA

REFERENCES

References will be furnished up on request

Contact this candidate