Information Security Customer Service

James Omoyele

Phone: 240-***-**** • ad41mu@r.postjobfree.com

Professional Summary

A solutions-focused information security professional with seven (7) years information security experience in the NIST Risk Management Framework (RMF), Vulnerability Management, Risk Assessment, and System Development Life Cycle (SDLC) security support. A proven problem solver with aptitude for good customer service, leadership, excellent communication (both oral and written), and presentation skills.

Certifications

CompTIA Security +

Education

Ladoke Akintola University of Technology Nigeria - PGD (Engineering) Yaba College of Technology Nigeria - HND Engineering Technical Skills

• NIST 800-37 FIPS 199 NIST 800-60v1&2

• NIST 800-53(rev. 4&5) FIPS 200 NIST 800-18

• NIST 800-53A NIST 800-137 SharePoint

• Telos Xacta SAR SSP

• POA&M NIST 800-30 & 39 Nmap

• IDS and IPS FedRAMP Nessus

• CSAM IronPort Splunk

• SAP WireShark ATO Packages

• Linux OS

Professional Experience

Cybersecurity Analyst/ ISSO

Trust Point.One, Washington, DC June 2019 – Present

• Used existing organizations RMF process to perform internal assessments using NIST SP 800-53a to ensure the security controls are being implemented properly and are producing the desired outcome.

• Worked with a team of Information System Owners, Developers and System Engineers to select and implement tailored security controls in safeguarding system information.

• Updates IT security policies, procedures, standards, and guidelines according to department and federal requirements

• Used NIST 800-37 as a guide for assessments and continuous monitoring to make sure security posture was operating at a high level in accordance with organization’s monitoring strategy.

• Reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies to ensure systems are FISMA compliant.

• Initiated weekly meetings with various System Owners and Information System Security Officers (ISSO) to provide guidance of evidence needed for security controls and document findings of assessments.

• Collaborated with system’s development staff to recreate and solve problems in a test environment.

• Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POA&M Remediation, and document creation using NIST SP 800-53.

• Assisted with selecting security controls for two Department of Commerce systems to support these systems’ Risk Management Framework (RMF) efforts; Directly involved with developing the contingency Plan and Incident Response plan to support Business Continuity Plan initiatives.

• Analyzed and evaluated the ATO (Authorization to Operate) Package, including security plans, security assessment reports, and plan of action milestone (POA&Ms), and got them ready for the Authorization official’s approval.

• Monitored and manage spam filters to mitigate risk from phishing or malware.

• Document and analyze changes that occur on information systems and perform continuous monitoring on an ongoing basis in accordance with the organization monitoring strategy.

• Initiated meetings with various System Owners and Information System Security Officers

(ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.

• Developed OS images to facilitate the timely deployment of new user workstations and virtual machines.

Cyber Security Compliance Officer

Rodot Nigeria Ltd. Lagos, Nigeria May 2015 – December 2018

• Leveraged existing organization’s RMF process, review and determine if system/application documentations are accurate, up to date, and displayed thorough details to support the Security Control Assessment/Validation process.

• Initiated meetings with various System Owners and Information System Security Officers

(ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.

• Expertise in International Standards Organization’s (ISO) 12700 Standards. Performed assessments, POA&M Remediation, and artifacts review using ISO 127001.

• Review security controls and provide implementation responses as to if/how the systems are currently meeting the requirements.

• Develop ISO-compliant vulnerability assessments, technical documentation, and initial Plans of Action and Milestone (POA&M) documentation.

• Ensure customers follow security policies and procedures following ISO 127001.

• Perform specific quality control for packages validation on the SSP, RA and PIA

• Plan, assign and perform security validation review for A&A documentation, and supervise team members.

• Provide POA&M Quality and Management (review, update and validate on behalf of the Assessment Manager

• Review and upload deliverables in A&A repositories CSAM

• Maintain inventory of all Information Security system assigned and scheduled for Assessment.

• Provide guidance and training to the system owner and ISSO on the validation process

• Perform Information Systems Security Audits and Assessment and Authorization (A&A) Test in compliance with the ISO 127001 standards.

Cyber Security Analyst

Keystone Bank Plc, Victoria Island, Lagos, Nigeria June 2012 – May 2015

• Leveraged ISO 27001 and existing organization’s process, to determine if system/application documentations are accurate, updated, and displaying thorough details to support the Security Control Assessment/Validation process

• Initiated meetings with various System Owners and providing guidance of evidence needed for security controls, and documenting findings of assessment.

• Conducted and managed vulnerability scanning using Nessus and coordinated remediation.

• Identify system misconfigurations and analyzed of security scan reports for necessary action.

• Real-time monitoring of systems for possible security incidents, using Splunk.

• Web Application security testing/Penetration testing using tools such as Burp Suite Pro, Acunetix and SQLMap.

• Working with Developers, System Engineers and in ensuring security is baked into the SDLC process.

• Use of Symantec Enterprise tool Intrusion detection in the enterprise infrastructure

• Performed Security Incident Response activities including investigations, follow-up and coordinating with the SOC to resolve Incident tickets REFERENCES

Available upon request

Contact this candidate