Sylvester Popoola CISSP, CISM, CISA, ITILv*, CFE, Security+

Ellicott City MD 21043 443-***-**** ad44fs@r.postjobfree.com Information system technology professional with experience in cyber security processes, Risk Management Frameworks (RMF), Security Control Assessment (SCA), Federal Risk Management Program (FedRamp), Information Technology and General Control Auditor (ITGC), System development Life Cycle (SDLC), and compliance standards (SOX, SOC2, HIPAA & PCI DSS). Technical skills include Workiva, SharePoint, Nessus, Wireshark, and Linux

Status: US Citizen with Secret Clearance

PROFESSIONAL EXPERIENCE

QUASARS INC – WASHINTON DC

Information System Security Officer (ISSO – TSA -DHS). Feb 2023 – Present

• Serves as the principal advisor on all matters involving the security of an information system.

• Develops and maintains comprehensive system security authorization documentation (SSP, PTA, PIA etc.)

• Develops procedure documents for all control families.

• Documents external connections (ISAs, MOUMOA).

• Supports the Assessor with all Ongoing Authorization (OA) and Security Control Assessment (SCA) activities.

• Manages the system Plan of Action and Milestones (POA&Ms).

• Provides Change Management support for assigned systems.

• Ensures that Public Key Infrastructure (PKI) certificates for assigned FISMA systems are renewed when due and revocations are completed and processed prior to expiration. COALFIRE FEDERAL – RESTON VA

Senior Consultant (CAC - FedRAMP Lead) March 2022 – Feb 2023

• Developed Assessment & Authorization (A&A) testing methodologies, Security Test Plans, and provide all documentations necessary for performing Security Control Assessment

• Assisted in RMF Authorization and Monitoring an ongoing assessment effort (Steps 5&6)

• Worked with FedRAMP PMO on Readiness Assessment, Full Security Assessment and Authorization Process that include Cloud Computing Security Requirement Guidelines (CCSG)

• Developed System Security Plans, Configuration Management Plan, IT Contingency Plan, and Incident Response Plans in accordance with NIST requirements.

• Prepared, reviewed, and/or updated, and maintained IT security supporting artifacts.

• Conducted Assessment and Authorization (A&A) across DOD and civilian agencies for classified and unclassified systems on prem and in cloud environment accordance with FISMA, NIST and FedRAMP

• Provided IT security guidance to information system owners.

• Identified information security problems and challenges, researching and developing technical solution to

• Work closely with technical teams in system and network vulnerability scanning and analysis using both automated tools and manual techniques.

Sylvester Popoola {443}720-8729

Iron Vine Security LLC, Washinton DC

Information System Security Analyst (SCA-Lead) – Department of States (DOS) May 2021 – March 2022

• Developed Assessment & Authorization (A&A) testing methodologies, Security Test Plans, and provide all documentations necessary for performing Security Control Assessment

• Performed RMF Security Assessment on classified and unclassified systems.

• Assisted in RMF Authorization and Monitoring an ongoing assessment effort (Steps 5&6)

• Provided direct support in development of other A&A related systems bodies of evidence in accordance with current NIST Guidance using government provide A&A tool (XACTA, cmLite and iMatrix and other GRC tools)

• Tested, Analyzed, and interpreted A&A testing results for systems such as Linux, Virtual Machines, Networking, Database and Cloud Technology to identify security issues based on analysis of vulnerabilities and configuration data.

• Ascertained information systems’ security posture utilizing Self-Assessment, Security Test Plan control validation activities and other coordinated security testing.

• Performed SCA Leadership Role, attending and presenting projects status reports at management meetings, scheduling at PMO meetings, involved in technical meetings, and mentoring junior Assessors. INVICTUS INTERNATIONAL CONSULTING LLC, ALEXANDRA VA Senior Cyber Security Compliance Analyst (DOD) - April 2020 – April 2021

• Conducted information categorization of assigned systems by applying NIST FIPS199/NIST SP 800-60 to assess the Confidentiality, integrity, and Availability (CIA) and determine the impact and system rating using eMASS tool.

• Provided Information Systems Security Authorization support to DHS/USCG facilities.

• Performed System Security Authorization and related IA Continuous Monitoring tasks across multiple customer- owned and managed systems.

• Worked closely with internal and external cyber security stakeholders within CGCYBERCOM, USCGHQ and DHS in maintaining continued FISMA compliance, sustained ATO and effective system security posture.

• Conducted security evaluation and assessment, analyze IAVA bulletins and Cyber Security TASKORDs

• Performed documentation support services, tracking weakness mitigation/patch status.

• Collaborated with stakeholders in the creation and management of mitigation Plan of Action and Milestones and Privacy Impact Analysis (PIA)

• Performed Cyber Security operations support services to the Command, Control & Communications Engineering Center

HERTZ GLOBAL, DES PLAINES IL

Snr IT Security Auditor May 2016 – Mar 2020

• Performed ITGC testing of design and operating effectiveness of controls involving program changes, logical security, and IT operations for SOX Compliance

• Reviewed third party SOC reports with focus on identifying both qualified and unqualified opinions, control deficiencies and how they are addressed.

Sylvester Popoola {443}720-8729

• Assessed security and operational controls on various operating system environments such as Windows servers, *NIX (Linux and Unix), Mainframe zOS, and AS400 iSeries.

• Performed walkthroughs of various applications with IT Internal and External Auditors to provide technical understanding of the applications in preparation for SOX and other IT security audits.

• Carried out Identity Access Management (IAM) review on various applications for privilege and non-privilege access.

• Worked closely with Internal Auditors on IT process improvement on enterprise systems. NESTLE DREYER ICE CREAM – LAUREL MARYLAND

Production Compliance Analyst April 2013 – April 2016

• Carried out production internal quality control audit.

• Analyzed various product quality in production floor.

• Assisted in stock taking of inventory for month-end reporting for account close-off.

• Compiled and maintained records of quantity, value of materials, equipment, merchandise, and supplies and input in SAP inventory management module.

• Issued materials requisitioned to production staff and update records in SAP Inventory Module.

• Carried out production internal quality control audit.

• Analyzed various product quality in production floor.

• Assisted in stock taking of inventory for month-end reporting for account close-off.

• Compiled and maintained records of quantity, value of materials, equipment, merchandise, and supplies and input in SAP inventory management module.

• Issued materials requisitioned to production staff and update records in SAP Inventory Module. Worked with the Factory Cost Accountant in gathering data and information to carry out various cost accounting functions.

NATIONAL PIKE HEALTH CENTER, BALTIMORE MD

Compliance Analyst Nov 2012 – March 2013

• Managed IT department to ensure necessary IT policies and procedures are in place to identify security vulnerabilities and control weaknesses; provided enhancement and Safeguards.

• Served as a point of contact for IT teams to address control questions from government agencies on audit and achieved continuous accreditation of the organization.

• Facilitated and coordinated with business owners to remediate identified issues. EDUCATION

BS, Economics - Lagos State University

Master’s in information systems management - University of Phoenix Masters in Cyber Security – University of Phoenix

Sylvester Popoola {443}720-8729

CERTIFICATIONS

Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM) Certified Information System Auditors (CISA), CompTIA Security+, Information Technology Infrastructure Library (ITILv3), Certified Fraud Examiner (CFE), Chartered Accountant (ACA) ACHIEVEMENTS

Member: The National Society of Leadership and Success – University of Phoenix Chapter Member: Epsilon Pi Tau (EPT) – University of Phoenix Honor Society – Delta Sigma Member: Order of the Sword & Shield – University of Phoenix Honor Society – Omicron Sigma Sigma.

Contact this candidate