Solutions Architect Security Analyst
Resume:
Kunle Fasalojo PMP. CISA. CISM. CEH. SAFe Agilist
ad4ncv@r.postjobfree.com 240-***-****
Kunle is a highly self-motivated leader with 15 years of expertise in information assurance, experience in risk management and information technology assurance professional, a scholar-practitioner with experience in Auditing, Privacy, Governance, Risk, and Compliance.
Serve as a trusted adviser. Collaborate with other stakeholders to enable management to make clear, informed, risk-based decisions while ensuring compliance and regulatory obligations through controls and policy management.
Technical Knowledge, Skills, and Specialization Areas
Five years of Information Assurance and Security Assessments, Security Assessment and authorization (SA&A), Information Technology and Cybersecurity Curriculum Development, and New Employee Orientation Awareness Training.
Nine years of Information Security Auditing. DFRAS NIST 800;171. Led client audit engagements to conduct organization process audits. Information security and privacy program management and specialized support services
Three years of Data Privacy, Data by Design, GDPR.
One year of Blockchain Technology Adoption.
Collaborates with corporate business development teams and VMO to lend expertise in drafting Request for Information (RFI) or Request for Proposal (RFP)
Strengths
IT Business/Strategic Planning
Cyber Threat Intelligence
Third Party Management
IT Governance
Ransomware
Cloud Architecture & Security
M MITRE ATT&CK Framework
Disaster Recovery/Business Continuity Planning
Budgeting /Financial Controls
Zero Trust Architecture
Blockchain Adoption
CMMC Assessment
Pen Testing
Vulnerability
Agile Scrum
Professional Experience
Collaborative working knowledge of cybersecurity risk management, disaster recovery, FISMA compliance, information security architecture, information security auditing, security control assessment, threat modeling, threat management, vulnerability scan analysis, and vulnerability assessments
Accomplishments
Assessment & Gap Analysis for Executive Order 14028 & OMB memos
Led cybersecurity team in assessment and authorization of Federal Agency internal and external systems.
Ensure compliance to DFARs, NIST 800-171 and CMMC requirements.
Thought Leadership
Collaborate with cybersecurity engineering, system administrators, integrated project team leads, to determine cyber risks, develop policies to mitigate vulnerability.
Manage assessments and authorization from step 1 - step 6 using Risk Management Framework(RMF)
Strong Involvement in development and presentation of thought papers for industry group on Ransomware, Data Loss Prevention, Governance Model for Blockchain Technology and Blockchain/Smart Contract Audit.
Collaborate with IT infrastructure, Development, Cybersecurity and operations teams to conduct risk and vulnerability analysis and to ensure changes in Infrastructure design, SSP IRP COO are coordinated across the agency enterprise network systems to assess risk and vulnerability.
Responsibilities
Tech Director Cybersecurity Program Management Technology & Innovation March 2022 – January 2024
AGT Consulting Group, Inc Human Health Service Centers for Medicare & Medicaid Services
Led support of program activities to improve and manage the cybersecurity and privacy of client information and information resources. Provide the support and guidance necessary to make the Division of Technology Management (DTM) information security and privacy program completely responsive to all statutory, regulatory, and operational requirements
Enhance the security cyber scope of the agency and drive a collaborative culture to modernize IT and Cybersecurity Infrastructure to transform the current IT and Cybersecurity services to manage the security posture of the agency.
Lead teams to ensure security guidelines and policies are compliant.
Lead team’s security control assessor teams to update the agency enterprise Information Technology Security Plans.
Lead team to draft and develop system security plans and authorization to Operate (ATO) packages.
Worked with ISSO’s, ISSE, ISO, BO’s, SO’s to manage Assessments &Authorization processes step1-sterp 7 to for ATO package processes.
Collaborate with cross-functional assessment teams to lead internal audit processes for DFARs and NIST 800:171 requirements.
Manage the integration and operation of security architecture components, tools, secure configurations, secure architecture blueprints, to support security standards and compliance requirements.
Worked with agency SO’s and contractor third party owned systems to report performance metrics.
Worked with leadership to ensure task order contractual obligations are effective and appropriate, reporting and monitoring financial figures and projections.
Manage compliance metrics reports to support audit process for internal agency systems and contractor coordinated systems to measure performance metrics.
Conduct internal audits with external audit team, gather reports and answer rebuttals for security operations for OIG requests for annual assessments/audits.
Participate in corporate office value chain management office bid proposal activities as required.
Responsible for 1-20 team, develop weekly and bi-weekly task status reports for Program manager, and stakeholders.
Manage client accounts, projects, and engagements, including work plans, staffing, deadlines, and budgets throughout all lifecycle phases, including strategy, goa Review outputs from POAMs to assess completeness and make recommendations for any further work needed or POAM closure.l-setting, deliverables, and maintaining an integrated project plan.
Managed outputs from POAMs to assess completeness and make recommendations for scheduled open work to closure of POAM’s.
Provide thoughtful leadership and influence executive-level decision-making present compliance reports and findings to senior management and external auditors.
Conduct agency Information technology cybersecurity and privacy awareness training for new employees for information security hygiene.
Responsibilities
Establish and maintain positive, collaborative relationships with agency stakeholders through kick-off meetings.
Lead agency twenty-seven (57) systems assessments guiding SO’s with assessments process and checklist resources for assessment lifecycle.
Interfaces with SO’s and stakeholders through entire engagement, interacting will all levels of agency.
Manage assessments priorities, tasks in conjunction with SO’s to achieve ATO active and expiry dates targets.
Execute examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4 and 5 requirements.
Escalates ATO issues to management in a timely manner to inform and engage the necessary resources to address the issue.
Validate respective information system security plans to ensure NIST control requirements are met.
Coordinate and manage assessments, ATO packages to include SAPs, SRTMs, SARs, RARs and FedRAMP documentation.
Ensure cybersecurity policies are adhered to and required controls are implemented.
Develop and author assessor attestation, SO’s, CISO, CISO recommendations to findings to security.
posture in accordance with NIST controls.
QSSINC UHG Optum Technical Services MD June 2013-March 2022
Manager - Auditing Governance Risk Compliance (aGRC)
Leads the agency cybersecurity GRC and privacy supporting processes of 27 systems to develop RMF assessments and authorization A&A packages, perform continuous monitoring tasks in alignment with industry best practices and regulatory requirements including HIPAA, NIST ISO 27000 and PCI-DSS standards.
Develop Assessment and Authorization (A&A) packages for various systems using the Risk Management Framework (RMF) process.
Nessus vulnerability scan results, develop SAR documenting for Plan of Action and Milestones develop.
Lead team to develop comprehensive risk assessments to identify, assess, and prioritize cybersecurity risks for risk mitigation strategies with IT infrastructure and cybersecurity engineering teams.
Author recommendations associated with findings on how to improve the agency’s security posture in accordance with NIST controls.
Manages team assessment tasks and operations for program reporting.
Develop and present weekly, bi-weekly assessments and authorization metrics to measure the effectiveness of agency cybersecurity program.
Ensures assessments teams align with agency policies and procedures to maintain FISMA compliance and industry regulatory standards
Provide thoughtful leadership and influence executive-level decision-making through a deep analytical insight into core business decisions including prioritization of opportunities, security operations, risk management, policy enforcement, regulatory compliance, and data privacy.
Act as supervisor and mentor to manage colleagues, SME’s to attract and retain talent.
Advice on Zero trust adoption and CMMC Assessment preparation for C3PAO.
Conducting effective discussions to understand client business issues and match them to cyber capabilities.
Create and train cybersecurity awareness training curriculum for information security trends and vulnerabilities across multiple industry verticals to new employees.
Prepares and documents weekly status, Bi-weekly status reports to stakeholders.
Work with stakeholders to implement strategic plans to grow service line and enhance team’s skillsets and capabilities.
Manages and mentor 6 team members to deliver ATO’s to various systems to agency.
Author recommendations associated with findings on how to improve the agency’s security posture in accordance with NIST controls.
Performing interviews of potential new hires for an intern, associate, consultant, senior consultant and senior manager roles
Sr Compliance Manager Northrop Grumman Baltimore MD April 2011- April 2013
Provided effective risk management, internal audit, and governance to client’s enterprise- wide information technology to transform their IT risk management and assurance capabilities to be aligned to the key risks and strategies of organization. Led a performance driven team to leverage Security Compliance and Assurance auditing in a Cloud Environment to support compliance audits of clients cloud environment against government security requirements and industry best practices in an employee centric telework flexible environment.
Engaged client leadership on the design and optimization of controls utilizing a general knowledge of business processes, accounting, and information technologies.
Interpreted and conveyed audit universe information to team and senior management in written form and presentations.
Created internal control documentation including narratives, process and data flows.
Consulted with client leadership on strategic plans and other business matters, helping clients to anticipate emerging risks and information technology opportunities.
Managed SOC attestation and other third-party opinion services.
Supported external financial statement and SOX compliance engagements for application and information technology general computer controls assisting financial audit and Sarbanes-Oxley compliance teams in the identification of control objectives and the design of control procedures to address those objectives.
Assessed IT security policies, procedures, and controls of client’s business applications, networks, operating systems, and other components of their technology infrastructure.
Reviewed, documented, evaluated and tested application controls, particularly automated controls on a wide range of ERP systems and software applications across a wide variety of client business processes.
Identified internal IT controls, assessing their design and operational effectiveness, determining risk exposures, developing remediation plans, determining technical and business impact of identified security/control issues and providing remediation guidance to clients.
Communicated audit findings and recommendations to senior management and client personnel.
Led Audit cloud environment for compliance with government requirements: FISMA, NIST 800-53, NIST 800-210,
Managed the support of continuous development of automated security operation processes for compliance monitoring in AWS cloud environment.
Provided advisory support to internal organization audit team and government clients on emerging cloud security technology solutions to assist with compliance monitoring and auditing for least privilege security concept for cloud users and privilege accounts.
Led efforts to detect and remediate instances of non-compliance in AWS environment and updating the Information Risk Assessment IRA in the System Security Plan.
Managed team, mentoring staff, providing performance feedback, and managing stakeholder expectations in multiple projects successfully within a deadline-driven environment.
Sr Compliance Manager Lockheed Martin, Baltimore MD January 2010-April 2011
Led strategic planning and policy development of assessment of organization cyber policies and risk management. Evaluated how policies stack up to regulations, best practices, and industry standards. Guided and managed client through understanding of acceptable risk and IA. Managed the development of a strategic cyber roadmap. Collaborated with system owners and senior management to ensure client operated securely and cyber resilience.
Led Information Risk Management Team to provide Line of Defense and oversight of organizations company’s Cybersecurity and Identity Access Management (IAM) to support the development, validation and monitoring of cyber security capabilities.
Supported information systems engagements from inception to end, planning, execution, reporting, and supervision.
Identified internal controls issues within clients' IT environment to develop gap analyses.
Researched and developed understanding of core and critical IT processes.
Mentored IT management in gaining process efficiencies and control optimization.
Contributed to the growth of the IT Audit & Technology Risk team to achieve key goals and initiatives.
Developed artifacts and documented results of audit testing for management and client reporting.
Assisted clients redesign and transform their IT processes and related technical controls to achieve their compliance goals.
Information System Security Officer BEA Systems Washington DC June 2005 - Nov 2010
Primary function was to provide day-to-day support for Information and Special Access Program (SAP) activities to perform oversight of the development, implementation and evaluation of information system security program policy with special emphasis placed upon integration of existing network infrastructures.
Performed analysis of network security, based upon the RMF authorization process; advise customer on IT assessment and authorization issues
Provided IA support for network and information security systems, drafted documentation needed to announce new cyber security initiatives and participate in developing and implementing processes for cyber security kick-off meeting.
Prepared Security Test and Evaluation plans and provided C&A support, managed vulnerability and patch management team reporting.
Performed vulnerability assessments including development of risk mitigation strategies.
Analyzed policies and procedures against established laws and regulations and provided recommendations for closing gaps.
Coordinated the development and implementation of Cybersecurity security NIST CSI controls.
Assessed and mitigated system security threats and risks and partnered with appropriate stakeholders to evaluate cybersecurity risks and vulnerabilities.
Supported risk determination, risk identification with team throughout the full software development lifecycle to develop capabilities according to customer requirements and FIPS, NIST 800, CMS, and Government guidelines and regulations.
Performed scans and participated in the process to obtain ATO status for systems determined by SSA leadership.
Managed POAM roadmaps with each product and propose briefs and recommended actions based on best practices.
Responsible for system compliance, auditing, security plan development and delivering information systems security education and awareness.
Led Information security team and Steering Committee to align all security initiatives across the enterprise organization.
Technology & Tools
Regulatory & Privacy Frameworks: NIST CSF, ISO 27001, CIS
FIPS 199, 200, NIST 800-37, NIST 800-53a, NIST 800:53Rev5,DAFRS,NIST 800;171,CMMC, CSF Cybersecurity Framework, RMF (ATO).
ISO/IEC 20000, ISO 9000, ISO 27001:2013 and ISO 20000, SOC2, COBIT, COSO. Cloud, FedRAMP
Data Security: Data Leak Prevention (DLP –Proofpoint/ObserveIT, Digital Guardian), PKI and Certificate Management.
SOAR &XDR: Endpoint Detection & Response (Splunk Cloud, Crowdstrike, Check Point).
Network Technologies: Switches/Routers (Cisco, Juniper, Arista).
Network Security: Firewalls, IDS/IPS, VPN (Check Point, Cisco ASA, Fortinet, Juniper, PulseSecure), E-Mail Security (Proofpoint, Forcepoint, Agari), Web Content Filtering (Zscaler)
Cloud Security: AWS.
Identity & Access Management: PAM (CyberArk), SailPoint. Synck
Digital & Network Forensics: SPARTA, Wireshark.
GRC, Inventory & Change Control: Archer, ServiceNow, SharePoint, Jira, Kanban.
Microsoft Office 365 Word, Excel, PowerPoint, Visio and Teams
Education
BA Hons Economics & Politics Lancaster University, Lancaster. England. The United Kingdom.
Master of Engineering, Cybersecurity Policy & Compliance.
School of Engineering & Applied Sciences. George Washington University Washington Dc.
Executive Education
Executive Certificate Digital Transformation Strategies for Next Generation Leaders, Columbia Business School University New York USA.
Accreditations/Certifications
CompTIA Security+ CE
CompTIA Certified Advanced Security Practitioner (CASP)
EC Council Certified Ethical Hacker (CEH)
AWS Cloud Solutions Architect Associate AWS (CSA-A)
Project Manager Professional (PMP)
Certified Information Systems Auditor (CISA)
Certified Information Systems Manager (CISM)
SAFe 5.0 Agilist ( Leading SAFe)
Certified Data Privacy Solutions Engineer (CDPSE)
Contact this candidate