Information Security Analyst

FOLA FAYE OLUKUNLE

Lanham, MD ***** • 301-***-**** • ad5c6z@r.postjobfree.com

Professional Summary

Information Security Analyst passionate about aligning security architecture plans and processes with security standards and business goals. Extensive experience developing and testing security framework for all systems/applications or environments in a growth-oriented organization focusing on conducting security control assessments for Federal and Non-Federal Organizations using NIST SP 800-53 Rev4 and NIST documentation Series. Knowledge and management of Federal Government C&A practices and policies, particularly FISMA, Fed Ramp NIST SP 800-53, 800-171, and ability to analyze technical outputs and recommend process improvements at an enterprise level and testing of Security controls and security framework. Authorized to work in the U.S. for any employer.

Skills

• NIST SP 800-60

• FIPS

• NIST 800-53 rev 4 & rev 5

• Risk Management Framework (RMF)

• FedRAMP

• FISMA

• Cloud AWS

• Certification and Accreditation(A&A)

• Risk assessment (RA)

• Contingency Planning (CP)

• Incident Response (IR)

• Disaster/ Recovery Response Plan

• Security Impact Analysis (SIA)

• NIST CSF

• Privacy Threshold Analysis (PTA)

• Privacy Impact Assessments (PIA)

• System Security Plan (SSP)

• Security Audits (SA).

• ISO 27001

• Vendor Risk Assessment

• Knowledge of Cybersecurity Maturity Model

Certification (CMMC)

• HIPAA Security and Privacy controls.

• Plan of Actions & Milestones (POA&M)

• Vulnerability scanning tools (Nessus).

• Continuous Monitoring

• Excellent analytical and problem-solving abilities to identify and fix security risks.

Work History

Information Systems Security Officer (ISSO)/Assessor May 2019 to Current VineIT Consulting – MD

• Applied cybersecurity policy and procedures to systems and networking in a Working knowledge of NIST SP 800-37, SP 800-39, SP 800-53, SP 800-53A, SP 800-34, SP 800-18, SP 800-128 during documentation, review, and update.

• Reviewed and updated System Security Plan (SSP) using SP 800-18 guidelines.

• Reviewed and updated Risk Assessment (RA) using NIST SP 800-30 guidelines.

• Reviewed and updated Contingency Plan (CP) using NIST SP 800-34 guidelines.

• Reviewed and updated documentation for SOPs and audit artifacts

• Performed Information Systems Security Audits and Certification and Accreditation (C&A) Test Team efforts.

• Tracked vulnerabilities from identification to remediation and verification.

• Performed Security Impact Analysis (SIAs) for all proposed changes to production environments and provided guidance/approvals for requested changes to the application/system.

• Provide support for project/workstream management activities.

• Implemented NIST 800-53 r5 security and privacy controls in compliance with FISMA, HIPAA, and FedRAMP.

• Execution of Contingency Plan testing (CPT), Incident Response (IR) testing, and post-testing documentation.

• Serve as a trusted information security analyst to government clients.

• Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.

• Planned and implemented updates to System Security Plans (SSPs), Information Security Risk Assessments

(IS RAs), Privacy Threshold Analysis (PTA), Privacy Impact Assessments (PIAs), and other security artifacts for the program.

• Work with the technical team to document requirements and test plans and coordinate deployment activities.

• IT security policy and procedure development, update and review, and response to an audit request or audit support/coordination

• Coordinated system security audits with the audit team and penetration testing with internal and external assessors for each COTS product and System maintained as part of the Enterprise.

• Collected and managed all appropriate artifacts required to demonstrate security control compliance.

• Documented risks and monitor remediation.

• Performed risk assessments to help create optimal prevention and management plans.

• Managed POA&M process for designated IT systems and provided timely detection, identification, and alerting of non-compliance issues.

• Planned, developed, implemented, and maintained programs, policies, and procedures to protect the integrity and confidentiality of systems.

• In-depth knowledge of penetration testing and intrusion detection on systems.

• Audited networks and security systems to identify vulnerabilities.

• Prepared and implemented Assessment and Authorization (A&A) documents and procedures.

• Reviewed and creation of mitigation reports from compliance and vulnerability scanning tools (Nessus and other tools).

• Analyzed system risk to identify and implement appropriate security countermeasures.

• Minimized risk of damage from security breaches by implementing business continuity or disaster recovery plans.

• Enterprise environment to review controls and package artifacts for validity. ACCOUNT MANAGER March/2016–April/2019

STATE EMPLOYEE CREDIT UNION (SECU) - MD

• Provided customer-centered advisory services, offering single-family home refinance solutions, conducting asset management analysis, and recommending cost-effective products per client needs, thus ensuring maximum satisfaction.

• Utilized advanced technology to enhance branch functionality, monitor online banking activities, and conduct audits while collaborating with teams of (4) senior managers and finance professionals to drive process improvements.

• Contributed towards credit union portfolio growth, expanding banking and finance expertise via completing Member Advantage Sales Training while organizing financial literacy outreach programs to support small businesses.

• Built relationships with 80+ clients to understand their needs, resulting in $1M in annual revenue and exceeding targets by an average of 18% during tenure schedules.

• Recruit and onboard new B2B accounts in markets that require additional sales and service coverage throughout the Credit Union.

• Attained recognition as a “Top Sales Performer” multiple times among 100 employees based on consistently exceeding client expectations and achieving company financial objectives and goals. PERSONAL BANKER, CUSTOMER SERVICE January/2015–February/2016 CITI BANK – WASHINGTON, DC

• Provided customized solutions, including single/joint ownership, revocable trust accounts, business accounts, certificate-of-deposit, and checking accounts while ensuring client access to multiple account types as per financial goals.

• Delivered exceptional client services, facilitating financial transactions, encompassing deposits, withdrawals, and loan applications while up-selling and cross-selling banking products and services to drive business growth.

• Cultivated strong relationships with high-net-worth clients, generating valuable referrals for investment bankers.

Education

MASTER OF BUSINESS ADMINISTRATION (M.B.A.) - In Progress: UNIVERSITY OF MARYLAND GLOBAL CAMPUS BACHELOR OF SCIENCE (B.S.) MICROBIOLOGY: UNIVERSITY OF IBADAN, NIGERIA Certifications

• CISM - Certified Information Security Manager

Contact this candidate