Post Job Free
Sign in

Information Security Risk Management

Location:
Old Bridge, NJ
Posted:
April 30, 2024

Contact this candidate

Resume:

OPEYEMI DANIEL ADEDOKUN

Old Bridge, NJ • 315-***-**** • ad5dzn@r.postjobfree.com

PROFESSIONAL SUMMARY

Results-driven leader and a United States Navy Veteran. A multifaceted technical and programmatic leader with over 12+ years in Cybersecurity Governance and Leadership experience. Extensive experience in the development of enterprise policies and procedures that address organizational needs including risk management and business continuity, as well incident management, and risk mitigation techniques. A strong background in regulatory and technical risk-based compliance initiative utilizing industry recognized standards and Frameworks such as the NIST 800 Series, ISO 27001, COBIT, HIPAA, SOC, PCI-DSS, and HITRUST. Holds an Active Secret Clearance.

EDUCATION & CERTIFICATION

Certified Information Systems Security Professional (CISSP)- In view

Certified Information Security Manager (CISM)

Certified Information System Auditor (CISA)

CompTIA Security Plus (Security+)

Grand Canyon University Master of Science in Informatics 2023

Southern New Hampshire University Bachelor of Arts, Psychology 2020

University of Ibadan Bachelor of Science, Information System Technology 2010

The Polytechnic of Ibadan Bachelor of Science, Accounting 2008

QUALIFICATIONS

12+ years of experience in Information Security and Governance

Regulation and Compliance

Security Controls Auditing

Process Implementation and Improvement

Information Security

Vendor Management

Assessment and Authorization (A&A)

Security Test and Evaluation (ST&E) assessments

Enterprise Assessment (EA) and Cyber Command Readiness Inspections (CCRI)

FedRAMP Packages

SDLC/Agile Methodology

Scrum Master

Cloud Solution Management (AWS/Google/Microsoft Azure)

Cyber Risk Analysis and Assessment, Risk Management, and Incident Response

Incident Response, Vulnerability and Patch Management, Contingency Planning, and Business Continuity

Compliance Management, Configuration Management and Change Control

DISA STIGs, and Data Loss Prevention Technologies.

Tenable Nessus, SolarWinds, Splunk, Rapid 7, Wireshark, SCAP Compliance Checker, STIG Viewer, RSA Archer, MS 365, KnowBe4 Security Awareness Training Platform, and Symantec Endpoint Protection Manager, etc.

Project and Program Management

Third Party Vendor Assessments

Audits

Privacy

SoC1, SoC2, ISO 27001, GDPR, RMF (NIST 800-53), PCI, HITRUST, FedRAMP, etc

PROFESSIONAL EXPERIENCE

DoD DFAS Rome, NY 01/2023 to Present

Information System Security Officer-ISSO (GS-12)

Lead IT Resilience team priorities, objectives, and goals to align with the vision and mission of the IT Compliance department and overall information security program.

Act as a SME and champion for IT Resilience programs, operational matters, and related IT compliance team challenges. May contribute to some short-term strategy development.

Provide additional leadership and coverage for Information Security Incident Response.

Responsible for IT Resilience team staffing, talent and team development, performance, budget, and new technology, services, and implementations to drive further automation and efficiencies.

Conduct regular security assessments, vulnerability testing, and penetration testing.

Ensure compliance with applicable laws, regulations, and industry standards (e.g., GDPR, HIPAA, SOC 2, PCI-DSS).

8 years’ experience demonstrating analytic ability to perform Oracle, SQL development, evaluate programmatic data, and propose solutions to project issues.

Streamlined the organization’s cybersecurity program through the implementation and administration of information security policies, procedures, and technologies to ensure the protection of systems, applications, and data on tactical and development networks.

Coordinate internal and external audits and manage remediation efforts.

Performed an assessment of the organization's information systems and networks to identify vulnerabilities, threats, and risks that could affect the organization's compliance with the CMMC framework.

Developed technical and programmatic recommendations for improvements to the organization's cybersecurity posture based on the results of the assessment.

Advised the organization on compliance with the CMMC framework, including the specific controls and processes required to achieve certification.

Improved security by researching and providing guidance on cybersecurity validation procedures, security systems, and emerging threats to clients, and provides feasible paths to remediate any findings.

Provided effective and cost-saving Cybersecurity Risk Management and Cloud Management solutions to clients in the form of IT automation, and comprehensive security architecture design.

Ensured situational awareness by communicating to applicable stakeholders on changes to regulatory and relevant compliance regulations and facilitates the adherence to the changes by issuing guidance and instructions.

Designed and led IT control assessments, while serving as a SME in security related activities such as Vulnerability Management, Incident Response, Disaster Recovery, Contingency Planning, etc.

Collaborated with technical teams to understand security risks and impacts to corporate solutions.

Managed the certification and accreditation projects of both the classified and unclassified network, and all the activities involved in the process including but not limited to the testing of security controls, and development and processing of justifiable exceptions for security control deviations.

Communicated technical security requirements and coordinated with applicable stakeholders to determine effectiveness of current security controls and a path forward for mitigation measures, where potential weaknesses might exist.

Managed contracts, implementation, and operational effectiveness of cloud services to include but not limited to SaaS, PaaS, and IaaS.

Managed the development and implementation of enterprise security policy, standards, guidelines, and procedures to ensure ongoing maintenance of security and compliance with the Federal, state, and local regulations as appropriate.

Oversaw information assurance operational activities to include perimeter, network, and host-based security controls.

Provided leadership to functional groups and staff on Information Security issues.

Improved the existing cybersecurity infrastructure by providing professional cybersecurity services in accordance with US Government (USG), Department of Defense (DoD), Department of the Army (DA), and US Army Forces Command (FORSCOM) policies and guidelines.

DoD- United States Navy 01/2015 to 01/2023

Lead Cyber Security Analyst/ Senior Information System Security Officer

●Performed cyber security resiliency test and evaluation of USS Louisiana.

●Performed Adversarial Assessments and Verification and validation testing.

●Managed the enterprise’s cybersecurity program in accordance with Federal and US Navy regulatory requirements, to include but not limited to Vulnerability Management, Penetration Testing, Baselining, Risk Management, Contingency Planning, Disaster Recovery, Incident Response, Security Test and Evaluation, etc.

●Leader and SME in Information Systems Security Controls auditing activities in accordance with NIST, ISO, COBIT, FISMA, GDPR, HIPAA, HITRUST, SOX, etc. Standards.

●Improved the enterprise’s cybersecurity program by preparing, updating, and maintaining RMF documentation such as, but not limited to, Authorization to Operate (ATO) packages, System Security Plans (SSP), Risk Assessment Reports (RAR), Security Control Traceability Matrixes (SCTM) and Plan of Actions and Milestones (POA&Ms) for all networks and systems.

●Strategized with senior leadership by providing the necessary support to monitor and ensure compliance with information security policies, procedures and regulatory requirements including assistance with internal auditing, reporting, technical reviews, and identification of security risks.

●Maximized employee efficiency by leading the design, building, and testing of Role-based Access Control (RBAC) for the DOD’s Aircraft Survivability and Lethality Lab (ASTL) and the Weapon Survivability Lab (WSL).

●Improved the organization security posture by developing audit procedures and leading the testing of internal security controls to identify potential gaps and remediation measures in accordance with regulatory requirements.

●Supported the process, analysis, coordination, security certification test, security documentation, as well as investigated, software research, hardware introduction and release, emerging technology research inspections and periodic audits.

●Served in the capacity of an external auditor responsible for the developing audit procedures and executing test plans and reporting findings to applicable stakeholders.

●Implemented a process to review Information System (IS) assessments results achieved through passive evaluations such as compliance audits and active evaluations such as Nessus / SCAP vulnerability scans and remediated findings in accordance with the organizational and regulatory policies.

●Monitor and analyze real-time security alert analysis and (DDoS) mitigation response attacks using tools and techniques such as SIEM).

●Lead a team of security analysts to analyze data flows and perform network investigations.

●Improved the organization’s security posture by documenting applicable Continuous Monitoring controls and developing the timelines for testing controls in accordance with industry standards using eMASS.

●Enhanced the cybersecurity department by drafting, reviewing, editing, and recommending guidance for Standard Operating Procedures (SOP), Tactics, Techniques, & Procedures (TTP), Plan Of Action and Milestones (POA&M), Army Portfolio Management System (APMS), and Federal Information Security Management Act (FISMA).

●Improved user behavior through monthly awareness training while supporting the implementation and administration of information security policies, procedures, and technologies to ensure the protection of systems, applications, and data on tactical and development networks.

●Enhanced the cybersecurity department by drafting, reviewing, editing, and recommending guidance for Standard Operating Procedures (SOP), Tactics, Techniques, & Procedures (TTP), Plan Of Action and Milestones (POA&M), Army Portfolio Management System (APMS), and Federal Information Security Management Act (FISMA).

●Improved user behavior through monthly awareness training while supporting the implementation and administration of information security policies, procedures, and technologies to ensure the protection of systems, applications, and data on tactical and development networks.

●Responsible for developing, recommending, and implementing policies, procedures and programs designed to protect the organization’s information from unauthorized users.

●Assisted in developing a business plan with budgets and objectives to be achieved in the plan year in support of the unit's strategic goals.

Bussy Computer Technology Ibadan, Nigeria 01/2011-12/2014

Computer Engineer II

●Improved security by designing Security and Event Management (SIEM) system to provide active monitoring, correlation and interpretation of perimeter, network and host event logs, fine-tuned systems to eliminate false positives and prioritize alerts for triage.

●Implemented Security-as-a-Service (SaaS) solution to provide real time advanced threat intelligence, detection, and response from a leading third-party provider.

●Managed daily information security operations to include prevention, detection, mitigation, remediation, recovery, and reporting of insider, external nation state, and other threat actors.

●Collaborated with functional teams and stakeholders to identify and/or develop appropriate solution designs, proper implementation, and any required mitigation strategies.

●Increased security by assisting in the engineering of consolidated perimeter security gateway, providing intrusion detection/prevention, email scanning/SPAM protection, malware detection/analysis, next generation firewall, and VPN services, while saving the organization in over 200K in the process.

●Developed a Vulnerability Management Program to identify, assess, and remediate legitimate vulnerabilities in accordance with organizational policies, and industry best practices.

● Instituted a Third-Party and Vendor Risk Assessment Program to assess control effectiveness and mitigated identified vulnerabilities in accordance industry best practices.

●Improved security by assisting with the deployment and management of Identity and Access Management solutions, Tenable Security Center and SolarWinds SIEM tools, and security hardening processes.

Technical Proficiencies

GRC Tools: RiskVision, eMASS, Jira

Operating Systems: Windows XP/Vista/7/8/8.1/10, Linux, Mac OS X

Vulnerability Scanning Tools: Nessus, McAfee Virus Scan Enterprise

Computer forensics tool: ProDiscover

Application: Microsoft Office Suite, SharePoint

References

Available upon request



Contact this candidate