Risk Management Information Security

Patricia Ajibola

DC Meto Area MD. Tel: ***-***- *252

Email: ad5l9y@r.postjobfree.com

CAREER SUMMARY

Highly efficient and well-organized Information Security/Compliance Specialist with 6 years of experience thriving in an atmosphere of new challenges and time-critical projects. Deep understanding of business goals and drivers and how to apply technology to achieve and support them. Exceptional communication, interpersonal, and technical skills. Recognized internally as a highly valued resource with exceptional ability to contribute and build IT teams that deliver critical business objectives in organizations.

KEY SKILLS

●Compliance & Governance

●Risk Management Framework

●Vulnerability Analysis

●Privacy Assessments

●Risk Management

●Authentication and Access Control

●STIG

●FISMA

●Assessment & Authorization

●POA&M Management

●Policy & Procedures

●Continuous Monitoring

●Network & System Security

●Incidence Response

CERTIFICATIONS

●Security +

●CISM (In Progress)

TECHNOLOGY/FRAMEWORK/APPLICATION SUMMARY

Third-Party Risk Analyst, FISMA/HIPAA, FIPS 199, Project Management, AWS, NIST standard, Risk Management Framework, Information Assurance, Identity & Access Management, Information management, Tenable, NIST, SP 800-53, SP 800-53A, SP 800-37, FIPS, FISMA, FedRAMP, SOC 2 Type 2 Risk Management Framework (RMF), F Jira, Salesforce, Endpoint Security, IPS-199, PTA, PIA, RA, SSP, CP, CPT, RTM, SAR, POA&M, ATO, ISA, MOU, Security Compliance Access, Linux Servers, Unix Servers and Cloud Environment (AWS), Qualys, CSAM, IT Audit, Trojan, Malware, Windows, Word, Excel, and PowerPoint.

EDUCATION

Bachelor of Science (B.S.) Animal Science - University of Ibadan, Ibadan -Nigeria.

PROFESSIONAL EXPERIENCE

DelTaaTech Consulting Greenbelt, Maryland

March 2022 to Present

Information System Security Officer (ISSO)

●Developed and implemented information security policies and procedures.

●Obtain and review FedRAMP ATO packages for SaaS and PaaS applications.

●Conduct a comprehensive review of Cloud System seeking Agency Authorization using FedRAMP standards and provide Authorization recommendations to the Authorizing Official.

●Collaborate with IT teams and external stakeholders.

●Document continuous monitoring of SaaS applications that have been procured by the agency and provide status updates to the stakeholders.

●Review security controls, policies, and procedures and provide recommendations for adapting new technologies or policies.

●Identify improvement areas and provide organization-wide security awareness training.

●Recommends improvements to system security, collaborating with the information assurance division and development and network teams.

●Perform security categorization, using FIPS 199, and review Privacy Threshold Analysis (PTA), and E- Authentication with business owners and selected stakeholders.

●Ensures compliance with all applicable configuration standards and makes decisions about incidents as they occur.

●Document and review Systems Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO

●Conduct Self-assessments and provide briefings to stakeholders like system owners and Business owners.

●Document and Review security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.

●Risk Management Framework (RMF) assessments and Continuous Monitoring: Performed RMF assessment on several environments using both scanning tools and manual assessment.

●Demonstrate leadership and guidance to the organization’s security team to inspire and motivate others to prioritize information security.

●Initiating cross-functional meetings with various stakeholders, System Owners, and Information System Security analysts and documenting feedback from all POC (points of contact).

DelTaahTech Consulting LLC Greenbelt, Maryland

Feb 2021 – March 2022

Cyber Security Analyst/Continuous Monitoring

●Establishing a proactive process for observing, assessing, and responding to security threats and vulnerabilities.

●Collect intrusion artifacts from source code, malware, trojans, and the use of discovery data to enable mitigation of potential cyber incidents within the environment.

● Provided oversight and coordinated changes in the security area.

●Supply chain risk considerations, minimum monitoring frequency, and automation integration.

●Conducted FISMA-based security risk assessments for government contracting organizations and application systems, including interviews, tests, and inspections; produced assessment reports and recommendations; conducted out-briefings.

●Obtain and review FedRAMP ATO packages for SaaS and PaaS applications.

●Conduct a comprehensive review of Clouds System seeking Agency Authorization using FedRAMP standards and provide Authorization recommendation to the Authorizing Official.

●Conduct continuous monitoring on SaaS applications that have been procured by the agency and provide status updates to the stakeholders.

●Assessments were conducted following NIST 800 processes and controls.

●Review security controls, policies, and procedures and provide recommendations for adapting new technologies or policies.

●Identify improvement areas and provide organization-wide security awareness training.

●Work with teams to ensure they make safe, compliant, design and architectural decisions.

●Perform security categorization, using FIPS 199, and review Privacy Threshold Analysis (PTA), and E-Authentication with business owners and selected stakeholders.

●Develop NIST Compliant vulnerability assessments, technical documentation, and Plans of Action and Milestones (POA&M), and address system weaknesses.

●Perform comprehensive Security Control Assessment (SCA) and prepare reports on management, operational, and technical security controls for audited applications and information systems.

●Document and review Systems Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO)

●Conduct risk assessments regularly; ensure measures raised in assessments were implemented in accordance with the risk profile, and root causes of risks were fully addressed following NIST 800-30 and NIST 800-37.

●Document and Review security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.

●Coordinated and rendered help to technical support, to senior technicians to resolve cyber issues.

●Risk Management Framework (RMF) assessments and Continuous Monitoring: Performed RMF assessment on several environments using both scanning tools and manual assessment. The assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting assessment findings.

DTT Consulting LLC Greenbelt, Maryland

Jul 2017 - Feb 2021

Third Party Risk Analyst

●Developed, Implemented, and reviewed policies, procedures, standards, and guidelines per applicable regulations including ISO 27001, GDPR, CCPA, PCI DSS, SOX, and HIPAA.

●Performing due diligence on an individual third-party relationship to assess the technology and other business-related risks.

●Used Security Scorecard to conduct risk rating /scoring of vendors according to data sensitivity and business criticality.

●Performed third-party risk assessments to reassess current risks and to identify emerging key risks.

●Identify and assess control effectiveness and/or gaps through the review of key vendor-provided documentation such as SIG, SOC 2 Type II, Vulnerability Scans, Penetration Tests, Policies and Procedures, etc.

●Developed, coordinated, and executed security assessments of vendors focusing on compliance with regulations, and company policies.

●Composed assessment report containing findings and recommendations and presented to vendor manager.

●Collaborated with vendors to discuss appropriate remediation actions and deadlines for all identified gaps.

●Presented gap analysis to stakeholders and management to give a better knowledge of the risk level.

References Available Upon Request

Contact this candidate