Post Job Free
Sign in

Information Systems Risk Management

Location:
Katy, TX
Posted:
May 14, 2024

Contact this candidate

Resume:

DAVID ADEWUMI – BSC, MBA, PMP, MCSE, MCSA, MCP, CCNA, Security+,

AWS -CSAA.

**** ******* **** *****, ******* Texas, 77084

Cell: 713-***-****, E-mail: ad5orz@r.postjobfree.com

Cloud security Engineer/Analyst

Resourceful and dynamic professional with demonstrated success in risk assessment and management, vulnerability assessment, Risk Management Framework (RMF), ISO, security control implementation, POA&M development and management, monitoring of security controls, identification & Authentication control, contingency control, Audit & Accountability controls, Access control, system communication & Protection control and the Categorization of information systems. I possess strong knowledge of NIST 800-30 (Risk management guide), NIST, ITIL, COBIT, NIST 800-60 Vol 1 &2, (Categorization of information systems), NIST 800-171 (which governs Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations. This NIST-171 helps the federal government “successfully carry out its designated missions and business operations), FIPS 199 (Standard for security categorization), NIST 800-53 (Selection of Security and Privacy controls.

COMPETENCIES

*Predictive Analytics * Cybersecurity *Web Application Security *Cloud security Management *Data Management * System Vulnerability Analysis * Cryptography *Data and information security management

*Data Analytics * Understanding of RMF steps (Categorize Information System, Select Security Controls, Implement Security Controls, Assess Security Controls, Authorize Information System, Monitor Security Controls) *NIST

Vulnerability-scanning tools are

Amazon GuardDuty, SolarWinds, OKTA, Azure Active Directory, Open Vas, Nikto, Nessus, Aircrack-NG, Wire shack, Open-Source Tripwire, Net Sparker, Office 365, Acure Fix. BigFix, Nexus Tennable, RISCS, Outlook, Active Directory, eMASS, IBM QRadar, and Windows.

Area of Expertise

Operations Management

Project Management

Monitoring Events

Reports & Analysis

Authorization Package (SSP, SAR, POAM)

Vulnerability Management

Training & Development

eMASS CSAM ACAS STIGs Wireshark

Cyber Security Analytics

Policies & Procedures

NIST Special Publications/ FISMA

Risk Management

EDUCATION

Master of Business Administration (MBA), University of Houston. 2013- GPA-3.82

Bachelor of Science, Computer Science, Federal University of Technology. 1995 - GPA-3.54/4.0

CERTIFICATIONS

Project Management Professional (PMP)

Microsoft Certified Solution Expert (MCSE)

Microsoft Certified System Administrator (MCSA)

Microsoft Certified Professional (MCP)

Cisco Certified Network Associate (CCNA)

CompTIA Security+

AWS Certified Solutions Architects -Associate (AWS CSAA)

PROFESSIONAL EXPERIENCE

NASA- National Aeronautics and Space Administration, Houston TX.

Senior Cybersecurity & Risk Control Analyst (Contract) August 2020 – Till Date

Proficient in Public Cloud Technology such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure.

Performing Active directory, and LDAP in Microsoft Azure, on-prem, user identity access management (IAM), using SailPoint identity IQ, and Nexus identity manager.

Perform authentication management, personnel termination access removal, creation of user account, deletion, and modification.

Manage cloud identity management using OKTA cloud identity manager.

Provided Architectural design and implemented enterprise-wide Identity and Access Management (IAM) solutions.

Performing change management and notification on any issue of IT security.

Perform Assessing Security Controls (CS105.16)procedures to ensure security controls are implemented correctly, operate as intended, and successfully meet the security requirements for the information system

Enforcing security policies and compliance with organizational standards. And managing compliance discrepancies daily.

Perform internal security audits, interfacing with external security auditors, and remediating security vulnerabilities.

Implemented self-service password reset (SSPR) in Azure or similar access management solutions such as OKTA.

Ensure all organization projects and activities are in line with security policies and regulations.

Performing vulnerabilities scan security review, POA &M, RBL, and security policies.

Performing application and hardware security audits, risk quantification, and compliance assurance.

Participates in SSP development and ensures that the SSP (The System Security Plan (SSP) is the main document of a security package in which a CSP describes all the security controls in use on the information system and their implementation) and other artifacts are ready for external auditors for assessment purposes.

Performs Vulnerability Assessment of Information System utilizing Nessus scanner to detect potential risks in order to ensure adequate assessment and evaluation of such risks.

Sustain and operate security policies and procedures as documented in the System Security Plan (SSP).

Perform a security impact analysis of all proposed changes and configuration management decisions, which have impact on system security using SNOW.

Worked on Parallel upgrade of Complete IAM suite which consist of SiteMinder (SSO) Identity Minder, Identity Portal and Access Gateway.

Establish and execute the system's continuous monitoring program, including identifying the controls, approving the test methodology and reporting processes, and coordinating with stakeholders on its implementation using Jira Ticketing system.

Create/update documentation including Plans of Action & Milestones (POA&Ms), Exception Request Forms (ERFs), Risk Acceptance Memos (RAMs) and manages the renewals.

Gather system security information to fill out ITSO's defined IT scorecard, annually, and review the scorecard periodically

Execute and maintain the continuous monitoring strategy (ConMon) for documented security compliance requirements.

Twintech Consulting, working Chase Bank, Microsoft, Houston TX. August 2017 – August 2020

Risk and Control Analyst (Contract)

Proficient in Public Cloud Technology such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure.

Perform authentication management, personnel termination access removal, creation of user account, deletion, and modification.

Performing Active directory, and LDAP in Microsoft Azure, on-prem, user identity access management (IAM), using SailPoint identity IQ, and Nexus identity manager.

Perform authentication management, personnel termination access removal, creation of user account, deletion, and modification.

Manage cloud identity management using OKTA cloud identity manager.

Perform Single Sign-On (SSO) utilizing SAML2 and OAUTH technologies; managed and troubleshoot issues in Linus, and Windows operating system enterprise environments.

Perform Assessing Security Controls (CS105.16)procedures to ensure security controls are implemented correctly, operate as intended, and successfully meet the security requirements for the information system

Perform several operations on NetIQ IAM platform.

Collected and groomed requirements related to building custom workflows, rules, policies, provisioning in Sailpoint IAM.

Performing change management and notification on any issue of IT security.

Enforcing security policies and compliance with organizational standards. And managing compliance discrepancies daily.

Performing change management and notification on any issue of IT security.

Enforcing security policies and compliance with organizational standards. And managing compliance discrepancies daily.

Perform internal security audits, interfacing with external security auditors, and remediating security vulnerabilities.

Migrated off DUO MFA to Okta MFA

categorize information systems (HMS) to protect security objectives.

Maintain and update security documentation including diagrams, security standards, and disaster recovery manuals (contingent control).

Participates in system Categorization using NIST 800-60 (NIST Special Publication 800-60 Volume II Revision 1 Volume II: Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories) as guidelines and FIPS (FIPS (Federal Information Processing Standard )199 as standard.

Participates in the selection of security controls to mitigate against risk using NIST 800-53rev4

Monitors implemented security controls and POA&M (The Plan of Actions & Milestones (POA&M) is a key document in the security authorization package and for continuous monitoring activities. ... A POA&M describes the current disposition of any discovered vulnerabilities and system findings and includes a CSP's intended corrective actions for those finding) post-authorization to ensure continuous compliance with security requirements.

Provide expertise, guidance, recommendations, and documented security configurations for the implementation of security tools and processes.

Proficient in managing Active Directory and executing PowerShell scripting.

Interface with groups and individuals to resolve security issues related to the implementation of network, systems, and applications security.

Evaluated internal security systems, controls, and policies, and ensured compliance with applicable laws and regulations.

Completed authorization and assessment packages within 120 days of system ATO expiration.

Prepared reports on the status of security safeguards applied to computer systems

Performed ISSO duties in support of in-house and external customers

Conducted continuous monitoring activities for authorization boundaries under your preview

Assisted the Department of Defense, National Agencies and Contractor organizations with the development of assessment and authorization (A&A) efforts

CHEVRON, Houston TX Aug. 2011 – Aug. 2016

Halliburton Consultant working for Chevron – Application Risk Consultant/Security

Analyst

Supporting Drilling applications such as High software proficiency in Well Cat, Well Plan, Drill Bench, Compass, Well Scan, and Stress Check.

Administering, Configuring, and testing Drilling applications.

Application Testing and Quality Control.

Audited and migrated 4500+ wells using Excel, Petra, SMT, ILX, OpenSpirit and OpenWorks

Advised the technical team on geological-related issues.

High-level inventory of both company’s operated and operated wells as well as seismic data.

Ensured standard compliance with company policy.

Conduct network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities, and develop remediation plans and security procedures.

Ensure organizational compliance with CFCU information security programs.

Manage the SIEM infrastructure.

Participated in documenting Security Assessment Report (SAR) and preparing the security authorization package (SAR, SSP, POA&M) in preparation for Authority to Operate (ATO) by the Authorization officer.

Evaluated threats and vulnerabilities based on tenable reports and implemented Risk Management Framework (RMF) in accordance with NIST 800-37

HEWLETT PACKARD, Houston, TX Jul. 2009 – Aug. 2011

AD, Server & Application Engineer

Performed cross-platform audits of Active Directory (AD) objects and user permissions.

Managed User Accounts on Windows NT and UNIX Platform (Creation, Deletion, Permissions, and VPN Access).

Developed organizational units in Active Directory (AD) and managed user security with group policies.

Created and maintained email addresses and distribution lists in MS Exchange.

Implemented various solutions for WAN, LAN, Intranets, and extranet that ranges from design, installation, configuration, implementation, and configurations both on

HALLIBURTON CORPORATION, Fort Worth, TX. Jun. 2007 – Nov 2008

Application Engineer

Implemented and ensured standardization, compliance, and enforcement of Air Force policies and NOSC daily operating procedures.

Administered 33 Active Directory (AD) domains and related services supporting 145K users and 97K clients.

HEWLETT PACKARD, Houston, TX Jun. 2006 – Apr. 2007

Server and Network Analyst

Analyzed system performance and proffer improvement plans.

Implemented various architectural designs of complex web applications and solutions.

Developed technical specifications for system enhancements.

AWARDS AND ACHIEVEMENTS

Best performing Employee of the year

Service Quality Award for Oil Service Support

Best Top 16 University of Houston Spring 2013 MBA Award

I am a United State Citizen.



Contact this candidate