Ese Efenarhua
Lorton, VA **079
571-***-**** **********@*****.***
SUMMARY
IT Security Analyst with over 5 years of professional experience in Assessment and Authorization, NIST 800-37 Risk Management Framework (RMF), POA&M management and Operational Policy and Procedures. Experience in all phases of preparing and reviewing complete Assessment and Authorization (A&A) packages for information technology systems and applications as defined by the Federal Information Security Modernization Act (FISMA 2014) and implemented by the guidance of the National Institute of Standards and Technology (NIST).
Outstanding project and program leader, able to coordinate and direct all phases of project-based efforts while managing, motivating, and guiding teams.
CORE COMPETENCIES
- Assessment and Authorization (A&A)
- Federal Information Security Modernization Act (FISMA 2014)
- NIST 800-37 Risk Management Framework (RMF)
- NIST 800-53/53A
- Plan of Action and Milestones (POA&M)
- FIPS 199 System Security Categorization
- System Security Plans (SSP)
- Security Assessment Report (SAR)
- Continuous Monitoring (CM)
- Contingency Plans (ISCP)
- Security Control Assessment (SCA)
PROFESSIONAL EXPERIENCE
DELOITTE 07/2015-Present
Arlington, VA
CONSULTANT
- Provides support to client in executing the NIST RMF process to enforce security policy compliance as well as to complete annual SA&A requirements
- Develops and conducts Privacy Threshold Assessments (PTA) and Privacy Impact Assessments (PIA) in conjunction with stakeholders and system owners.
- Recommends strategic remediation measures and safeguards to system stakeholders based upon NIST guidelines and industry best practice.
- Initiates and tracks remediation of vulnerabilities as they are uncovered using the Plan of Actions and Milestones (POA&Ms).
- Assesses security categorizations using FIPS 199 and NIST SP 800-60 to verify the categorization is adequate and commensurate with the data that is processed.
- Maintains FISMA compliance and Authority to Operate (ATO) for systems per the NIST SP 800-37 Risk Management Framework (RMF).
- Reviews and manages Plan of Action and Milestones (POA&Ms) and other security assessment reports to ensure all suspense are met or risk mitigation factors are acceptable to the System Owner
- Engages system stakeholders in the Control Selection Meeting, Control Assessment Meeting and Findings Review meetings
- Proficient in utilizing the Cyber security Assessment requirements and Management (CSAM) tool to manage the SA&A workflow and associated documents.
- Prepares and provides evidence artifacts to support security controls assessment efforts.
- Evaluates evidence to ensure assessment objectives are achieved
- Conducts reviews of security related documentation (System Security Plans, Configuration Management Plans)
- Meets strict deadlines and achieves deliverables per the project schedule.
GB2G Consulting Services 08/2011-07/2015
North Beach, MD
CONSULTANT
- Implemented the Assessment and Authorization (A&A) process to improve the security posture of the client’s information systems
- Performed all stages of audit, including planning, fieldwork/execution, documentation/reporting and follow-up.
- Identified IT audit findings and prepared draft audit reports of findings and recommendations to senior management.
- Engaged client management and staff at all levels to conduct audit services.
- Assessed potential vulnerabilities around the storage, processing and transmittal of Personal Identifiable Information (PII); where applicable, conducted Privacy Threshold Analysis (PTA) to initiate corrective measures.
- Organized follow-up activities to ensure the prompt and proper resolution and implementation of corrective action plan.
- Ensured all POA&M actions were tested and completed in accordance with project deadlines.
- Captured control weaknesses related to testing exceptions in thorough documentation.
- Maintained deliverables in A&A repository (CSAM)
- Conducted reviews of Contingency Plans (CP) and executed Contingency Plan Tests (CPT)
- Collaboratively led weekly meetings with upper management on updates on POA&M tracking.
- Built and maintained client trust to enhance customer satisfaction
- Documented, tested and reviewed internal controls.
TECHNICAL PROFICIENCIES
Hardware/Operating Systems: Windows 10, Linux
Software / Products: Microsoft Office, Microsoft Project, CSAM (Cyber Security Assessment Management), SharePoint, SQL (Microsoft SQL Server)
EDUCATION
MSc, Business Administration: Finance Strayer University
Arlington, VA
Bachelor of Science, Accounting Ambrose Alli University
Ekpoma, Nigeria
PROFESSIONAL AFFILIATIONS/ CERTIFICATIONS
- Information Systems Audit and Control Association (ISACA)
- Certified Information Systems Security Professional (CISSP) [pending]
CLEARANCE
- Secret (Active)
- Top Secret (Interim)
- Public Trust (Active)
REFERENCES: Upon Request.