ITOHAN FALUYI
Richmond. TX ***** 281-***-**** *********@*****.***
OBJECTIVE
To participate as a team member in a dynamic work environment utilizing my skills as a highly motivated security analyst with expertise in risk management and proficiency in building security authorization packages using NIST SP 800 series and FIPS 199 and 200 as guidance to gain further experience while providing superior value and service to enhance the company’s productivity, efficiency, and reputation.
EDUCATION, TRAINING AND CERTIFICATION
University of Houston, Victoria, MBA (GLOBAL) (May 2016)
University of Ibadan, Nigeria, B. Sc. Geography (January 1999)
Scrum Certified (2016)
Certified Authorization Professional (CAP) (In View)
SKILLS AND ABILITIES
NIST SP 800 Series, Federal Information Processing Standards (FIPS) 199 & 200, System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Risk Assessment (Impact Analysis), Continuous Monitoring, Plan of Action & Milestone (POA&M), Incident Response Plan, IDS, IPS, PCI DSS, Threats and Vulnerabilities Management.
PROFESSIONAL EXPERIENCE
Cout and Investment Security Analyst 09/ 2016 till date
Serve as subject matter expert in technology risk, controls, compliance, and information security best practices.
Provide implementation details tailored to NIST SP 800-53 Rev 4 controls for assigned applications.
Gathers and reviews artifacts to develop Authorization packages (SSP, SAR and POA&MS) for information system to be granted ATO.
Test controls to make sure they are in compliance with HIPAA privacy and security rules.
Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner.
Identify IT control gaps and perform the documentation, implementation and testing of the entire IT security control portfolio and also recommend improvements for the risk compliance/applications access control process.
Apply appropriate information security control for Federal Information System based on NIST 800-37 rev 1, SP 800-3 800- 53 rev 4, FIPS 199 and FIPS 200.
Provide periodic testing of the contingency plan, with appropriate adjustments to the plan based on the testing.
Take effective steps to prevent and minimize potential damage and interruption to information systems.
Develop Security Assessment Report (SAR) post completion of the Security Test and Evaluation (ST&E) questionnaire.
Develop, support and coordinate periodic IT compliance and compliance risk management training and promote a risk aware culture throughout the organization.
Winners Chapel Information Security Analyst 08/ 2014- 08/2016
Participated in client interviews to determine the Security posture of the System and to assist in the completion of the Security Assessment Plan using NIST SP 800-53A test required to maintain Company Authorization To Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.
Performed information security risk assessments and assist with the internal auditing of information security processes. Assess threats, risks, and vulnerabilities from emerging security issues.
Worked with team to tailored and scoped selected baseline security controls as stated in NIST 800-53 REV 4 to fit into the environment.
Assisted with selection and implementation of controls that apply security protections to systems, processes and information resources using the NIST family of security controls.
Supported Incident Response activities to mitigate damage, determine the impact, and implement corrective controls.
Monitored security infrastructure for policy violations or security events, and participates in problem
management activities. Authenticated and reset Client’s passwords in compliance with security guidelines and policy.
Communicated with end users (including executives) to provide friendly and timely IT support.
Maintained accurate information/data regarding end user issues within the tracking system and updates assets information/data when equipment is moved, added or changed in the inventory database.
Liaised with vendors on IT related issues and ensures that SLA is adhered to.
Provided other IT related duties as assigned.
Facilitated continuous security reviews, recommends mitigations, and corrective actions, and implement corrective actions.
Intercontinental Bank Plc, Nigeria IT Support 09/2008- 02/2014
Troubleshoot Laptop/Desktop issues including hardware replacements such as motherboards, RAM, HDD, Processors, Screen and Cooling fans.
Configured TCP\IP on devices for network connectivity.
Downloaded and apply updates and patches as recommended by software vendors.
Setup, configured hardware\software enhancements, upgrades to onsite and remote users
Configured LAN segmentation on switches through VLAN and port securities
Built and configuredPCs and laptops as well as loading software, and conducting audits for unlicensed software.
Built and administered servers.
Provided base level IT supports to both internal and external customers.
Logged all complaints and inform customers about issue resolution progress.
Worked closely with the team to resolve or properly close aging tickets
Managed the individual and ticket queue for the team.
Assigned issues to appropriate support group for thorough support and prompt resolution.