PELUMI TAIWO

Cell: +* (***) *** – ****

Email: ac6tke@r.postjobfree.com

SUMMARY

Performance-driven Cyber-Security Professional with over three years of IT experience with special expertise in FISMA compliance, Security Training, developing security policies, procedures and guidelines. Capable of defining, deploying and monitoring risk management, compliance, and information security

SKILLS

•Knowledge of Qualys and Nexus tools for vulnerability assessment and management.

•Experienced in system classification and categorization using the RMF processes to ensure system CIA.

•Skilled in FIPS 199 based information security Risk Management Frameworks (RMFs) relating to regulatory and incident response and remediation actions. Some of these RMFs have been in the Federal Information Systems Management Act (FISMA).

•Strong verbal and written communication skills.

•Broad knowledge of Microsoft Windows (Windows server 2003-2008, XP, Vista and Windows 8) and UNIX platforms, in-depth knowledge of antivirus.

WORK EXPERIENCE

Polytex– Houston, Texas.

Information Security Analyst March 2018 – July 2018

•Well versed with NIST Special Publications (such as NIST SP 800-18, SP 800-37 rev 1, SP 800-53/53A rev 4, SP 800-30 and SP 800-60/61/63), FIPS 199/200, OMB circulars and memoranda, FISMA compliance, FedRAMP publications and their requirements for federal information systems.

•Ensured Experienced in Risk Assessment, Risk Management Framework (RMF), identifying network vulnerabilities, risks and Security Assessment and Authorization process (SA&A).

•Experienced in the development and review of System Security Plans (SSP), Contingency Plans, Disaster Recovery Plans, Incident Response Plans/Training, and Configuration Management Plans, System Security Checklists, Privacy Impact Assessments, POA&Ms, Requirement Traceability Matrix (RTM) and have some working knowledge of HIPAA.

•Experienced in the implementation of intrusion-detection systems and security assurance- IDS/IPS, TCP/IP, DLP, SIEM, vulnerability-scanning, Web gateway, proxy appliances and antivirus tools. Familiar with VMware and other Virtual Machine Applications. Able to implement SANS critical security controls to achieve security objective.

•Proficient in explaining technical information, resolutions, documentations, and presentations to clients and non-technical personnel at all levels of the organization or enterprise.

•Thrive in a highly collaborative, fast-paced work environment and multidisciplinary team setting where leveraging technology for continuous business improvement is the ultimate goal.

Spec’s Inc. – Houston, Texas. August 2017 – March 2018

Information Security Analyst

•Assisted in the creation, implementation, and/or management of security solutions.

•Ensured the company's computer network is safe from cyber-attacks, whether internal or external by recommending the installation of firewalls.

•Prepared and submitted Security Assessment Plan (SAP) for approval.

• Implementated and maintained ISO 27001/2 ISMS tool kit and Nexus tool kits

•Conducted Security Assessment using NIST 800-53A.

•Developed and updated system security plan (SSP), plan of action and milestone (POA&M).

•Monitored controls post-authorization to ensure continuous compliance with security requirements.

•Created reports detailing the identified vulnerabilities and the step taken to remediate.

•Performed application risk assessment to determine which security control framework will be required to keep the data and the system secured.

•Performing continuous monitoring after Implementation of recommended security controls.

Federal Management Systems Inc. - Washington, DC August 2015 – August 2017

Information Security Analyst

•Worked closely with team members to perform risk and security controls assessment to effectively tailor secure controls to information systems. Review and update some of the system categorization using FIPS 199, Initial Risk Assessment, E-authentication, PTA, PIA, SAR, SSP, SAP& POA&M.

•Executed vulnerability assessment of information systems to discern weaknesses and corroborate compliance. Planned and implemented authentication provisioning to support data integrity, non-repudiation and confidentiality and security assurance

•Implemented log and event management with the use of ArcSight SIEM, Splunk. Documented and reviewed system security plans (SSP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.

•Maintained security software to prevent security threats to the database, examined system access data and monitored access to the database. Corroborated with management and stake holders to revise and maintain security manuals and attend to existing matters.

•Reassessed and updated System Security Plan (SSP) and Security Assessment Report (SAR) based on findings from Assessing controls using NIST SP 800-18 rev1, NIST SP 800-53A rev4 and NIST SP 800-53.

•Crafted SAP, SAR, RTM, POA&M and ATO documents due to findings from security evaluations conducted on specific systems.

Guaranteed Trust Bank Plc - Lagos, Nigeria January 2012 – August 2015

Information Security Analyst

•Worked under general supervision to plan and conduct security related assignments for one or more programs/customers.

•Conduct compliance assessments with key business partners and creates the necessary documentation for evidence in PCI DSS, for areas of concern such as threats, vulnerabilities, processes, controls and impacts on critical assets.

•Responsible for authoring and reviewing all documents necessary for a federal system to earn and keep its systems accreditation.

•Trusted advisor to program manager and development team to ensure adherence to security architecture and development standards.

•Acted as one of several primary points of contact for the customer relative to matters of information security.

•Provided guidance to our Program Managers and Program Directors regarding internal security strategy.

•Helped implement selected program components for our internal security department/posture as well.

EDUCATION

Bachelor of Science in Engineering

2012

Contact this candidate