Security Information

John Njoga

** ****** ****** ******** *****, NY **928 845-***-**** ac8e6s@r.postjobfree.com

Objective

An Information Security Analyst with 3 years’ experience coordinating improvements to security- management policies and procedures seeks position with a technology firm or Fortune 500 company. Looking to contribute my knowledge and skills in a company that offers an opportunity for career progression.

Key Skills and Knowledge

●Security Assessment & Authorization

●Security Planning

●Risk Assessments

●Vulnerability Management

●FISMA

●SDLC

●RMF

●NIST 800-Series

●Incident Response

●Policy and Process Development

Experience

Primerica Jun 2013 – Current

Security Analyst

●Provide IT Audit readiness support to Health and Human Services, analyze their overall enterprise audit readiness process design, and provide recommendations on how its effectiveness could be improved to mitigate conditions that could impair future audit preparedness.

●Conduct security control assessments in accordance with the Department of Health and Human Services Security Handbook, policies and procedures for implementation of the Risk Management Framework, including development of security assessment plans and assessment reports compliant with NIST SP 800-53 rev 4, NIST SP 800-53A and NIST SP 800-37, and FIPS 199.

●Performed other audit readiness activities, including reviewing and evaluating OIG findings and making recommendations for OIT audit readiness.

●Updated Plan of Action & Milestones (POA&M) and Risk Assessment based on findings assessed through monthly updates

●Maintained and monitored identified POA&M items through completion with CSAM

●Used FIPS 200 as a guide for minimum security requirements for federal and information systems

●Analyzed and updated System Security Plan (SSP), Risk Assessment Report and Privacy Impact Assessment (PIA)

●Assisted System Owners and ISSO in preparing certification and Accreditation package for companies’ IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4

●Evaluated and assessed Security Plans, Security Assessment Plans, Cybersecurity Strategy, Program Protection Plan, Security Assessment Reports, RMF Plan of Action and Milestones, Security Authorization Package and Authorization Decision

●Conducted Self-Annual Assessment (NIST SP 800-53A)

Morrisville State College

Technical Support Rep

●Fully documented all cases in call tracking software and escalated any issues to the appropriate queue

●Escalated support call to supervisor as necessary

●Assumed ownership of project-related tasks as needed or assigned

●Answered incoming client and customer calls

●Troubleshoot software and hardware issue via phone

●Trained end users in the use of equipment and software

●Acquired and maintained expert knowledge of emerging desktop technologies and software applications

●

Education

Morrisville State College Aug 2014 - May 2017

Major: Information Technology Management

Related coursework: Data Communications networking, Business Law, Analytical Marketing, Business Statistics, Systems Analysis, User interface design, Programming

Westchester Community College Sep 2017 - Present

Online Cyber Security Degree program

Major: Cyber Security

Participate in Cyber Security Club

Reference

Available upon request.

Contact this candidate