Samuel O. Ogoji CISA, CISM, CCNA, MCSE
IT SECURITY AND GOVERNANCE, RISK, AND COMPLIANCE SPECIALIST
Highly technical IT security engineer specializing in highly regulated environments including financial, government, and utilities. Direct experience in network engineering and administration, identity and access management, security administration, vulnerability assessments, incident response, control testing, and SOX, PCI DSS, NERC, and FISMA auditing.
MS Active Directory
Cisco IDS and IPS
Cisco ASA firewalls
eTrust Access Control
USTech (DTE ENERGY) – Detroit, MI 06/2016 – 04/2018
Senior Security Engineer NERC Compliance Organization
Responsible for verifying and validating evidence of compliance with NERC CIP requirements.
Recognized, identified and escalated compliance or process related risks.
Documented QA checklists for NERC CIP Requirements.
Performed security audits, risk assessments, and provided strategic direction for network infrastructure and global datacenters.
Monitored and evaluated a system’s compliance with NERC CIP security requirements
Verified change management process in the Patch and vulnerability Management
Refined and enhanced Third-Party Risk Management offering (defined risk appetite, risk segmentation, accountability alignment and risk management life cycle) and aligned to regulator guidelines.
Responsible for proactive and reactive communication with all regulated business and technical subject matter experts to support weekly compliance metrics.
Provided guidance and consultation to the Executive Team, Audit and Governance Teams, Information Security Services to successfully remediate any deficiencies along with General IT process improvement.
Assisted subject matter experts and requirement owners with interpreting requirements, determining DTE’s compliance to the requirement, evaluating evidence, and building controls, policies, and procedures to ensure compliance
Documented the established compliance sustainment process and recommended improvements.
Developed process control flow diagrams to identify security control points.
Participated in the evaluation of enterprise and department-level software including CyberArk, Tripwire, and CATSWeb.
Net2Source (NAVIENT )– Fishers, IN 08/2015 – 12/2015
Information Security Technical Architect
Identified existing IT security gaps as a driver to the development of an enterprise information security policy.
Managed a global team that provided strategic consulting and best practice implementation of all aspects of IT operations, more specifically in the areas of Project Portfolio Management, Risk Management, Change Management, Governance and Audit.
Performed FISMA boundary modifications by assessing functional components and adding them to or removing them from an existing boundary.
Researched and document application owners and associated accounts to support identity and access management (IAM).
Responded to FFIEC audit requests and findings by supporting the centralization of IAM and associated reporting.
NexTech (FIRST TENNESSEE BANK) – Memphis, TN 01/2015 – 06/2015
Information Security Risk Analyst
Participated in updating control requirements to support PCI DSS 3.0.
Performed risk assessments on third-party applications and key processes to identify potential vulnerabilities and assess policy adherence.
Performed audits to support SOX, SOC, SSAE16, PCI, and GLBA.
Identified opportunities for process improvements to deliver efficiency within the established assessment framework.
NatSoft (JPMORGAN CHASE) – Columbus, OH 08/2014 – 10/2014
Information Security Risk Analyst
Contracted to establish and manage a process to remove a backlog associated with privileged access defects and improve operational efficiency.
Functioned as the liaison between business teams and the centralized identity and access management (IAM) team to increase compliance and understanding of existing information technology policies and standards.
Maintained privileged accounts within CyberArk vaults.
Verified and reconciled failed accounts within the QA and production CyberArk environments.
Performed daily risk management functions in the IAM space to support PCI DSS requirements.
Iconma (MASTERCARD) – O’Fallon, MO 08/2013 – 01/2014
Senior Security Analyst
Managed identity and access management (IAM) roles and entitlements for both internal users and existing customers.
Reviewed business and functional requirements to analyze and define access needs, maintaining least privilege across the environment.
Monitored and checked to ensure that the role get the correct entitlements in a role based access control in compliance with PCI DSS
Assessed the impact of proposed security and access control modifications to insure the availability of both internal and customer-facing systems.
Interacted with internal and external users to respond to inquiries regarding roles, entitlements, and related security matters.
Coordinated identity management and access implementations across multiple environments.
Provided back-up support to the security help desk.
USmax (DHS-CBP ) – Springfield, VA 11/2012 – 04/2013
Conducted research and threat analysis on current vulnerabilities and exploits.
Conducted operating system, application, and database vulnerability assessments using Tenable Nessus scanning tools.
Analyzed vulnerability assessments and calculated and assed risk and potential impact to the organization based on threats, vulnerabilities, and mitigating factors.
Briefed management on current vulnerabilities and provided recommendations of countermeasures.
Authored information security notification based on vulnerabilities applicable to the environment; tracked compliance to notifications requiring corrective action.
Assisted information system security officers and system administrators in the validation and remediation of identified vulnerabilities.
WidePoint Solutions (FMCSA-DOT) – Washington, DC 10/2009 – 06/2012
Performed system security administration on designated technology platforms including operating systems, applications, and network devices.
Performed identity and access management (IAM) functions for designated systems and applications.
Performed risk assessments to determine security requirements.
Conducted system vulnerability scans utilizing eEye Retina tools and published weekly vulnerability reports.
Developed and implemented plans and solutions to remediate or mitigate identified vulnerabilities.
Assessed system technical controls as defined by NIST 800-53.
Conducted baseline security scans utilizing the Center for Information Security Configuration Assessment Tool (CIS-CAT).
Performed security self-assessment, contingency plan, security test and evaluations, and business impact assessments.
Participated in the Patch Vulnerability Group meetings to discuss Microsoft Patch Tuesday before deployment into production.
Documented the results of assessments and testing in support of System Certification and Accreditation requirements.
Developed Plan of Action and Milestone (POAM) documentation to support requirements.
Monitored security controls to ensure that security designs were correctly implemented and functioning effectively.
TCS (CITIGROUP) – Cincinnati, OH 08/2007 – 06/2009
Lead Information Security Analyst/SOX Compliance Advisor
Performed incident identification and management as a member of the Security Event Monitoring Team.
Documented procedures and both internal and industry best practices to develop and update process control manuals.
Monitored security events in SQL Server, Oracle databases, and Teradata, utilizing LT Auditor and BoKS and eTrust tools. (SIEM)
Monitored system and network security events utilizing ArcSight and eTrust Access Controls.
Monitored systems and conducted reviews of logs, reports, system settings, and user permissions.
Analyzing and correlating incident event data to develop preliminary root cause and corresponding remediation strategy
Worked with other contract teams to effectively respond to cyber incidents
Following established incident response procedures to ensure proper escalation, analysis and resolution of security incidents
Configured and monitored Cisco ASA firewalls.
Proactively disclosed and remedied potential breaches and risks to systems and data.
Followed-up on security events and escalations to ensure a prompt resolution.
Performed risk assessment surveys to identify security requirements.
Participated in the review of internal controls to support PCI DSS requirements.
AMERIKONSULT, INC (Consulting) – Columbus, OH 01/2004 – 08/2007
Senior IT Auditor
Participated in the audit planning process and the development of internal audit procedures and guidelines.
Assessed clients’ IT risks using key controls and objectives to determine the scope of testing.
Collaborated with external audit firms in monitoring and conducting audits.
Performed reviews of internal controls to support SOX, HIPAA, and PCI compliance; utilized COBIT and COSO frameworks.
Prepared detailed audit reports and made meaningful recommendations to all levels of management.
Analyzed security controls in the Windows environment to test and verify compliance.
Conducted vulnerability assessments and system incident and event management activities.
NATIONWIDE INSURANCE SERVICES – Columbus, OH 07/1997 – 01/2004
Helpdesk Coordinator/Technology Analyst/ Network Systems Support Analyst
Maintained user and system accounts, and groups within Active Directory.
Responsible for troubleshooting and fault finding computers and network connectivity problems to resolution.
Maintained and corrected problems related to server and workstation agents and the Wintel environment.
Performed system administration for the Windows and Citrix environments.
Engineered and configured WAN connections utilizing T1, ISDN, ATM, Frame Relay, QOS, and CSU/DSU.
Installed and managed a Cisco VPN Concentrator and associated VPN tunnels and accounts.
Configured and monitored Cisco IDS and IPS.
Monitored communication lines, network devices, and servers utilizing HP OpenView and IBM Netview.
Participated in disaster recovery tests and operations.
BS, Aerospace Technology – Kent State University, Kent, OH
Certificate in Networking and Distributed Systems – Columbus State Community College, Columbus, OH
Certificate in Interconnecting Cisco Networking Devices – Global Knowledge, Worthington, OH
Certified Information Systems Auditor – CISA, ISACA
Certified Information Security Manager – CISM, ISACA
Cisco Certified Network Associate – CCNA, CISCO
Microsoft Certified Systems Engineer – MCSE 2000, Microsoft
Microsoft Certified Professional + Internet – MCP+I, Microsoft
Servers, PCs, peripherals; Cisco ASA, Cisco VPN Concentrator, CyberArk Vaults, Cisco ASA.
OS and Software:
MS Windows Server NT 4.0, 2000, 2003; UNIX, Linux, Cisco IOS, AS/400, MS Exchange, Citrix, CyberArk, ArcSight, LT Auditor, eTrust Access Controls, BoKS, Help, Tivoli, Peregrine, Remedy, GSM, JIRA.
Languages and Protocols:
Visual Basic, C++, TCP/IP, NetBEUI, DHCP, WINS, DNS, SMTP, HTML, FTP, Telnet, Frame Relay, VPN, Active Directory.
Member, Information Systems Security Association (ISSA)
Member, Information Systems Audit and Control Association (ISACA)