Resume

Sign in

Information Security Engineer

Location:
Columbus, Ohio, United States
Posted:
February 18, 2019

Contact this candidate

Resume:

Samuel O. Ogoji CISA, CISM, CCNA, MCSE

C: 513-***-**** H: 614-***-****

ac8i0w@r.postjobfree.com

IT SECURITY AND GOVERNANCE, RISK, AND COMPLIANCE SPECIALIST

Highly technical IT security engineer specializing in highly regulated environments including financial, government, and utilities. Direct experience in network engineering and administration, identity and access management, security administration, vulnerability assessments, incident response, control testing, and SOX, PCI DSS, NERC, and FISMA auditing.

CORE COMPETENCIES

CISA

CISM

CCNA

MCSE

IT auditing

Security auditing

Security administration

SOX testing

COBIT

COSO

PCI DSS

NERC CIP

NIST 800-53

Vulnerability assessment

Risk assessment

Policy development

IT Governance

MS Active Directory

Citrix administration

Cisco IDS and IPS

Cisco ASA firewalls

Cisco VPN

Network administration

LAN/WAN

McAfee

CyberArk

ArcSight

eTrust Access Control

TenableNessus

Symantec

LT Auditor

PROFESSIONAL EXPERIENCE

USTech (DTE ENERGY) – Detroit, MI 06/2016 – 04/2018

Senior Security Engineer NERC Compliance Organization

Responsibilities:

Responsible for verifying and validating evidence of compliance with NERC CIP requirements.

Recognized, identified and escalated compliance or process related risks.

Documented QA checklists for NERC CIP Requirements.

Performed security audits, risk assessments, and provided strategic direction for network infrastructure and global datacenters.

Monitored and evaluated a system’s compliance with NERC CIP security requirements

Verified change management process in the Patch and vulnerability Management

Refined and enhanced Third-Party Risk Management offering (defined risk appetite, risk segmentation, accountability alignment and risk management life cycle) and aligned to regulator guidelines.

Responsible for proactive and reactive communication with all regulated business and technical subject matter experts to support weekly compliance metrics.

Provided guidance and consultation to the Executive Team, Audit and Governance Teams, Information Security Services to successfully remediate any deficiencies along with General IT process improvement.

Assisted subject matter experts and requirement owners with interpreting requirements, determining DTE’s compliance to the requirement, evaluating evidence, and building controls, policies, and procedures to ensure compliance

Documented the established compliance sustainment process and recommended improvements.

Developed process control flow diagrams to identify security control points.

Participated in the evaluation of enterprise and department-level software including CyberArk, Tripwire, and CATSWeb.

Net2Source (NAVIENT )– Fishers, IN 08/2015 – 12/2015

Information Security Technical Architect

Responsibilities:

Identified existing IT security gaps as a driver to the development of an enterprise information security policy.

Managed a global team that provided strategic consulting and best practice implementation of all aspects of IT operations, more specifically in the areas of Project Portfolio Management, Risk Management, Change Management, Governance and Audit.

Performed FISMA boundary modifications by assessing functional components and adding them to or removing them from an existing boundary.

Researched and document application owners and associated accounts to support identity and access management (IAM).

Responded to FFIEC audit requests and findings by supporting the centralization of IAM and associated reporting.

NexTech (FIRST TENNESSEE BANK) – Memphis, TN 01/2015 – 06/2015

Information Security Risk Analyst

Responsibilities:

Participated in updating control requirements to support PCI DSS 3.0.

Performed risk assessments on third-party applications and key processes to identify potential vulnerabilities and assess policy adherence.

Performed audits to support SOX, SOC, SSAE16, PCI, and GLBA.

Identified opportunities for process improvements to deliver efficiency within the established assessment framework.

NatSoft (JPMORGAN CHASE) – Columbus, OH 08/2014 – 10/2014

Information Security Risk Analyst

Responsibilities:

Contracted to establish and manage a process to remove a backlog associated with privileged access defects and improve operational efficiency.

Functioned as the liaison between business teams and the centralized identity and access management (IAM) team to increase compliance and understanding of existing information technology policies and standards.

Maintained privileged accounts within CyberArk vaults.

Verified and reconciled failed accounts within the QA and production CyberArk environments.

Performed daily risk management functions in the IAM space to support PCI DSS requirements.

Iconma (MASTERCARD) – O’Fallon, MO 08/2013 – 01/2014

Senior Security Analyst

Responsibilities:

Managed identity and access management (IAM) roles and entitlements for both internal users and existing customers.

Reviewed business and functional requirements to analyze and define access needs, maintaining least privilege across the environment.

Monitored and checked to ensure that the role get the correct entitlements in a role based access control in compliance with PCI DSS

Assessed the impact of proposed security and access control modifications to insure the availability of both internal and customer-facing systems.

Interacted with internal and external users to respond to inquiries regarding roles, entitlements, and related security matters.

Coordinated identity management and access implementations across multiple environments.

Provided back-up support to the security help desk.

USmax (DHS-CBP ) – Springfield, VA 11/2012 – 04/2013

Security Analyst

Responsibilities:

Conducted research and threat analysis on current vulnerabilities and exploits.

Conducted operating system, application, and database vulnerability assessments using Tenable Nessus scanning tools.

Analyzed vulnerability assessments and calculated and assed risk and potential impact to the organization based on threats, vulnerabilities, and mitigating factors.

Briefed management on current vulnerabilities and provided recommendations of countermeasures.

Authored information security notification based on vulnerabilities applicable to the environment; tracked compliance to notifications requiring corrective action.

Assisted information system security officers and system administrators in the validation and remediation of identified vulnerabilities.

WidePoint Solutions (FMCSA-DOT) – Washington, DC 10/2009 – 06/2012

Security Engineer

Responsibilities:

Performed system security administration on designated technology platforms including operating systems, applications, and network devices.

Performed identity and access management (IAM) functions for designated systems and applications.

Performed risk assessments to determine security requirements.

Conducted system vulnerability scans utilizing eEye Retina tools and published weekly vulnerability reports.

Developed and implemented plans and solutions to remediate or mitigate identified vulnerabilities.

Assessed system technical controls as defined by NIST 800-53.

Conducted baseline security scans utilizing the Center for Information Security Configuration Assessment Tool (CIS-CAT).

Performed security self-assessment, contingency plan, security test and evaluations, and business impact assessments.

Participated in the Patch Vulnerability Group meetings to discuss Microsoft Patch Tuesday before deployment into production.

Documented the results of assessments and testing in support of System Certification and Accreditation requirements.

Developed Plan of Action and Milestone (POAM) documentation to support requirements.

Monitored security controls to ensure that security designs were correctly implemented and functioning effectively.

TCS (CITIGROUP) – Cincinnati, OH 08/2007 – 06/2009

Lead Information Security Analyst/SOX Compliance Advisor

Responsibilities:

Performed incident identification and management as a member of the Security Event Monitoring Team.

Documented procedures and both internal and industry best practices to develop and update process control manuals.

Monitored security events in SQL Server, Oracle databases, and Teradata, utilizing LT Auditor and BoKS and eTrust tools. (SIEM)

Monitored system and network security events utilizing ArcSight and eTrust Access Controls.

Monitored systems and conducted reviews of logs, reports, system settings, and user permissions.

Analyzing and correlating incident event data to develop preliminary root cause and corresponding remediation strategy

Worked with other contract teams to effectively respond to cyber incidents

Following established incident response procedures to ensure proper escalation, analysis and resolution of security incidents

Configured and monitored Cisco ASA firewalls.

Proactively disclosed and remedied potential breaches and risks to systems and data.

Followed-up on security events and escalations to ensure a prompt resolution.

Performed risk assessment surveys to identify security requirements.

Participated in the review of internal controls to support PCI DSS requirements.

AMERIKONSULT, INC (Consulting) – Columbus, OH 01/2004 – 08/2007

Senior IT Auditor

Responsibilities:

Participated in the audit planning process and the development of internal audit procedures and guidelines.

Assessed clients’ IT risks using key controls and objectives to determine the scope of testing.

Collaborated with external audit firms in monitoring and conducting audits.

Performed reviews of internal controls to support SOX, HIPAA, and PCI compliance; utilized COBIT and COSO frameworks.

Prepared detailed audit reports and made meaningful recommendations to all levels of management.

Analyzed security controls in the Windows environment to test and verify compliance.

Conducted vulnerability assessments and system incident and event management activities.

NATIONWIDE INSURANCE SERVICES – Columbus, OH 07/1997 – 01/2004

Helpdesk Coordinator/Technology Analyst/ Network Systems Support Analyst

Responsibilities:

Maintained user and system accounts, and groups within Active Directory.

Responsible for troubleshooting and fault finding computers and network connectivity problems to resolution.

Maintained and corrected problems related to server and workstation agents and the Wintel environment.

Performed system administration for the Windows and Citrix environments.

Engineered and configured WAN connections utilizing T1, ISDN, ATM, Frame Relay, QOS, and CSU/DSU.

Installed and managed a Cisco VPN Concentrator and associated VPN tunnels and accounts.

Configured and monitored Cisco IDS and IPS.

Monitored communication lines, network devices, and servers utilizing HP OpenView and IBM Netview.

Participated in disaster recovery tests and operations.

EDUCATION

BS, Aerospace Technology – Kent State University, Kent, OH

Certificate in Networking and Distributed Systems – Columbus State Community College, Columbus, OH

Certificate in Interconnecting Cisco Networking Devices – Global Knowledge, Worthington, OH

CERTIFICATIONS

Certified Information Systems Auditor – CISA, ISACA

Certified Information Security Manager – CISM, ISACA

Cisco Certified Network Associate – CCNA, CISCO

Microsoft Certified Systems Engineer – MCSE 2000, Microsoft

Microsoft Certified Professional + Internet – MCP+I, Microsoft

CISSP-in-Progress

TECHNICAL SKILLS

Hardware:

Servers, PCs, peripherals; Cisco ASA, Cisco VPN Concentrator, CyberArk Vaults, Cisco ASA.

OS and Software:

MS Windows Server NT 4.0, 2000, 2003; UNIX, Linux, Cisco IOS, AS/400, MS Exchange, Citrix, CyberArk, ArcSight, LT Auditor, eTrust Access Controls, BoKS, Help, Tivoli, Peregrine, Remedy, GSM, JIRA.

Languages and Protocols:

Visual Basic, C++, TCP/IP, NetBEUI, DHCP, WINS, DNS, SMTP, HTML, FTP, Telnet, Frame Relay, VPN, Active Directory.

ASSOCIATIONS

Member, Information Systems Security Association (ISSA)

Member, Information Systems Audit and Control Association (ISACA)



Contact this candidate