Information System Security Analyst
Resume:
I am a Certified Ethical Hacker and Certified CompTIA Security + with hand-on-expertise in security management, identifying threats and vulnerabilities as well as running applications to secure data. I have extensive knowledge in implementing Cyber Security technologies, policies, and procedures to ensure the confidentiality, integrity, and availability of information systems. Capable of executing systems security plans, security control assessments, vulnerability scan, Network monitoring, risk management and apply security responses. Have a self-initiative to attain objectives, with 6years of experience in data security. I have an extensive knowledge in risk management framework to safeguard information security and sensitive data. Good communication skills in the domain of management, administration, field coordination, and training. Excellent experience working with internal audits, risk management framework, Internal control evaluation, and system security requirements. Enthusiastically committed to implementing cyber security measures that will increase organizational productivity and sustainable development.
Asset Management Analyst/Wal-Mart Stores
2013- Present
Job Duties:
Implement security measures using Risk Management Framework procedures to ensure system Confidentiality, Integrity, and Availability.
Manage security control assessment(SCA) using NIST 800-53A rev1 per NIST, FISMA standard, and guidelines. Enforce System Security Plans (SSP) to support NIST 800-18 and NIST 800 53 requirements.
Perform Risk assessments by using Special Publication (NIST SP) - 800-30 Rev 1 and all the six phases of Risk Management Framework (RMF), using NIST Special Publication 800-37 Rev. 1 and following FISMA standard and guidelines.
Conduct assessments and authorization processes (A&A) NIST 800-37 as a guide, Security assessment reports (SAR), security system plans (SSP), Plans of Action and Milestones (POA&M) resource, using NIST 800-53A following NIST standard to ensure technical cybersecurity controls.
Coordinate policies, standards, and procedures then provide feedback as per their adequacy, accuracy and compliance following NIST standard guidelines.
Evaluate the effectiveness of the contingency plans with relation to the NIST SP 800-34, Rev. 1, which provide guidelines in which contingency planning fits into an organization’s risk management, security, and emergency preparedness programs and plans.
Set up a plan of action to respond to cyber breaches in conformity with the six steps of incident respond which are preparation, identification, containment, eradication, recovery, and lesson learned.
Implement initial respond to threats and assist in disaster recovery and crisis management using FEMA Publication FD 008-03, which provide pre and post-disaster planning guides.
Ensure financial reporting, compliance management, consolidated risk assessment, policy management, audit management, security and IT, strategic planning, project risk management, insurance and safety, and financial risk management. Using tools like MBSA to provide enterprise risk management solutions.
Using the CSAM tool to assess, record, implement, and report on the status of IT security risk assessments and developed IT security control standards and policies
Perform port scanning, configure weak configurations, and update missing patches. Also, using NESSUS Vulnerability Scanner to determine the cause of a system attack and supports vulnerability management.
Perform safety assessments and safety action plan in conformity with the organization’s policies and procedures.
Set up an IT emergency response plan with guides from the emergency procedures manual/flipchart.
Implement IT business continuity steps using publication NIST 800-34, Rev. 1 by performing risk Assessment, business impact analysis (BIA), fund BCP, implement plans and carry out plan testing and maintenance.
Write down daily reports and ensures that incident report protocols are followed. Ensure continues compliance as stated by FISMA guidelines.
Manage Security Assessment Framework (SAF) for FedRAMP, enforce security assessment process to achieve compliance with FedRAMP and provide continuous monitoring guidance through periodic reporting, making plans for changes to the system and respond to incidences.
Implement policies to protect data in cloud services and enforce Cloud Computing Service Models (IaaS, PaaS and SaaS). Provide an overview of FedRAMP and application to ensure FedRAMP compliance.
Assess and review security controls and documentation of Cloud Services, including FedRAMP packages, to understand user's behavior and associated risks for the organization
Determine the information type based on guidance from FIPS Pub 199, Standards for Security Categorization of Federal Information and Information Systems which is based on NIST SP 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories
EDUCATION & CERTIFICATIONS
EDUCATION
Master of Sciences in Cyber Security University of Maryland University College (2016-2018)
Bachelor’s in law (LL. B) University of Buea (2002-2005)
Certificate in Agribusiness and Biotechnology, Muscatine Community College (2011 – 2012)
CERTIFICATION
CompTIA Security+ SY0-501
Certified Ethical Hacker (CEH)
OTHER CERTIFICATES
Certificate in Global Leadership.
Honorary Certificate in Phi Theta Kappa.
Certificate of completion of a program of study and professional development
TECHNICAL SKILLS:
Web Applications and System Administration, FedRAMP SRTM, Windows 98/2000/XP/windows 10 pro, MS Office (Word, Excel, PowerPoint, Outlook, Access), Cloud computing, Windows, UNIX and Linux operating systems, encryption, Access control (MAC, DAC. RBAC), DS/IPS systems, FISMA, NIST SP 800-Series, System Security, FedRAMP Compliance, FIPS 199, FISCAM, System Continuous Monitoring, POA&M, SSP, Nessus, CSAM, Emass, ISO 27000, COBIT, ITIL PMBOK.
Competencies:
Risk Management, Vulnerability Scan, Network Monitoring, Port Scanning, Patch Updates, disaster recovery, Penetration testing, Risk, and vulnerability assessment, Internal and external investigations, Safety, and security, NIST management framework, Maintain compliance, General controls, Business Continuity Planner, Crisis management, Project management, authentication, Security updates and patch management.
N.B I AM A GREEN CARD HOLDER READY TO DO PUBLIC TRUST CLEARANCE AT ANY TIME.
Contact this candidate