Security Information
Resume:
Yannick Ekpe,
Cell: 919-***-****, *********@*****.***
Information Security and FISMA Compliance Analyst.
Detailed knowledge of security tools, technologies and best practices with more emphasis on FISMA/NIST and Sarbanes-Oxley 404. Over five years of experience in system security monitoring, auditing and evaluation, C&A and Risk Assessment of GSS (General Support Systems) and MA (Major Applications).
Summary of qualifications
Perform Certification and Accreditation documentation in compliance with company standards
Develop, review and evaluated System Security Plan based NIST Special Publications
Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems
Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A and NIST SP 800-53R4
In depth knowledge of COOP, COSO and COBIT Frameworks
Compile data to complete Residual Risk Report and to insert contents into the POA&M
Ability to multi-task, work independently and as part of a team
Strong analytical and quantitative skills
Effective interpersonal and verbal/written communication skills
Professional Experience
Evergreen Information Security and Technology 06/2013-Present
Information Security Analyst
Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan Of Actions and Milestones (POA&M)
As consultant I work with System Owners and ISSO in preparing certification and Accreditation package for Systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4
Categorization of systems using FIPS 199 and NIST SP 800-60
Conduct Risk Assessment
Perform Vulnerability Assessment. Make sure that risks are assessed, evaluated and a proper actions have been taken to mitigate their impact on the Information and Information Systems
Created documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
Evergreen Information Security and Technology 01/2012 to 6/2013
SOX 404 Compliance testing Analyst
Perform IT risk assessment and document the system security keys controls
Meet with IT team to gather evidence, develop test plans, testing procedures and document test results and exceptions
Design and Conduct walkthroughs, formulate test plans, test results and develop remediation plans for each area of the testing
Wrote audit reports for distribution to management and senior management documenting the results of the audit
Conducted risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard
Participate in the SOX testing of the General Computer Controls
Develop a Business Continuity Plan and relationship with outsourced vendors
Evaluate clients key IT processes such as change management, systems development
Computer / data center operations and managing security at database, network and application layers
Professional Training
Certification and Accreditation Document Review training, March 2013
Information Assurance Awareness training, April 2013
Anti-Phishing training, June 2012
CAP: Certified Authorization Professional Training, September 27-29, 2012
Webcast: Information Security and Privacy – FISMA “Next Gen,” March 22, 2012
Enterprise Certification & Accreditation Training January 2012
Information Systems Security training, December 2012
Project Management training, American Management Association, July 2012
A+, Computer Institute, Rockville, MD, August 2012
FISMA Compliance Certification, FISMA Center, Columbia, MD, September 2012
Education
Wake Technical Community College, Raleigh, NC
Associate Degree in Business Administration, 2012
Associate Degree in Accounting, 2012
Business Core Certificate, 2012
Certifications
Actively working to become a Certified Information Security Auditor (CISA
REFERENCES
References will be furnished up on request
Contact this candidate