Post Job Free
Sign in

Security Management

Location:
Chicago, IL
Salary:
112.000 to 150,000
Posted:
April 12, 2017

Contact this candidate

Resume:

J. Luke

Email: *****.***@*****.***; Phone: 872-***-****

Professional Summary

* ***** **** ************ ********** in IT security Assessment and Authorization (Security Controls test - ing, Vulnerability assessment, Penetration testing and Authorization to ensure staff, systems and net - works compliance with NIST SP 800-53, including the categorization of systems (NIST 800-60(V2). 5 years plus experience as Assessor and IT Security Compliance Analyst in routine IT Security program support (policy and procedure updates, POA&M management, Audit responses, and PCI DSS Compli - ance Audit) and Skilled Risk Assessment Manager with expertise in IT Security Program management and cost savings.

Experienced in the support and implementing of Security controls for ERPs (Physical Access Control sys- tem (PACS), Transaction processing Systems, Data Base Management System, Business Intelligence Management Systems, Identity Management system (IDMS) across numerous client organizations. Expert in IT security Incident response (Network Traffic (IDS/IPS incident monitoring and review of DLP

(Data Loss Prevention activities).Completed numerous Security control audits and assessments Highly conversant with current security threats model with strong willingness to stay at the forefront of security developments as a competent professional to enhance software security, decrease vulnerabilities and reduce risk.

Technical Skills

Professional History

Motivon Inc. – IL

FISMA Assessment & Authorization Analyst - 11/15 to present Motivon is an IT systems business solutions provider with specialized expertise in ERP or CRM, e-Commerce, Total IT infrastructure, Customized Applications, Offshore program Setup, Development and Management and IT Security and Audit.

Responsibilities:

Daily review, evaluating, assessing and monitoring of assigned systems compliance with all ap- plicable security standards, frameworks, laws and regulations Operation Tools: Nessus, Qualys, CSAM, TAF, Xacta, RiskVision, SPLUNK, ArcSight Logger, McAfee Enterprise Security Manager, McAfee DLP, TrueCrypt, Hashme, Kali Linux, Wireshark, HP ALM (11.2) formerly

(QC), HP Unified Functional Testing (UFT), SQL Developer, JIRA, Bugzilla, Tableau Desktop.

Operating Systems: Windows, Windows 6.0/vista, Windows XP Professional, Mac OS X., IOS, Linux, Oracle.

IT Systems: Physical Access Control System (PACS), Identity Management system (IDMS), Transaction Processing System, Data Base Management System, Business Intelligence Management Systems, FedRAMP

Software and Artifacts: MS Excel, MS Access, MS Project, MS Office, MS Outlook, MS Visio, MS PowerPoint: SSP, System Registration, SSC, SAP, SAR, ATO, POA&M, CP, CPT, PTA, PIA, e-authentication assessment, ATO. Database, Methodologies

Languages

MS SQL Server, MySQL. Agile/Scrum, Waterfall, EIT. SQL, VB Scripting.

Security Control Provisions,

Regulations and Standards:

FISMA, NIST 800 (series), FIPS, ISO/IEC 27000 (Series) Sans 20, PCI DSS, COBIT, Sarbanes Oxley (SOX), SPs.

J. Luke

Email: *****.***@*****.***; Phone: 872-***-****

Supervise the FISMA Validation team to provide A&A support to other security system stakehold- ers and personnel.

Ensure that A&A packages (SSP, CP, CPT, PTA, PIA, SAR, ATO and POA&M) for assigned sys- tems remain current, reviewed annually and properly managed

Ensure compliance with control standards and frameworks (NIST SP 800-53, ISO/IEC 27001/2, the Cybersecurity Framework, COBIT, SOC II, and PCI/DSS.

Conduct IT controls risk assessments that include reviewing organizational policies, standards, procedures and guidelines.

Operate in an oversight capacity with regards to system change and patch management by per- forming vulnerability assessments and penetration testing where necessary.

Conduct Security Trainings and update security policies, procedures and guidelines

Perform assessment and continuous monitoring and provide weekly status report to client with regards to ongoing A & A package updates.

Work with IDS/IPS tool (SNORT) and SEIM tools (Splunk and ArcSight logger 6) to analyze and review logs and data for client security issues management.

Coordinate annual updates to ALL Enterprise materials (policies and procedures) that cover in- formation systems.

The Nigbel Group – TX

Information Systems Security Officer - 10/13 to 10/15 The Nigel Group (TNG) founded in 2007 is a technology management, consulting and outsourcing firm that specializes in providing best-fit IT solutions to both private and public clients of different sizes and needs. TNG operates as a trusted partner and Go-To provider for all IT Security services. Responsibilities:

Assisted in the development of Privacy Threshold Analysis (PTA), and Privacy Impact Analy- sis (PIA) when PII (Personally Identifiable Information) stored in the system.

Managed vulnerabilities with the aid of Nessus to detect potential risks on single or multiple as- sets across the enterprise network.

Assisted with the annual tabletop exercise and the full functional disaster recovery test of the Computer Security Incident Response Plan in line with (NIST 800-34).

Implemented system classification and categorization using the 6 Steps of Risk Management Framework (RMF) to ensure system Confidentiality, Integrity, and Availability (C.I.A) of re- sources.

Analyzed and updated System Security Plan (SSP); Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security Test and Evaluation (ST&E) and Plan of action and milestones (POA&M)

Worked as member of the QSA (Qualified Security Assessor)/ ASV (Approved Scanning Vendor) team to create overall (ROC) Report of Compliance for clients based on PCI DSS Compliance Audit.

Assisted in preparing certification and Accreditation package for company's IT systems, making sure that management, operational and technical security controls adhere to a formal and well- established security requirement authorized by NIST SP 800-53 R4.

Coordinated weekly forums for security advice and helped to maintain PCI compliance doc- umentation as a member of the PCI DSS Compliance Audit team.

Performed Vulnerability Assessment and made sure that risks are assessed; evaluated and prop- er action is taken to limit impact on the Information and Information Systems Analyzed.

Collaborated with the project team to support Security assessments (Security Assessment and Authorization [SA&A] or Certification and Accreditation [C&A] activities) and audits USITplus - IL

IT Security Analyst - 2/12 to 7/13

Established over 10 years ago, USITplus Business Solutions is a dynamic and fast growing company providing customized business IT solutions, business intelligence, and business software products to J. Luke

Email: *****.***@*****.***; Phone: 872-***-****

clients from diverse industries. Member companies are focused on developing business-driven, cost effective and long term solutions that maximize clients'` return of investments. Responsibilities:

Assisted with the general evaluation of security programs of third-party service providers to en- sure compliance with Clients baseline requirements.

Analyzed vulnerability scans results and conducted risk assessments of the findings with the in- formation system owner.

Updated E-Authentication reports to provide technical guidance in the implementation of elec- tronic authentication (E-authentication).

Assisted in maintaining the Security Information Security Plan and associated security control documents.

Trained new hires to get them acquainted with the daily/ routine IT security program maintenance and tools used to support the overall security assessment control (SCA) process.

Maintained operational Security posture for an information system or program to ensure informa- tion systems Security policies, standards, and procedures are established and followed.

Updated IT Security policies, procedures, standards, and guidelines according to department and federal requirements.

Performed risk assessments, developed and reviewed System Security Plans (SSP), Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration Man- agement Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP), in accor- dance with NIST SP 800-37 rev 1, 800-18, 800-53 rev 4 and 800-34.

Utilized Nessus to ensure compliance and continuous monitoring requirements and operated as an effective POA& M manager and very conversant with TAF, Xacta and CSAM.

Assisted in the development of an Information Security Continuous Monitoring reports to help client in maintaining ongoing awareness of information security. ADDITIONAL INFORMATION:

Access Bank Plc.

Lead - Regulatory Compliance Officer

Planned, directed and coordinated regulatory activities to ensure compliance with state, federal and company requirements for banking programs in addition to Government Relations, HR and audit functions.

Guaranty Trust Bank Plc

Internal Auditor/Systems Control Officer

Worked as officer responsible for the timely execution of Risk-based internal audits in accordance with the annual audit plan execution, as well as assisting with other audit matters and projects. Guaranty Trust Bank Plc

Legal Officer

Worked in various aspects of the company’s legal department as in-house solicitor fighting lawsuits to overseeing purchase of real estate property in line with the Central Bank’s Regulation. Technical Education

EDUCATION

Governors State University - (MS accounting) - Ongoing

Nig. Law School

University of Ibadan - (Bachelor of Laws (LLB. BL) TRAINING/CERTIFICATES

CISSP Certification - Next month

CompTIA Security+ - Ongoing

J. Luke

Email: *****.***@*****.***; Phone: 872-***-****

Crest Consulting Group – IT/Cyber Security Analyst Training

Master Automation and Web Services Testing using UFT/QTP Certificate No: UC-UIDPDDQF

Certificate URL: ude.my/ UC-16CRESNC

Master UFT/QTP and Build Automation Scripts Training Certificate No: UC-UIDPDDQF

Certificate URL: ude.my/ UC-UIDPDDQF

Software Testing and Automation of APIs with UFT/QTP Certificate No: UC-UIDPDDQF

Certificate URL: ude.my/ UC-UIDPDDQF

Data Visualization with Tableau online

Certificate No: C89CDYTD

Link: https://www.edureka.co/ViewCertificate

Tableau 9 Essential

Certificate No: FCAEB6E835094A7CB18578779AB26BEA

Link:https://www.lynda.com/ViewCertificate/FCAEB6E835094A7CB18578779AB26BEA? utm_source=directlink&utm_medium=sharing&utm_campaign=certificate

Microsoft Business Intelligence Stack Fundamentals Certificate No: 61B7ACA9E1B64685AD99287455ABC066

Link:https://www.lynda.com/ViewCertificate/61B7ACA9E1B64685AD99287455ABC066? utm_source=directlink&utm_medium=sharing&utm_campaign=certificate

USitplus Technical Institute – Manual Quality Assurance Training/Internship

Member of Council of Legal Education



Contact this candidate