EMEKA UDEIGWE

ad000m@r.postjobfree.com

330-***-****

Objective

Proficient in security tools, technologies, and best practices, with a strong emphasis on compliance with FISMA and NIST Publications. Boasting over six years of experience in the Risk Management Framework and Vulnerability, I specialize in offering guidance and support for security assessments and continuous monitoring in alignment with government standards (FISMA & NIST). I conduct Risk Assessments and compliance reviews to ensure the Integrity, Confidentiality, and Availability of system resources. I am organized, solution-oriented, and deadline-driven, with the capability to work well both independently and as part of a team

Education

BA in Computer Science University of Port-Harcourt, Nigeria August 2010

MBA Youngstown State University, OH. May 2018

Certifications

•CompTIA Security+ Certification

•Certified Information System Auditor (CISA) – In Progress

Summary of Qualifications

•Perform Security Assessment and Authorization (A&A) activities.

•Develop, review, and evaluate System Security Plans

•Develop and conduct SCA (Security Control Assessments) according to NIST SP 800-53A.

•Familiar with FISMA NIST publications, including SP 800-60, SP 800-53rev4, SP -800137, and FIPS 199

•Develop and update POA&Ms

•Ability to multi-task and work independently and as part of a team.

•Strong analytical skills

•Effective interpersonal and verbal/written communication skills

Experience

InquistIT October 2020 – Present

ISSO- Cybersecurity Analyst

•Analyze and update System Security Plans (SSP), Risk Assessments (RA), Privacy Threshold Assessments (PTA), Privacy Impact Assessments (PIA), Contingency Plans (CP), FIPS 199, Contingency Plan Tests (CPT), System Security Test and Evaluation (ST&E), Security Assessment Reports (SAR) and Plan of Actions and Milestones (POA&Ms)

•Assist System Owners in preparing A&A packages for the company’s IT systems, making sure that management, operational, and technical security controls comply with security requirements per NIST SP 800-53rev4

•Designate systems and categorize its Confidentiality, Integrity, and Availability (C.I.A) using FIPS 199 and NIST SP 800-60

•Conduct Self-Annual Assessments (NIST SP 800-53A)

•Perform Vulnerability Assessments, making sure risks are assessed, evaluated, and mitigated to limit their impact on the information and information systems.

•Create standard templates for required A&A documents, including Risk Assessments, Security Plans, Security Assessment Plans and Reports, Contingency Plans, and Security Authorization Packages

•Monitor and prepare required actions and documents pertaining to the A&A of the system throughout its lifecycle, including security evaluation findings and residual risks.

•Conduct comprehensive reviews of security authorization documents to ensure appropriate NIST security controls were used during the assessments and relevant to the Confidentiality, Integrity, and Availability of the systems.

•Review SSPs and other A&A documents for all applications to determine if the organization’s mandated procedures and tasks are followed, such as using CSAM.

•Review and process Interconnection Security Agreements (ISAs), Policy Waivers, Approval to Test (ATT), and Interim Approval to Operate (IATO) documents.

•Assist the Government in preparing a written justification, when appropriate, to obtain a written waiver of policy for mandated security features.

Jensen LLC Washington, DC July 2018 - September 2020

Security Control Assessor

•As an Assessor focused on RMF phase 4 (Assessing security controls)

•Effectively engaged in preparing for assessments, conducting assessments, and communicating assessment results

•Coordinated, participated, and attended weekly forums for security advice and updates.

•Created Security Assessment Plans (SAP) to document assessment schedules, control families to be assessed, control tools and personnel, client’s approval for assessment, assessment approach and scope, and Rules of Engagement (ROE) if vulnerability scanning was involved.

•Used the implementation section of the System Security Plan (SSP) in addressing how each control was implemented (frequency of performing the controls, control types, and status) as part of my interview answers during the Security Testing and Evaluation (ST&E) documentation.

•Determined assessment method (examining policies and procedures, interviewing personnel, and testing technical controls), using NIST SP 800-53A as a guide.

•Created Risk Traceability Matrix (RTM) in which to document assessment results (pass/fail)

Prepared Security Assessment Reports (SAR) in which all the weaknesses are reported.

•Created Plans of Action and Milestones (POA&Ms) to trace corrective action and resolve weaknesses and findings.

•Set up and participate in the Assessment Kick-Off meetings.

•Determined threat sources and applied security controls to reduce risk impact.

•Used POA&M tracking tools like CSAM (Cyber Security Assessment and Management) and/or Excel spreadsheet to make sure the POA&M is not in delayed status.

US Security Associate June 2016 – June 2018

Desktop Support/Sys Administrator

•Provide phone and in-person IT white glove support to executives and upper management. Utilized Service Now to document ticket resolution.

•Implemented and enhanced information systems and/or procedures based on users’ requirements by documented analysis and detailed functional specifications.

•Installed, configured, and troubleshooted hardware and software issues.

•Prioritized and implemented requested changes to Epic systems in accordance with change management procedures.

•Provide MS Office 365, MS Teams, SCCM, and Skype for Business and VPN support.

•Maintain vendor and user relationships and communicated status reports and issues list.

•Troubleshooted and successfully resolved Microsoft Outlook.ost/pst, calendar, send and receive issues.

•Performed Active Directory password reset and created hostnames and groups.

•Followed through on issues for resolution, escalated, and communicated status to the manager.

•Evaluated requests for service and followed through, as evidenced by the completion of system evaluation forms and requirements documentation.

•Responded to system issues by following documented on-call and downtime procedures.

REFERENCES: AVAILABLE UPON REQUEST

Contact this candidate