NWABU CHUKWUZUBELU

Baltimore, MD ***** 443-***-**** ad1w33@r.postjobfree.com U.S. Citizen with Active Secret Clearance Professional Summary

U.S. army reservist with over six (6) years of demonstrated on the job experience in the Information Security and Information Assurance field. Skilled at developing, implementing, and maintaining security protocols to protect data and ensure compliance with industry standards and regulations. Proven history of delivering exceptional risk management support. Results-driven cybersecurity professional with notable success in planning, analysis, and implementation of security initiatives. Strengths in providing comprehensive network design and security frameworks. Skilled at identifying business risks and compliance issues and designing proactive solutions. Possesses a strong background in designing and implementing layered network security approaches.

Education & Certifications

CompTIA Security+ - Active

Certified Information Systems Auditor - Active

Babcock University – Bsc Information Resources Management, 2014 Skills

Standards/ Controls/ Framework: Confidentiality,

Integrity, Availability, Access Control, Audit and Accountability, ITIL, ISO 17799, Assessment and Authorization, STIGs General Computer Controls, Application control Testing, Compliance Testing, Vulnerability Scans, Firewall Rules, Project Management, Risk Assessment, Change Management,

Configuration Management, Contingency Planning; Policies and Procedures, Implementation; Intrusion Detection Systems, Incident Response, Media Protection, Physical Security, Computer operations, Environmental Security, Network Security, System Security, Personnel Security, NIST 800-53, FIPS, FISMA, FedRAMP.

Software /Tools / Artifacts/ Platform: Nessus, Windows; FIPS-199, SORN, E-AUTH., PTA, PIA, RA, SSP, CP, CPT, ST&E, SAR, POA&M, ATO, ISA, MOU, Remedy, Office 365,

ServiceNow, Archer, Security Center, MS office suite, Power Point, Word, SharePoint, Excel.

Work History

Information Systems Security Officer – Aryon Consulting LLC – Stafford, VA 02/2020 to Present

• Ensure program adherence to both Risk Management Framework, governmental policies and regulations, and company policies for the operation and maintenance of classified Information Systems.

• Reviewed, updated, and developed required security documentation including but not limited to SSPs, Contingency Plans

(CP), Plans of Action and Milestones (POA&Ms), and Security Assessment Reports (SAR), resulting in improved compliance with established security standards.

• Participated in the development and revision of security-related policies and procedures, conducting FISMA evaluations annually on accredited systems and completing/updating Plan of Action and Milestones (POA&Ms) as appropriate, resulting in improved compliance with established security standards.

• Ensure customer systems obtain and maintain their Authority to Operate (ATO) with a security posture in accordance with NIST SP 800-53A Rev4 guidance.

• Managed security program scope, schedule, and risks as it pertains to NIST SP 800-53, ensuring that all program objectives were met within established timelines and budgetary constraints.

• Managed temporary ATO's due to unforeseen contingencies realized during assessments leading to the creation of open POA&M's to track and remediate critical and high vulnerabilities before a 3-year ATO can be granted.

• Evaluates security solutions to ensure they meet security requirements for processing classified information.

• Ensures all C&A and system security documentation (Security Plan, Privacy overlay applied, validate new controls, FIPS- 199, assess non-complaint controls etc.) are kept up to date or created when needed.

• Assist with the Configuration Management (CM) for information system security software, hardware, and firmware.

• Conduct the IT risk assessment and document the control, conduct meetings with the IT client team to gather evidence, develop test plans, test procedures and document test results and exceptions.

• Participate in the system authorization process by working with key stakeholders to create a complete and accurate Risk Management Framework (RMF) package.

• Implement a strategy for continuous monitoring for assigned systems including Establishing system audit trails and ensuring their review, reporting all identified security findings, and initiating the periodic review of security controls.

• Provides support to the Information System Security Manager (ISSM) for maintaining the appropriate operational IA posture for a system, program, or enclave.

• Provides support to senior ISSOs for implementing, and enforcing information systems security policies, standards, and methodologies.

Information Security Analyst II – Manav Consulting Group, LLC – Dumfries, VA 06/2018 to 02/2020

• Performed gap analyses to validate established security requirements and to recommend additional security requirements and safeguards.

• Reviewed FIPS 199 categorizations, E- Authentication risk Assessment, System Security Plan (SSP), privacy threshold analysis (PTA), Privacy Impact Assessment (PIA), POA&M and Contingency Plan for completeness and compliance with NIST guidance.

• Helped guide System Owners and ISSOs through the Authorization and Accreditation (A&A) Process, ensuring that Operational, management and technical control securing sensitive Security Systems are in place and being followed according to the Federal Guideline (NIST SP800-53).

• Implemented and supported standard procedures for incident response.

• Developed System to assist the client to secure the categorizing and selection of controls using NIST SP 800 60, 800 53 and FIPS 199 as well as FIPS 200.

• Developed and implemented information assurance/security standards and procedures.

• Coordinate incident response actions with the Security Operations Center (SOC) to investigate findings and communicate remediation strategies.

• Supported customers at the highest levels in the development and implementation of doctrine and policies.

• Developed appropriate documentation and reports necessary to validate systems that need security and privacy requirements in accordance with the Risk Management Framework (RMF) authorization process.

• Report, analyze, coordinate, and respond to any event or cyber incident for the purpose of mitigating any adverse operational or technical impact.

• Extracted meaningful information from technical reports and convert to documentation or summary reports that clearly conveys issues/status to leadership.

• Conduct risk assessment to ensure system configurations are compliant with security baselines. Cybersecurity Analyst – Renowned Systems LLC – Stafford, VA 01/2017 to 06/2018

• Review and conduct NIST-based Self assessments, identifying any weaknesses which needs to be addressed, and developing a POA&M for each of those weaknesses based on industry best practices to ensure that they are remediated and closed.

• Worked with the cybersecurity team to develop and implement a detailed test plan and review findings from self- assessments to determine readiness for independent assessment.

• Assigned vulnerability tickets by severity, prioritized work accordingly, and collaborated with other staff and vendor support resources to resolve issues.

• Conduct assessments of information systems security requirements to evaluate current security posture.

• Support and document security controls tests, assist in the remediation and ensure that POA&Ms are being appropriately managed.

• Worked with leadership to determine best methods for improving recurring problem areas, existing processes, and procedures.

• Performed independent verification and validation (IV&V) of company system and provided an authorization recommendation based on determination of risk.

• Reviewed violations of computer security procedures and developed mitigation plans.

• Researched and developed new computer forensic tools.

• Conducted security audits to identify vulnerabilities.

• Performed risk analyses to identify appropriate security countermeasures.

• Developed plans to safeguard computer files against modification, destruction, or disclosure.

• Encrypted data and erected firewalls to protect confidential information.

• Maintained an inventory and database of IT related assets, including hardware, software, peripherals.

• Gather, analyze, and evaluate information relating to improving organizational policies and procedures.

Contact this candidate