Mubarak Ibrahim

Summary:

Strong Cybersecurity professional with vast experience in the information security industry.

Skilled in Risk Management Framework, Cloud Security-FedRAMP, FISMA/FISCAM Audits, Governance, Risk and Compliance.

Responsible for maintaining cybersecurity programs and completing tasks necessary to aid organizational executives make risk-based decisions.

Outstanding interpersonal skills and a proven track record of delivering substantial value to clients.

Continuous learner with a passion for innovation in information management.

Results driven individual pursuing excellence with a high degree of integrity.

Education:

Master’s Degree – Cyber Security Technology (University of Maryland Global Campus) 2022

Bachelor’s Degree – Economics (University of Ghana-Legon) 2006

Certifications:

CompTIA Security + CE

Certified in Governace Risk and Compliance (CGRC)

Certified Information Security Manager (CISM)

Clearance:

Top Secret Clearance (SCI) / High Risk Public Trust (BI), United States Navy Reserve

Professional Experience:

The Prospective Group Mar 2022 – Present

Security Risk Analyst

Responsibilities:

Conduct risk assessments and analysis that frame, identify, and assess risk for the organization.

Support the eCISO in performing organizational (Type 1) and mission/business process (Type 2) risk analysis as the first step in the risk management process for the enterprise.

Conduct Business Impact Analysis (BIA) and develop Risk Assessments from the BIA.

Collaborate with the risk assessment team in developing and presenting Risk Assessment Reports.

Perform analysis of mitigation measures, risks, threats, risk appetite and risk tolerance.

Create, support, and maintain management level enterprise risk reporting.

Serve as the Risk and Compliance Analysts lead for coordinating High Value Asset (HVA) Assessment activities and interacting with CISA Assessment team members, HVA system owners, SMEs and all stakeholders within the department.

Lead monthly meetings with bureaus owning and operating HVAs. Document and execute against all relevant HVA SOPs.

Review change requests (CRs) for security impacts as part of the change request workflow and provided recommendations for approval or further review by the security team.

Enter POA&Ms in Xacta and coordinate remediation efforts on OpenNet systems resulting from FISMA audits. Engage with system POCs to review and update milestones of open POA&Ms.

Monitor open POA&Ms on existing HVA systems and provide progress updates to DHS CISA per BOD 18-02 requirements.

Lead department’s annual participation of DHS BOD 18-02 data call.

Maintain Change Management Plans (CMP), Incident Response Plans (IRP) Information System Contingency Plans (ISCP), and System Security Plans (SSP).

Prepare and conduct training, exercises, and functional testing of IRP and ISCP.

Develop Disaster Recovery plans and Business Continuity Plans, manage testing exercise.

Systegra Inc. Mar 2019 – Mar 2022

Sr. Security Control Assessor

Responsibilities:

Serve as the main liaison and driving force for completing all security assessment, preliminary Risk Assessment, and ad hoc Risk Assessment efforts.

Create comprehensive security assessment plans (SAP) to include the Rules of Engagement (ROE) requirements for identified security controls following NIST 800-53A, FedRAMP guidance, and/or agency-specific guidance as well as obtain approval of the client for the assessment approach and scope.

Conduct security control assessment of low, moderate, and high impact information systems to include cloud service offerings in accordance with FedRAMP requirements.

Conduct and review vulnerability scans on OS platforms (Unix, Linux & Windows), Web Applications, DB platforms (Oracle, MS SQL) and Cloud Computing systems using vulnerability scanning tools to include Tenable Nessus, Qualys, WebInspect, and Db Protect.

Review existing security documents (e.g., System boundaries, System Security Plan (SSP), Privacy Impact Analysis (PIA), Incident Response Plan, Contingency Plan (CP), etc.) and perform quality gap analysis for improvements.

As part of the Assessment process, perform the following activities:

Security Assessment Kick-off meetings.

Assessment interviews and Artifact collections.

Create test cases to document results of assessments using NIST SP 800-53A as a guide for determining assessment methods.

Complete risk assessments based on NIST standards to ensure IA design sufficiently mitigates IA risk and prepares risk assessment reports.

Provide leadership with authorization recommendations based on findings to the client and ensure results are documented completely and accurately in the mandated Compliance Tool.

Review POA&M closure and waiver packages in accordance with POA&M Standard Operation Procedures.

Provide recommendations for refining and/or improving existing RMF processes and procedures and support implementation of these changes.

Versatech, INC Mar 2018 – Feb 2019

Cyber Security Analyst

Responsibilities:

Served as the cybersecurity Subject Matter Expect (SME) with regards to the authorization of information systems by interpreting and providing clarifying guidance on policies and its application to the agency.

Assessed proposed changes to information systems, their environment of operation, and mission needs that could affect system authorization.

Audited networks and systems for vulnerabilities using DISA SCAP/Security Technical Implementation Guides (STIGs), ACAS/Nessus vulnerability scan reports.

Identified systemic security issues based on the analysis of vulnerability, configuration data, PPSM, system architecture and provide cybersecurity remediation.

Reviewed and analyzed Assessment & Authorization (A&A) packages to include System Security Plans (SSP), Risk Assessments, Information System Contingency Plans (ISCP), Back-up Standard Operating Procedures (SOP), Incident Response Plans (IRP), Configuration Management Plans, (CMP), Hardware/Software lists, Network Diagrams, Data Flows, System Change Requests/Proposals, Nessus scan reports, test reports, and Plan of Actions & Milestones (POA&Ms) for completeness and documented effectiveness of controls, plans and procedures implementation.

Uploaded Assessment artifacts into the Enterprise Mission Assurance Support Service (eMASS) tool.

Provided Security Assessment Results to meet client requirements and led assessment briefings.

Assisted with the interpretation and analysis of Security Assessment Results upon completion of each Security Assessment and/or as requested to assist with post-assessment questions, to assess the vulnerability and risk to the system and other connected systems.

Interacted with functional systems administrators (FSAs) and database administrators (DBAs) to conduct research for the mitigation of security vulnerabilities.

Performed verification of hardening IT systems in compliance with Security Technical Implementation Guides (STIGs)

Advised the information system owner (ISO) concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system.

Manav Consulting Group, INC Jul 2014 – Feb 2018

Information Systems Security Officer (ISSO)

Responsibilities:

Performed Security Assessment and Authorization (SA&A) activities and provided guidance to System Owners and ISSOs through the SA&A process.

Developed and updated the System Security Plan (SSP) to include cloud-based controls supporting documents and appendices.

Requested memos for Authorization Activities, such as Security Categorization (FIPS199), Privacy Impact Analysis (PIA), Contingency Plan (CP), Contingency Plan Test (CPT), and Business Impact Analysis (BIA).

Conducted systems risk assessment through risk analysis, assessed assets within system boundaries, and identified all possible vulnerabilities within the system.

Liaised with the AWS platform security team to set and implement security policies, and meet quality standards for managing vulnerabilities.

Reviewed, analyzed, and evaluated the security controls used to protect the data of the organization.

Supported the ISSE in the remediation actions to correct assessment findings and the development of Plan of Action and Milestone (POA&M).

Worked with the ISSE to perform continuous monitoring on information systems in accordance with NIST 800-137 to maintain ongoing ATO and assist in the initial remediation action of failed security controls.

Ensure security baselines are maintained and validated at least annually. A report of the validation is provided to the Director, Enterprise Applications Cybersecurity for annual FISMA reporting. Ensure systems are in compliance with security configuration management policies.

Updated Security Documentations and Upload them into Cyber Security Assessment Management (CSAM) tool.

Berakah Systems Sep 2010 – Jun 2014

Information Security Analyst

Responsibilities:

Assisted the Information Assurance Director in ensuring that management, operational and technical controls for securing either sensitive Security Systems or IT Systems are in place and are followed according to federal guidelines.

Worked with project managers to ensure incorporation of security activities in all ongoing projects and to identify security impact of new releases.

Modified controls from NIST SP 800-53 Rev 3 to Rev 4 and documented them in the SSP.

Reviewed and updated Security Assessment and Authorization (A&A) documents including System Security Plan (SSP), Risk Assessment (RA), Contingency Plan (CP), Privacy Impact Analysis (PIA), and other artifacts required for the ATO package.

Coordinated the remediation actions to correct assessment findings and develop supporting plan of Plan of Action and Milestone (POA&M) reports.

Requested draft approval, Plan of Action & Milestone (POA&M) cancellation/approval from Independent verification and validation (IV&V) through CSAM

Participated in updating Systems Security Plans (SSP) based on the National Institute of Standards and Technology (NIST) SP 800-18 and the conduct of annual self-assessments.

Performed vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle (SDLC)

Supported and conducted required information system vulnerability scans and updated system POA&Ms in response to reported vulnerabilities.

Participated in weekly meetings to identify changes within the Operation and IT processes to identify areas of risk and define audit plan based on risk assessment methodology.

Additional responsibilities included assurance of vulnerability mitigation, training on A&A tools and other support to the IT Security Office.

United Nations (UNIDO) Aug 2006 – Jun 2008

Data Analyst/IT Specialist

Responsibilities:

Supported all analytical and statistical reporting requirements for program activities.

Developed, analyzed, and produced standardized statistical reports and ad hoc reports for internal and external customers.

Tracked and maintained all assigned tasks for the program.

Managed and set up computer networks (Server, Router, Printer, Phone Connectivity, and other computer devices).

Secured computer network operation through antivirus and firewall configuration access control.

Developed follow-up action plans to resolve reportable issues and communicated with the other technologists to address security threats and vulnerabilities.

Addressed and handled all internal and external communications.

Organized, arranged, and coordinated meetings among administrative staff on information security.

Participated in security team meetings and rendered other support to IT Security office, which included ensuring appropriate steps are taken to implement information security requirements for all IT systems.

Conducted on site Security Awareness training for all new employees.

Contact this candidate