Security Officer System
Resume:
IGNATIUS NWAIWU, CISSP
Lanham Maryland 20706
Home: 301-***-****
Cell: 301-***-****
ad2j48@r.postjobfree.com
TECHNICAL SKILLS SUMMARY:
NIST Special Publications and Guides, OMB circulars, FISMA Act 2002, and FIPS 199
Security Assessment & Authorization (SA&A) (NIST 800-37 RMF)
FISMA Complaint Tools: XACTA AE,360 & Continuum (DHS IACS), Archer GRC, TAF, CSAM &ASSERT
Vulnerability Scanning Assessment & Analyses
FedRAMP Cloud system management
CA PAM
IT Risk Assessment, Incident Management, Continuous System Monitoring
Vulnerability Assessment Tools -. Tenable Nessus, Nessus Security Eeye Retina, MBSA, Web Inspect, DB Protect, HP Fortify, Qualys, NMAP, Carbon Black, MCAfee AV ePO.
EMPLOYMENT EXPERIENCE:
Silosmashers, INC. - Information System Security Officer, Wash. DC, -May. 2020 to Present (Secret/Interim Top Secret) (Department of Homeland Security (DHS))
Ensure compliance with data and application security policies and relevant legal and regulatory requirements and applicable Risk Management Framework (RMF) requirements.
Ensure appropriate changes and improvement actions are implemented as required. Maintain current knowledge of authenticator management for unclassified systems.
Ensure compliance with protection requirements, control procedures, incident management reporting, remote access requirements, and system management for all systems under the scope.
Conduct vulnerability scans and analyze scans for high-risk areas and works with appropriate operations and engineering teams for mitigation.
Create, monitor, and coordinate remediation efforts to close POA&MS for information system risks.
Create, maintain, and update system security policies, standards, and procedures.
Work closely with the operations and engineering teams to ensure that systems are developed and maintained in accordance with FISMA, NIST, and agency-specific security requirements.
Maintain security documentation including but not limited to Requirements Traceability Matrix, System Security Plans, Contingency Plans, Incident Response Plan, Configuration Management Plans, E-Authentication Workbook, and FIPS 199.
Conduct self-assessments of NIST 800-53 controls and agency-specific security controls using NIST 800-53A.
Coordinate and participate in Incident Response activities in response to a security event.
Conduct contingency planning and testing with system stakeholders and personnel.
Create and maintain ATO packages for client systems.
TISTA SCIENCE& TECHNOLOGY, INC. - Information System Security Officer, Wash. DC, -April. 2019 to February 2020 (Public Trust) (Supporting Library of Congress (LOC))
Manage Authorization Packages of assigned Information Systems
Review vulnerability scans and provide mitigation techniques
Create, review and update Plans of Action and Milestones (POA&Ms)
Conduct annual security control assessments
Ensure the updates and the implementation of the security policies and procedures.
Work closely with third-party vendor to ensure appropriate security support is provided for hosted application
Conduct research and providing review recommendations on software and technologies to address vulnerabilities
Splunk & Qualys Audit logs reviews
Conduct security assessment interviews, tests and evaluation to determine the Security posture of the System and to develop a Security Assessment Report (SAR) using NIST SP 800-53A required to maintain Authorization to Operate (ATO), Risk Assessment, System Security Plans, and System Categorization
ADMINISTRATION OF CHILDREN AND FAMILIES- Federal Cyber Security Manager, Washington DC-June 2018 to Jan.2019 (Public Trust) (Supported ACF)
Develop procedures, awareness programs and supporting templates for ACF SA&A.
Supported the CIO in making Authorization decisions with documented system compliances.
Oversight of quality assurance (QA) and its on-going maintenance of quality assurance program
Ensure a weekly security status meeting by the contract support staff of the DFS.
Ensure a weekly Validation and Testing of Data status meeting by the contract support staff of the IV&V Team
Attend all Lines of Business (LOB) meetings including Advisory and PMOs
Track & monitor tasks assigned to staff to ensure they are on schedule.
Provide Oversight to Support Personnel who perform DFS cyber security assessment of Risk Management Framework, Security Testing, IV &V testing & Continuums Monitoring program.
SCIENTIFIC APPLICATION INTERNATIONAL CORPORATION- Information Security Project Manager, Mclean VA Oct. 2017 to Mar. 2018 (Public Trust) (PBGC)
Review all work from quality assurance perspective.
Ensure non-Occurrence of service deficiencies
Develop and maintain security artifacts including SSP, FIPS 199, PTA/PIA and ISCM Plan
Track & monitor tasks assigned to staff to ensure they are on schedule.
Provide Oversight of Personnel who perform cyber security technical assessment of Risk Management Framework, Security Testing, & Continuums Monitoring program.
Develop, Coordinate, Support & Implement IT Security Training
Plan, Schedule, Coordinate, Prepare, Execute, and/or document the results of test plans and scripts for IT Security User Acceptance Testing (UAT) for development,
Review work instructions and operational procedures for compliance with security requirements and policy
Prepare, Review, Update and Maintain SSP and associated documents, Implement and Support Continuous Monitoring
STRATEGIC ENTERPRISE SOLUTIONS. - Information System Security Officer, Wash. DC, -Oct. 2016 to Oct. 2017 (Public Trust) (Supported DHS/ICE)
Maintain an asset inventory of hardware and software within the program/development offices or field site facility.
Participate in DevOps Sec (security integrated into Agile processes) requirements for assigned systems.
Monitor and respond to Information Security Vulnerability Management (ISVM) Patch Management
Conduct an annual assessment in accordance with guidance in the DHS Information Security Performance Plan
Ensure that requests for Security Assessment & Authorization (SA&A), or Certification and Accreditation(C&A) of assigned major application or general support system is completed in accordance with the DHS 4300A Handbook Policy and procedure.
Maintain and update Authorization Packages security documentation including Privacy Impact Analysis, Privacy Threshold Analysis, System Security Plan and System Assessment Report using RSA Archer
Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit)
Support the creation, monitoring, and updating the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates
Ensure the implementation of cloud Security & maintenance of the security controls to the assigned DHS system in AWS (FedRAMP).
CGH TECHNOLOGIES- Information Security Analyst, Wash. DC, SW-May 2014 to Sept 2016 (Public Trust) (Supported OPM)
Develop & assemble Security Assessment and Authorization (SA&A) HCDW system using NIST 800-special publications.
Participating in DevOps Sec (security integrated into Agile processes) requirements for assigned systems.
Vulnerability Scanning & Analysis of OPM USAjobs Servers for open weaknesses.
Site / Physical facility assessment and survey
Review and validation of systems security assessment & authorization (SA&A) artifacts using FISMA compliant Trusted Agent
Develop a Continuous Monitoring Plan for information systems, IT security controls for systems at the program or system level.
Ensure systems compliance of periodic Continuous monitoring process, Contingency Plan & test of artifacts using Trusted Agent a FISMA compliant tool.
Review and analyze POA&M items for closures with Weaknesses Completion Plans (WCP) and make recommendations for corrective actions.
SCIENTIFIC RESEARCH ANDAPPLICATION INTERNATIONAL, INC.- Information Assurance Analyst, Fair Oak, Virginia-Jan,2010 to April,2014 (Public Trust) (Supported OPM)
Develop & assemble Security Assessment and Authorization (SA&A) artifacts using NIST 800-special publications (NIST 800- 53 Rev 4, 800-53 A rev 1, 800-37 rev 1, FIPS-199)
Review risk assessment reports for consistency following NIST 800-30 and agency’s Information Security Policy
Create Review and Update Information security policies and procedures for Agency system compliance use.
Conduct Security Assessments (Security Testing and Evaluations) in support of security authorizations (accreditation), documenting and presenting test results and mitigation strategies.
Review and analyze POA&M items for closures with Weaknesses Completion Plans (WCP) and make recommendations for corrective actions.
Review & analyze Notice of Findings & Recommendations (NFRs) from FISMA Audit and provide recommendations for corrective actions.
Perform vulnerability scans, analyze scan reports and make recommendations for corrective actions.
TECHGUARD SECURITY, INC. - Information Security Engineer, Baltimore, MD – Aug. 2004 to Dec 2009 (Public Trust) (Supported PBGC)
Perform systems certifications and accreditations in accordance with FISMA regulations and OMB requirements.
Develop security documentation to ensure the Confidentiality, Integrity & Availability of the assigned systems.
Tasked with the responsibility of researching, developing and maintaining the agency’s policies, procedures, and guidelines (Information Assurance handbook (IAH)
Develop and maintain security artifacts including SSP, FIPS 199, PTA/PIA and ISCM Plan
Perform security tests and evaluations (ST&Es)
Conducts risk assessments and implements solutions to reduce vulnerabilities.
Monitor system operations for compliance with security policy and accept best security practices.
Perform Vulnerability scan and analysis of PBGC systems.
Create Systems Plan of Action &Milestone (POA&M)
Supervision of employees and taking lead in the general tasking activities supporting the clients
GNS, INC. - Senior Network Engineer, Rockville, MD – Sept 2003 to Sept. 2004
Responsible for the review of the operational procedures for the Department of Commerce’s Lotus Notes/Domino mail
Reviewed and analyzed the implementation of Lotus notes/Domino server security features.
Tasked with reporting and making recommendations on the proper use of securing Lotus Notes
Provided network end user support for department staff, which involved configuring individual workstations.
CES CORPORATION - Local Area Network Administrator, Silver Spring, MD –Mar. 2001 to Sept. 2004
Installed and configured MS client mail (MS Outlook 2000), Win 95, 98 NT 4.0 and 2000 Pro Access 97 Database and Netscape Communicator as Linux mail.
Tasked with system backup using ARC serve, Backup exec software and Veritas Auto loader
Supported at least 200 users running Windows 95/98/NT/2000/XP professional workstations in Netware /Linux mixed environment of African Development Foundation
Tasked with configuring, monitoring and administering the firewall servers.
Installed and configured Gauntlet firewall and network scanning security software
Managed, monitored, and maintained Novell Netware, Linux Squirrel web mail, Network Printers, Win NT firewall & DHCP Servers and MS Active Directory
OAO CORPORATION - Local Area Network Administrator, Greenbelt, MD –May 1999 to Mar. 2001
Supported at least 300 users and nodes in Win 95/98, NT, 2000 professional and Macintosh workstations in Win NT LAN environment in DC Office of Planning
Installed and configured Win 95, 98 NT 4.0 and 2000 Professional workstations
Monitored and maintained MS Exchange 5.5, primary domain controller, backup domain controller and IQ tracking mail servers & Agency Web mail system
Installed and configured Win NT servers (PDC & BDC)
Created individual and group mailboxes in the MS Exchange server 5.5
KEANE FEDERAL SYSTEM, INC – Network Administrator, Rockville, MD –Sept. 1997 to April 1999
Installed, configured and deployed more than 1,300 Windows 95/98 systems, Microsoft NT workstations, printers, scanners, and other network peripherals.
Upgraded, tested and maintained more than 300 client workstations, and supported over 1, 500 LAN/WAN users in the Netware environment.
Installed, configured, and maintained Lotus Notes and cc: Mail.
Proficient with remote management using Zen works.
Backed up network resources using Arc serve.
EDUCATION:
Masters Business Administration – Marketing, University of the District of Columbia
Bachelor of Science - Business Administration, Johnson C Smith University
CERTIFICATIONS:
CISSP (Certified Information System Security Professional) (ISC)2 certified)
AWS CCP (AWS Cloud Certified Practitioner}
CNA (Certified Netware Administrator)
MCP (Microsoft Certified Professional)
CLEARANCE:
Position of Public Trust (Active)
Secret (Active)
Top Secret (Active)
PROFESSIONAL DEVELOPMNET/TRAINING:
Cloud Security Administrator-Akamai University
AWS cloud practitioner Training
Business Case Development Training
Information Security seminars and webcasts
International Information system Security Certification Consortium (ISC)2
Peer Review Training
Project management Training
MCSE Training
Productivity and Management Professional Development
LAN configuration and maintenance Training
REFERENCES AVAILABLE UPON REQUEST
Contact this candidate