Information Security Customer Service

Chibuike Ndukaku

Bloomington, IN *****

812-***-**** ********.*.*******@*****.***

Professional Summary

Highly motivated Information Security Analyst / Security Control Assessor with more than 7 years of experience performing assessments and protecting enterprise information systems. Possess expertise in customer service management, security, and data protection, team leadership, project management, strategic planning, policy and procedure reinforcement. Experienced with GRC tools and Vulnerability assessment tools. Proficient in Vulnerability Management, A&A, and System Development Life Cycle (SDLC). Detailed-oriented, with strong problem-solving and organizational skills. Excellent communication skills with the ability to build and lead high-performance teams to drive positive results.

Skills

Excellent communication, collaboration, and presentation skills. Proven detail-oriented and problem-solving abilities.

Experienced in GRC tools (CSAM, ServiceNow)

Experience with the following industry/regulatory requirements and frameworks: such as

ISO 27001 and 27002, HIPAA, NIST 800 Series, SANS 20, and FedRAMP.

Experience with Vulnerability assessment scanning tools such as Tenable Nessus, and Qualys, analyzing and validating vulnerability scan reports.

Experienced in SIEM technologies such as Splunk, IDS/IPS, Firewall Logs

Microsoft Office (Word, Excel, PowerPoint)

Knowledge of AWS cloud services

Security Technologies: Windows Operating systems, McAfee ePolicy Orchestrator, Imperva Secure Sphere

(WAF), Cisco IronPort, MS Exchange, Mail Filtering. Vulnerability Scanning/Assessments, Symantec EndPoint

Protection, Sumologic, Vectre, FireEye, Wireshark, Splunk

Incident Response Management, Security Control Evaluation

Access Control Management, Two-Factor Authentication

Security Policy Development, Threat Intelligence Analysis

Risk Assessment Expertise, Intrusion Detection Systems

Identity Management, System Security Planning, User Awareness Training

Developing Security Plans, Business Continuity Planning

Regulatory Compliance

Risk Mitigation, Resource Allocation, Disaster Recovery.

Work History

10/2022 to Current

Security Controls Assessor

Deltaah Tech Consulting – Berwyn Heights, MD

Provide assessment reports on the severity of findings/weaknesses and recommend corrective actions for mitigating vulnerabilities and exploits to the information and information system.

Develop Security Authorization Packages that are compliant with FedRAMP and perform detailed security assessments.

Perform comprehensive Security Assessments as part of the A&A process to determine if controls are being implemented correctly, operating as intended, and meeting the desired objectives.

Prepare Assessment and Authorization (A&A) packages, which include but are not limited to SSP, SAP, RTM, RA, SAR and POAM for ATO

Review the A&A Packages to ensure they remain current and security operations are following NIST 800-53 standards, FISMA, and the organization's policies and procedures.

Assist in developing and maintaining information security policies, standards, and procedures relating to Management, Operational, and Technical controls.

Review the POAM to validate the items uploaded in the POAM tracking tools to support the closed findings and coordinate promptly with stakeholders to ensure timely remediation of security weaknesses.

Provide expert analysis and advice on systems and programs related to IT security problems and provide recommendations.

Perform Assessment and Authorization on General Support Systems (GSS) and Major applications to ensure environments are operating within a strong security posture.

Perform vulnerability scans for Database, Network, and Web Applications for clients using Nessus and gather information necessary to maintain system security.

Conduct Privacy Threshold Analysis (PTA) and recommend Privacy Impact Analysis where necessary.

Provide routine support of IT security programs to ensure that security objectives of Confidentiality, Integrity, and Availability are met.

09/2017 to 09/2022

Information Systems Security Officer

Deltaah Tech Consulting – Berwyn Heights, MD

Participated in business continuity and disaster recovery preparedness activities.

Reviewed and recommended updates to information security policies, standards and guidelines

Defined security practices and standards to safeguard company assets and data.

Identified improvement areas and provide organization-wide security awareness training.

Reviewed security controls, policies and procedures and provided recommendations for the adaption of new technologies or policies.

Conducted FISMA-based security risk assessments for government contracting organizations and application systems, including interviews, tests, and inspections; produced assessment reports and recommendations; conducted out-briefings.

Performed security categorization, using FIPS 199, and reviewed Privacy Threshold Analysis (PTA), and E-Authentication with business owners and selected stakeholders.

Obtained and reviewed FedRAMP ATO packages for SaaS and PaaS applications

Conduct continuous monitoring on SaaS applications that have been procured by the agency and provide status updates to the stakeholders.

Assessments conducted following NIST 800 processes and controls.

Perform security categorization, using FIPS 199, and review Privacy Threshold Analysis (PTA), and E-Authentication with business owners and selected stakeholders.

Develop NIST Compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses.

Perform comprehensive Security Control Assessment (SCA) and prepare report on management, operational and technical security controls for audited applications and information systems.

Reviewed and Analyzed System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO).

Risk Management Framework (RMF) assessments and Continuous Monitoring: Performed RMF assessment on several different environments using both scanning tools and manual assessment.

Assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.

Conducted risk assessments regularly; ensured measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37

Conducted comprehensive reviews of Cloud Systems seeking Agency Authorization using FedRAMP standards and provide Authorization recommendation to the Authorizing Official

Documented and Reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.

Education

05/2011

Bachelor of Science (B.Sc)

Nnamdi Azikiwe University - Awka, Nigeria

Certifications

CompTIA Security +, CISM

Contact this candidate