PROFESSIONAL SUMMARY

Summary

A highly motivated and result oriented IT security specialist with a wide range of experience and profound knowledge in IT control frameworks and standards. A professional dedicated to work, with the ability to tackle assigned tasks through continuous learning and the employment of new ideas for enhanced performance coupled with project management experience leading high performing teams with significant impact to successful conclusion on time and within budget while meeting organizational objectives. Knowledge of Risk Management Framework, System Development Life Cycle (SDLC), FISMA Requirements, Security Control Assessment, Vulnerability Management and Cloud and Mobile Computing. Familiar with ISO27001 standard. Possesses excellent communication skills and possess proven leadership skills with extensive experience briefing senior leadership.

Functional areas of expertise include:

Security Assessment and Authorization, Risk Assessment, Nessus Vulnerability Scanner – review and documentations, Penetration Testing, Risk Management Framework, Knowledge of Virtualization (VMware), Security Training & Awareness, Incidence Response, Microsoft Word, Excel and PowerPoint

TRAINING/CERTIFICATION

CompTIA Security+

EDUCATION

B.S. Business Administration, University of Benin, Nigeria

M.B.A. Marketing, Southeastern University, Washington DC

PROFESSIONAL EXPERIENCE

Brightway Professional & Associate Inc., Maryland, USA February 2019 – Present

Information Security Analyst

In-depth knowledge of FIPS 199 (Categorization of Information & Information Systems), FIPS 200 (Minimum Security Requirements for Federal Information & Information Systems), NIST SP 800-53 (Security & Privacy Controls), NIST SP 800-53A, NIST SP 800-30 (Risk management guide) and NIST SP 800-37 (Guide for applying the RMF)

Performed continuous monitoring activities by evaluating and reporting the status of information system security and directs corrective actions to eliminate or reduce identified risks.

Conduct security assessment walk throughs, interviews, document reviews and examinations to determine the security posture of the information system and populate the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A.

Conduct kick-off meeting with the stakeholders.

Supported the Information Assurance (IA) team to conduct risk assessments, documentation for Security Control Assessment, vulnerability testing and scanning using tools such as Nessus.

Prepared/Reviewed and submit Security Assessment Plan (SAP) to Chief Information Security Officer (CISO) for approval.

Prepares and updates Security Assessment Report (SAR)

Collaborate with ISSO’s in remediating audit findings, security planning and reporting, and ensure mitigation of security vulnerabilities are completed in a timely manner.

Initiate compliance and vulnerability scan requests to identify and report weaknesses and potential security breaches.

Developed for ensuring that Security Authorization packages such as System Security Plan (SSP), Plan of Action and Milestones (POA&M) – (for identified vulnerabilities and performed compliance monitoring).

Participated in the system categorization using NIST 800-60 and FIPS 199

Develop/update and review Plan of Action and Milestone (POA&M) Reports

Experience with supporting systems ATO processes and creating artifacts, control implementation details and POAMS.

Experience with managing system records in EMASS, EXACTA and CSAM.

Experience with (GRC) Governance Risk Management security documentation tool, Risk Management Framework (RMF), and security compliance.

A proven project and team player with aptitude for good customer service

Excellent communication skills

Brightway Professional & Associate Inc, Maryland, USA October 2017 – February 2019

Security Control Assessor

Participated in Kick Off, entrance and exit meetings among IT team and system owners respectively in a diligent manner to gather needed information/evidence and address issues identified.

Liaised with application owners to perform walkthroughs and testing of IT general controls, automated and IT dependent manual controls for applications supporting financially significant systems and processes.

Prepared all information requested on their client request list as it relates to my area of work and provide any needed support.

Scheduled interview and walkthrough meetings with business and application owners.

Coordinated with system administrators such as application developer, Network and DBA administrators to gather evidence.

Assessed Controls (based on SP 800-53A) and documented assessment results in SAR.

Updated Plan of Action & Milestones (POA&M) and Risk Assessment based on findings assessed through monthly updates.

Assessed vulnerability scans performed on network, web applications and databases to identify security threats and vulnerabilities.

Utilized the assessment reports to record, manage, and assess common threats and vulnerabilities

REFERENCES

Mr. Bayo Akintimehin

301-***-****

Mr. Deji Adedoyin

202-***-****

Mr. Ade Adewole

301-***-****

Contact this candidate