Information Systems Security Officer
Resume:
AHMED MUNU
Upper Marlboro, MD 301-***-**** ad3xix@r.postjobfree.com linkedin.com/in/ahmed-munu-ph-d INFORMATION SYSTEMS SECURITY OFFICER
Results-driven information systems security expert with record of success strengthening data integrity in integrated communications environments through continuous systems analysis and monitoring. Highly analytical problem solver, able to develop system requirement specifications based on user needs and high-level system architecture. Trusted liaison between system owners and development teams, driving accreditation of information systems and authority to operate approval. Strong cross-functional collaborator and communicator, leveraging background teaching higher education courses and mentoring graduate students to break down complex concepts into action-oriented roadmaps for audiences at all organizational levels. Security Documentation Development IT System FISMA Compliance Security Policy Security Configuration Management Requirements Analysis Risk Assessment & Mitigation Encryption Techniques Information Assurance Data Center Management Compliance Standards (RMF, NIST, FISMA, DISA STIGS) Security Hardening / Scripting PROFESSIONAL EXPERIENCE
LEIDOS INNOVATIONS, Baltimore, MD
Information Systems Security Officer, 09/2019 – 12/2023 Key Projects
Inherited Leidos Data Center, supporting 30+ applications and identifying medium, high, and critical vulnerabilities via Tenable Nessus Scan. Restructured 4-person team to drive efficient monitoring and vulnerability management.
− Reduced reported vulnerabilities by 85% from 25% within 3 months.
Earned ATO renewal after assuming responsibility of crucial data center. Developed relevant security documents and risk and security control assessments in partnership with infrastructure and application teams. Additional Responsibilities
Achieved system owner’s compliance with CMS system security documentation requirements.
Implemented systems assessment and accreditation to ensure ATO and CMS/HHS-level policy compliance.
Coordinated Leidos Data Center system infrastructure audits performed for internal/external audit contractors. Evaluated security/privacy control implementation for compliance, to determine risk rating, and prepare related documentation.
− Conducted walkthrough interviews and maintained communication with contractors and Leidos SME and stakeholders.
− Requested, obtained, reviewed, and analyzed artifacts to support IT controls testing and implement assessment and accreditation of system to achieve ATO and CMS/HHS level policy compliance.
Developed security documentation—including system security plans based on NIST SP800-53 r5, privacy impact assessment (PIA), and information system risk assessment (ISRA)—in collaboration with infrastructure teams.
Performed FISMA annual self-assessment and evaluated system controls to confirm policy and industry compliance.
Tracked and mitigated audit findings and plans of action and milestones (POA&Ms) from system audits and continuous monitoring.
LEIDOS INNOVATIONS, Allington, VA
Information Systems Security Officer, 06/2016 – 09/2019 Key Projects
Took over GSA Cloud Acquisition (CATS) environment with moderate- to low-level applications reporting thousands of vulnerabilities at all levels. Implemented vulnerability management program with tracking and remediation actions.
Decreased reported vulnerabilities by 85%. Ensured ATO achievement and FISMA compliance of key security documents. Collaborated with applications team to develop necessary security documents and earn approval from authorizing office. Additional Responsibilities
Ensured system application owner’s compliance with GSA requirements for system security documentation.
Analyzed security control implementation adequacy to determine risk ratings and develop/test contingency plans.
Designed security system plan in partnership with application team, focusing on NIST SP800-53 r4 compliance.
Facilitated FISMA annual self-assessment and reviewed system controls.
Drove implementation of system assessment and accreditation, achieving ATO- and DoD-level policy compliance.
Met biweekly with application team to review vulnerability mitigation status. Generated biweekly reports for GSA senior management to enable effective decision making regarding risk identification and management. AHMED MUNU Page 2-301-***-**** ad3xix@r.postjobfree.com LOCKHEED MARTIN, Allington, VA
Information Systems Security Officer, IS&GS, 05/2014 – 06/2016
Supported systems alignment with Federal Information Processing Standard (FIPS) 199 categorization.
Reviewed available information on threat sources, threat events, vulnerabilities, and predisposing conditions. Partnered with business owner to identify potential impacts of organizational breaches.
Aligned system certifications with GSA IT security policies and security assessment and authorization requirements.
Reviewed and provided comments on completeness on contingency Plan annual plan tests.
Updated and submitted status to GSA management quarterly, including corrective actions and POA&Ms.
Oversaw annual Federal Information Security Management Act (FISMA) self-assessment.
Coordinated and tracked mitigation findings resulting in GSA applications audits and FAS vulnerability scanning of IT systems.
Orchestrated system security plan, reviewed contingency, and configuration plans, and directed applications team to implement security requirements in FAS SDLC.
LOCKHEED MARTIN, Gaithersburg, MD
Staff Information Assurance Engineer, ITSS, 09/2012 – 05/2014
Directed Lockheed Martin Enterprise Operations Center, monitoring government agency virtual machines and generating real-time performance reports of government networks.
Conducted comprehensive system security analyses to support decision-making and risk management and update related documentation accordingly.
Influenced leadership’s cost-effective risk management decisions for applications supporting business functions.
Integrated agency’s information systems by recommending cost-effective IT security policies and procedures, which reduced risk to acceptable levels.
Created SOPs and playbooks for security guidance to support Leidos incident response and stakeholder training policies.
Coached and managed three junior and senior technicians to strengthen individual and team performance. UNIVERSITY OF MARYLAND UNIVERSITY, COLLEGE PARK, College Park, MD Adjunct Professor, Networking & Telecommunications Services, 05/2010 – 10/2012
Taught 2 undergraduate and graduate courses each semester in telecommunications and networking and information system management.
Reviewed at least 3 graduate students thesis submissions per year, providing feedback and assessing progress. LOCKHEED MARTIN, Greenbelt, MD
Staff Information Assurance Engineer, IS&GS, 06/2008 – 09/2012
Served as ST&E test director, earning certification/accreditation of ERA OPA GA and re-accreditation of ERA base systems.
Supervised 4 junior information assurance (IA) engineers through system certification, accreditation planning, testing, liaison activities, progress tracking, and POAM/SIG adjudication with customer.
Developed test plans and oversaw test procedure execution for C&A and FISMA compliance.
Identified, documented, tested, and validated IA controls, safeguards, and countermeasures.
Scheduled system security and FISMA scans, analyzed results, and mitigated deficiencies.
Drove environment security by evaluating security design and tests of operating systems, networks, and applications. EDUCATION & CREDENTIALS
WALDEN UNIVERSITY, Minneapolis, MN
Doctorate (PhD) of Applied Management & Decision Science, Information Systems Management UNIVERSITY OF MARYLAND UNIVERSITY, COLLEGE PARK, College Park, MD Master of Science (MS) in Telecommunications Management UNIVERSITY OF SIERRA LEONE, Freetown, West Africa
Bachelor of Science (BS) in Physics, Minor in Mathematics AWS Certified Cloud Practitioner (certification exam currently pending) Information Systems Audit and Control Association (ISACA) CISM Bootcamp AHMED MUNU Page 2-301-***-**** ad3xix@r.postjobfree.com
Contact this candidate