Information Security It
Resume:
Samuel O. Ogoji CISA, CISM, CDPSE, CCNA, MCSE
ad4duf@r.postjobfree.com
IT SECURITY AND GOVERNANCE, RISK, AND COMPLIANCE SPECIALIST
Highly technical IT security engineer specializing in highly regulated environments including financial, government, and utilities. Direct experience in network engineering and administration, identity and access management, security administration, vulnerability assessments, incident response, control testing, and SOX, PCI DSS, NERC, and FISMA auditing.
CORE COMPETENCIES
CISA
CISM
CCNA
CDPSE
MCSE
IT auditing
Security auditing
Security administration
SOX testing
COBIT
COSO
PCI DSS
NERC CIP
HITRUST
NIST 800-53
Vulnerability assessment
Risk assessment
MS Windows Administration
Policy development
IT Governance
MS Active Directory
Citrix administration
Cisco IDS and IPS
Cisco ASA firewalls
Cisco VPN
Network administration
LAN/WAN
McAfee
CyberArk
ArcSight
eTrust Access Control
Tenable Nessus
Symantec
LT Auditor
PROFESSIONAL EXPERIENCE
CEDAD Inc. - Newark DE 01/2019 – 07/2023
Cyber Security Consultant
Complied with process change control requirements for any additions and/or modification to systems
Conducted Information Security based risk assessments
Deployed and maintained security system configurations according to standards and best practices
Performed Security Self-assessment using NIST 800-53 Security and Privacy controls
Managed and created rules and policies for users in Active Directory facilitating the efficiency and easy of operations
Conducted Disaster Recovery Table top tests
Configured logging, alerting, monitoring, and reporting for IAM solutions
Assess Internal and General Computer Controls in compliance with SOX regulation
Performed Vulnerability scan with Tenable Nessus tool and Penetration Assessments, Roadmap, Policy updates, Remediation and Documentation.
Assisted in investigating and escalating security alerts to the Information Security Officer
Assisted in monitoring information security systems availability and performance
Performed third party information security assessments
Monitored and analyzed regulations/standards that apply to the company
Developed and maintained the company compliance roadmap
USTech (DTE ENERGY) – Detroit, MI 06/2016 – 12/2018
Senior Security Engineer NERC Compliance Organization
Responsibilities:
Responsible for verifying and validating evidence of compliance with NERC CIP requirements particularly in the Patch and Vulnerability Management.
Recognized, identified and escalated compliance or process related risks.
Documented QA checklists for NERC CIP Requirements.
Performed security audits, risk assessments, and provided strategic direction for network infrastructure and global datacenters.
Monitored and evaluated a system’s compliance with NERC CIP security requirements
Verified change management process in the Patch and vulnerability Management
Refined and enhanced Third-Party Risk Management offering (defined risk appetite, risk segmentation, accountability alignment and risk management life cycle) and aligned to regulator guidelines.
Maintained user and system accounts, and groups within Active Directory.
Applied and evaluated security enhancements on IAM SSO systems
Active Directory, Implementation for ADFS, Wins, DNS, connection signal signs Office 365.
Responsible for proactive and reactive communication with all regulated business and technical subject matter experts to support weekly compliance metrics.
Provided guidance and consultation to the Executive Team, Audit and Governance Teams, Information Security Services to successfully remediate any deficiencies along with General IT process improvement.
Used and implemented RSA Multi Factor Authentication as part of the access control
Participated in disaster recovery and incident response management documentation.
Assisted subject matter experts and requirement owners with interpreting requirements, determining DTE’s compliance to the requirement, evaluating evidence, and building controls, policies, and procedures to ensure compliance
Performed Vulnerability Scan using Tenable Nessus Security Center
Documented the established compliance sustainment process and recommended improvements.
Developed process control flow diagrams to identify security control points.
Participated in the evaluation of enterprise and department-level software including CyberArk, Tripwire, and CATSWeb.
Net2Source (NAVIENT )– Fishers, IN 08/2015 – 12/2015
Information Security Technical Architect
Responsibilities:
Identified existing IT security gaps as a driver to the development of an enterprise information security policy.
Used and implemented RSA Multi Factor Authentication as part of the access control
Managed a global team that provided strategic consulting and best practice implementation of all aspects of IT operations, more specifically in the areas of Project Portfolio Management, Risk Management, Change Management, Governance and Audit.
Performed FISMA boundary modifications by assessing functional components and adding them to or removing them from an existing boundary.
Researched and document application owners and associated accounts to support identity and access management (IAM).
Responded to FFIEC audit requests and findings by supporting the centralization of IAM and associated reporting.
NexTech (FIRST TENNESSEE BANK) – Memphis, TN 01/2015 – 06/2015
Information Security Risk Analyst
Responsibilities:
Participated in updating control requirements to support PCI DSS 3.0.
Performed risk assessments on third-party -Vendor’s applications and key processes to identify potential vulnerabilities and assess policy adherence.
Monitored Security events in Oracle and Sql database and applications (SIEM)
Used and implemented RSA Multi Factor Authentication as part of the access control
Performed audits to support SOX, SOC, SSAE16, PCI, and GLBA.
Identified opportunities for process improvements to deliver efficiency within the established assessment framework.
NatSoft (JPMORGAN CHASE) – Columbus, OH
08/2014 – 10/2014
Information Security Risk Analyst
Responsibilities:
Contracted to establish and manage a process to remove a backlog associated with privileged access defects and improve operational efficiency.
Functioned as the liaison between business teams and the centralized identity and access management (IAM) team to increase compliance and understanding of existing information technology policies and standards.
Troubleshoot, verified and reconciled accounts that were not working properly in the CyberArk.
Maintained privileged accounts within CyberArk vaults.
Verified and reconciled failed accounts within the QA and production CyberArk environments.
Performed daily risk management functions in the IAM space to support PCI DSS requirements.
Iconma (MASTERCARD) – O’Fallon, MO
08/2013 – 01/2014
Senior Security Analyst
Responsibilities:
Managed identity and access management (IAM) roles and entitlements for both internal users and existing customers.
Reviewed business and functional requirements to analyze and define access needs, maintaining least privilege across the environment.
Monitored and checked to ensure that the role get the correct entitlements in a role based access control in compliance with PCI DSS
Assessed the impact of proposed security and access control modifications to insure the availability of both internal and customer-facing systems.
Interacted with internal and external users to respond to inquiries regarding roles, entitlements, and related security matters.
Coordinated identity management and access implementations across multiple environments.
Provided back-up support to the security help desk.
USmax (DHS-CBP ) – Springfield, VA 11/2012 – 04/2013
Security Analyst
Responsibilities:
Conducted research and threat analysis on current vulnerabilities and exploits in SOC environment.
Conducted operating system, application, and database vulnerability assessments using Tenable Nessus scanning tools.
Analyzed vulnerability assessments and calculated and assessed risk and potential impact to the organization based on threats, vulnerabilities, and mitigating factors.
Briefed management on current vulnerabilities and provided recommendations of countermeasures.
Authored information security notification based on vulnerabilities applicable to the environment; tracked compliance to notifications requiring corrective action.
Assisted information system security officers and system administrators in the validation and remediation of identified vulnerabilities.
WidePoint Solutions (FMCSA-DOT) – Washington, DC 10/2009 – 06/2012
Security Engineer
Responsibilities:
Performed system security administration on designated technology platforms including operating systems, applications, and network devices.
Performed identity and access management (IAM) functions for designated systems and applications.
Performed risk assessments to determine security requirements.
Conducted system vulnerability scans utilizing eEye Retina tools and published weekly vulnerability reports.
Developed and implemented plans and solutions to remediate or mitigate identified vulnerabilities.
Updated security policy as new Applications were added to the systems.
Conduct system vulnerability scan of the Blackberry mobile phone using Retina Tools
Participated in disaster recovery and incident response management
Assessed system technical controls as defined by NIST 800-53.
Conducted baseline security scans utilizing the Center for Information Security Configuration Assessment Tool (CIS-CAT).
Implemented Single Sign On Access Control into the System
Performed security self-assessment, contingency plan, security test and evaluations, and business impact assessments.
Applied, and Updated Symantec SEP Antivirus/ Encryption solutions for Endpoint Security
Participated in the Patch Vulnerability Group meetings to discuss Microsoft Patch Tuesday before deployment into production.
Documented the results of assessments and testing in support of System Certification and Accreditation requirements.
Developed Plan of Action and Milestone (POAM) documentation to support requirements.
Monitored security controls to ensure that security designs were correctly implemented and functioning effectively.
TCS (CITIGROUP) – Cincinnati, OH 08/2007 – 06/2009
Lead Information Security Analyst/SOX Compliance Advisor
Responsibilities:
Performed incident identification and management as a member of the Security Event Monitoring Team.
Documented procedures and both internal and industry best practices to develop and update process control manuals.
Monitored security events in SQL Server, Oracle databases, and Teradata, utilizing LT Auditor and BoKS and eTrust tools. (SIEM)
Monitored system and network security events utilizing ArcSight and eTrust Access Controls.
Monitored systems and conducted reviews of logs, reports, system settings, and user permissions.
Analyzing and correlating incident event data to develop preliminary root cause and corresponding remediation strategy
Worked with other contract teams to effectively respond to cyber incidents
Following established incident response procedures to ensure proper escalation, analysis and resolution of security incidents
Configured and monitored Cisco ASA firewalls.
Proactively disclosed and remedied potential breaches and risks to systems and data.
Followed-up on security events and escalations to ensure a prompt resolution.
Performed risk assessment surveys to identify security requirements.
Participated in the review of internal controls to support PCI DSS requirements.
AMERIKONSULT, INC (Consulting) – Columbus, OH 01/2004 – 08/2007
Senior IT Auditor
Responsibilities:
Participated in the audit planning process and the development of internal audit procedures and guidelines.
Assessed clients’ IT risks using key controls and objectives to determine the scope of testing.
Collaborated with external audit firms in monitoring and conducting audits.
Performed reviews of internal controls to support SOX, NERC, and PCI compliance; utilized COBIT and COSO frameworks.
Prepared detailed audit reports and made meaningful recommendations to all levels of management.
Analyzed security controls in the Windows environment to test and verify compliance.
Conducted vulnerability assessments and system incident and event management activities.
NATIONWIDE INSURANCE SERVICES – Columbus, OH 07/1997 – 01/2004
Helpdesk Coordinator/Technology Analyst/ Network Systems Support Analyst
Responsibilities:
Maintained user and system accounts, and groups within Active Directory.
Responsible for troubleshooting and fault finding computers and network connectivity problems to resolution.
Maintained and corrected problems related to server and workstation agents and the Wintel environment.
Participated in Disaster Recovery Table top tests
Performed system administration for the Windows and Citrix environments.
Applied, and Updated McAfee Antivirus/ Encryption solutions for Endpoint Security
Engineered and configured WAN connections utilizing T1, ISDN, ATM, Frame Relay, QOS, and CSU/DSU.
Installed and managed a Cisco VPN Concentrator and associated VPN tunnels and accounts.
Configured and monitored Cisco IDS and IPS.
Monitored communication lines, network devices, and servers utilizing HP OpenView and IBM Netview.
Participated in disaster recovery, and Incident Response tests and operations.
EDUCATION
BS, Aerospace Technology – Kent State University, Kent, OH
Certificate in Networking and Distributed Systems – Columbus State Community College, Columbus, OH
Certificate in Interconnecting Cisco Networking Devices – Global Knowledge, Worthington, OH
CERTIFICATIONS
Certified Information Systems Auditor – CISA, ISACA
Certified Information Security Manager – CISM, ISACA
Certified Data Privacy Solutions Engineer – CDPSE, ISACA
Cisco Certified Network Associate – CCNA, CISCO
Microsoft Certified Systems Engineer – MCSE 2000, Microsoft
Microsoft Certified Professional + Internet – MCP+I, Microsoft
CISSP-in-Progress
TECHNICAL SKILLS
Hardware:
Servers, PCs, peripherals; Cisco ASA, Cisco VPN Concentrator, CyberArk Vaults, Cisco ASA.
OS and Software:
MS Windows Server NT 4.0, 2000, 2003; UNIX, Linux, Cisco IOS, AS/400, MS Exchange, Citrix, CyberArk, ArcSight, LT Auditor, eTrust Access Controls, BoKS, Help, Tivoli, Peregrine, Remedy, GSM, JIRA.
Languages and Protocols:
Visual Basic, C++, Java, TCP/IP, NetBEUI, DHCP, WINS, DNS, SMTP, HTML, FTP, Telnet, Frame Relay, VPN, Active Directory.
ASSOCIATIONS
Member, Information Systems Security Association (ISSA)
Member, Information Systems Audit and Control Association (ISACA)
Contact this candidate