Post Job Free

Resume

Sign in

Security Control Cyber

Location:
Katy, TX
Posted:
March 24, 2024

Contact this candidate

Resume:

PIUS NDEAGA

Katy, TX ***** 737-***-**** ad4jku@r.postjobfree.com

Summary

Goal-oriented IT professional with significant success in planning, analyzing and implementing of security plans and initiatives. Excel in developing comprehensive, secure network designs and systems.

Highly- qualified Cyber Security professional with over 7 years of information Security and information technology experience.

Advanced understanding of the NIST 800-53 and FedRAMP security control framework and associated control families and requirements.

Thorough understanding of NIST 800-53 Rev 4 and 5 security controls. This includes AC, IA, AU, PE, MA, SC, CM, CP, IR, SA, SI, etc control families.

Knowledge of the process to obtain a system ATO and requirements to maintain the ATO.

I am an IT professional with experience in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, as well as risk assessment.

Skills

Data Security

Telecommunications Systems

Managing Security Breaches

Regulatory Compliance

Critical Thinking Skills

Risk Assessment

Ability to adapt

strong organizational skills

Strong attention to details

Team builder and player

Good interpersonal communication skills

Initiative and Creativity

Best Practices Implementation

integrity, multi-tasking

Experience

Security Control Assessor

Annalise-Zane Global Solutions LLC, Denver, CO, 04/2021 to Current

Analyzed system architectures for vulnerabilities and weaknesses in order to develop appropriate countermeasures.

Performed security control assessments of information systems and networks to ensure compliance with relevant security policies, standards, and procedures.

Developed detailed reports outlining findings from security control assessments and provided recommendations for mitigating identified risks.

Reviewed existing security plans to identify areas needing improvement or additional controls.

Conducted periodic reviews of security controls to ensure continued effectiveness over time.

Monitored network traffic logs for suspicious activity or unauthorized access attempts.

Investigated incidents involving potential data breaches or other malicious activities.

Participated in risk assessment meetings with senior management teams.

Maintained up-to-date knowledge about current threats, vulnerabilities, and mitigation techniques.

Prepare a plan of action and milestones based on the findings and recommendations of a security assessment report excluding any remediation actions taken.

Develop/Review deliverables associated with a FedRAMP security authorization package including, but not limited to: System Security Plan, Information System Contingency Plan, Security Assessment Plan, Security Assessment Report.

Supports Security Control Assessments using NIST 800-53A Rev4 as guidance for current federal directives and policies.

Performs System Security Categorizations using FIPS 199 and the NIST 800-60 Vol.11 Rev1 guidelines and templates to select provisional impact level assigned to the Confidentiality, Integrity, and Availability (CIA) based on the information type. Develops and track Plan of Actions and Milestones (POA&Ms) to ensure remediation closure.

Maintains and manages Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, SAR, and other relevant security documentations for the system.

Performs security risk assessment and analysis of resources, controls, vulnerabilities, asset decommissioning, and information security threats to the organization's objective.

Review Nessus, ACAS, and Nexpose scan reports for deficiencies and remediation of findings.

Participates in the System Assessment and Authorization process by working with the key stakeholders to ensure complete and accurate ATO packages.

Validated system requirements, security policies and procedures, contingency plans, incident response plans, personnel access control mechanism and identification.

Use and apply knowledge of Security Assessment & Authorization (SA&A) policies, guidelines, and regulations in the assessment of IT systems and the documentation and preparation of related documents.

Work with Assessment and Authorization (A&A) team members and senior representatives to establish and define programs, resources, schedules, and risks.

Provide finding and recommendation, prepare POA&Ms, and update System Security Plan.

Recommend enterprise standards and policies to improve service and reporting across the organization analyze, troubleshoot, and investigate cyber security related issues.

INFORMATION SYSTEM SECURITY OFFICER

Taconic Innovations New York, NY, 11/2016 to 03/2021

Support Information System Owners through Security Assessment & Authorization (SA&A) process.

Operational and technical controls for securing either sensitive Security Systems or IT Systems are in place and are followed according to federal guidelines (NIST 800-53).

Develop and maintain system security documentation including System Categorization, Risk Assessment, System Security Plan, System Assessment Report, System Contingency Plan, etc

Review, approve, and provide editorial guidance on security documents.

Ensure that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.

Review, analyze and update security plans (SSP) using NIST SP 800-18 guidelines.

Review POAM and enforce timely remediation of audit issues.

Brief senior leadership on security posture, vulnerability management, metrics, compliance, vulnerability mitigation strategies, project timelines and complicated cyber security matters.

Reviewed existing security plans to identify areas needing improvement or additional controls.

Use and apply knowledge of Security Assessment & Authorization (SA&A) policies, guidelines, and regulations in the assessment of IT systems and the documentation and preparation of related documents.

Work with Assessment and Authorization (A&A) team members and senior representatives to establish and define programs, resources, schedules, and risks.

Provide finding and recommendation, prepare POA&Ms, and update System Security Plan.

Recommend enterprise standards and policies to improve service and reporting across the organization analyze, troubleshoot, and investigate cyber security related issues

Prepare Security Authorization package that includes System Security Plan (SSP), Security Assessment Plan (SAP), POA&M Report and Risk Assessment Report (RAR).

Provide support for implementing and following the Federal Information Policies and Guidelines throughout the whole Certification and Accreditation process for security client's information systems (NIST SP 800 series).

Draft contingency plan (cp), contingency plan test, risk assessment report (RAR), Privacy. Threshold Assessment (PTA), Privacy Impact Analysis (PIA), Security Assessment Report (SAR), Security Impact Analysis (SIA), and the Security Risk Traceability, Matrix (SRTM).

Create detail remediation reports and recommendations for compliance and security improvements across systems based on constantly changing threats.

Prepare risk assessment report and provide recommendations to the client.

Participate in the development and implementation process for continuous monitoring of it processes to ensure analyzed data to aid in decision-making regarding the implementation of security countermeasures or risk mitigation; assist in implementing countermeasures.

Conducts assessment of the security and privacy controls implemented by an information system to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary.

Conducted Inherent risk assessments for all assigned third-party vendors/suppliers.

Monitored and ensured third party relationship adhere to contracts, compliant with regulatory guidelines and tracked upcoming expirations.

Conducted risk and security assessments and evaluated results with system owners and custodians.

Participates as an integral part of the team, exhibiting ownership, follow-through, initiative, awareness, and effective communication with the IT team and management.

Ensures that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments.

Engages with appropriate teams to implement measures to mitigate or prevent identified privacy risks related to patients and technology.

Participated in the development and implementation process for continuous monitoring of IT processes to ensure Analyzed data to aid in decision-making regarding the implementation of security countermeasures or risk mitigation; assisted in implementing countermeasures.

Conducts assessment of the security and privacy controls implemented by an information system to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary.

Education and Training

Bachelor of Science: Bachelors Degree in Computer Science

University of Ghana

Certifications

COMPTIA SECURITY+

Languages

English:

Professional



Contact this candidate