Information Security Cyber
Resume:
Christian Nwuba
Cyber Security Analyst- CISM
************@*****.***
A motivated team player with proven IT management and vast leadership, demonstrates outstanding leadership with keen ability to support others, using a lead-by-example approach. Information Security & Assurance Analyst with experience in information systems security, Assessment & Authorization, and Plans of Action and Milestones (POA&M) management and risk assessments in eMASS. Well versed in FISMA/NIST SP 800-53/53A Rev 5 requirements. Knowledgeable work experience and skills centre on managing information system security risks and compliance using industry- standards and guidance Frameworks such NIST, HiTrust, GDPR, Sock2, PCI DSS HIPPA rules, ISO, FIPS, FISMA, FedRAMP etcetera.
Key COMPETENCIES AND CAREER HIGHLIGHTS
●FedRAMP, FISMA, and CMMC Compliance
●NIST Risk Management Framework (NIST SP 800-53 Compliance)
●Security Assessment & Authorization (ATO Process)
●Project Management (PMP, Agile, Scrum)
●RMF Artifacts Development (SSP, POAM, etc.)
●Cloud Security (AWS, Azure, GCP)
●Cybersecurity Best Practices (Identity, VPN, CI/CD, Encryption)
●Budget and Cost Tracking
●Team Leadership and Resource Allocation (Resource Management)
●Excellent Communication and Customer Service Skills
●Services Delivery
●Infrastructure, Cloud, Virtualization, Security, Networking
●Customer Management, Change Orders, Budget Tracking
PROFESSIONAL EXPERIENCE
CYBER SECURITY ENGINEER, JC HEALTH, March 2020 -Present
●Support the Team of Cybersecurity analysing the compliance of Authority to Operate (ATO) packages.
●Ensured customers follow security policies and procedures following NIST 800-53 and NIST 800-53A by outlining a comprehensive set of security and privacy controls for federal information systems and organizations.
●Guide the modification and review of existing ATO documentation and proactively provide insights into the documentation packets for ATOs.
●Collaborate key system stakeholders in conjunction with System Owner for artifacts and documentation for interfaces on assigned systems.
●Reviewed security components, hardware or software inventory lists, or Interface Control Documents (ICDs which give the overall information of the system and how it connects.
●Reviewed several artifacts including Plans of Action and Milestones POAMs, HW, Scans, Topology, ATC memo, PPSM for systems.
●Splunk experience via dashboard creation to collect raw Threat Intel data from Zero FOX leveraging APIs.
●Implement the CrowdStrike via dashboard creation for Threat Intel portfolio to assist with proactive threat actor detections.
●Review Audit logs leveraging Azure Active Directory to ensure all devices within the environment are compliant.
●Generate security documentation to support ATO and ATC processes.
●Provide assessments of the severity of weaknesses discovered in the systems and their environment of operation and recommended corrective actions to address identified vulnerabilities.
●Assist in conducting a POC for the SOC/Threat Management Centre to migrate to ServiceNow as a SIEM tool (Splunk) of choice.
●Apply Agile Security Frameworks and Models, this application of Agile principles and practices helps to enhance security operations, develop secure software, and effectively manage cybersecurity risks. Agile methodologies, traditionally used in software development, emphasize flexibility, collaboration, and iterative progress, making them well-suited to address the dynamic and fast-paced nature of cybersecurity threats.
●Prepare the Security Assessment Reports (SAR) containing the results and findings from System Security Assessments (SCA) and discuss findings with the system stakeholders.
●Protect and defend enterprise environments against complex cyber threats with Sec 501
●Assist System Owners with developing and reviewing Interconnection Security Agreements (ISA) and Memoranda of Understanding (MOU).
● Support the review of all Cloud Service Providers (CSP) documentation for compliance as well as work with stakeholders until the cloud system documentation meets FedRAMP and agency A&A requirements.
INFORMATION SECURITY ANALYST, BETHEL SKILLED HOME CARE LLC, March 2019- April 2020
●Reviewed security controls and provide implementation responses as to if/how the systems are currently meeting the requirements.
●Worked with SMEs to develop Maturity Model for improving IAM maturity over time.
●Configured ForgeRock’s Identity Gateway and Identity Cloud with ITDR solutions, improving the monitoring and response mechanisms for anomalous identity behaviors.
●Developed and maintained custom IAM roles to support granular access control, improving security posture while meeting business needs.
●Led the design, implementation, and configuration of SailPoint IdentityIQ to enhance identity and access management capabilities.
●Configured ITDR capabilities in ForgeRock’s access management modules, ensuring seamless detection and response to identity threats across hybrid environments.
●Automated response workflows in Azure Sentinel using ITDR alerts from Azure AD, enabling quick and efficient remediation actions, such as user account lockdown and privilege revocation.
●Developed and maintained integrations between IAM systems (PingFederate, ForgeRock, SailPoint) and other enterprise applications to ensure seamless user authentication and authorization.
●Responsible for eliciting high level IAM Business Requirements from key business and technology stakeholders.
●Architecture and implementation of Identity and Access Management (IAM) solution using PingFederate, Risk-based 2-Factor Authentication (using RSA Adaptive Authentication) and OAuth 2.0.
●Ensured customers follow security policies and procedures following NIST 800-53 and NIST 800-53A.
●Planed, assigned, and performed security validation review for A&A documentation, and supervise team members.
●Provide POA&M Quality and Management (review, update and validate on behalf of the CISO)
●Supported the Security Assessment and Authorization, FISMA compliance, NIST guidelines.
●Sound understanding and experience with NIST Risk Management Framework (RMF) process NIST 800-37 rev 2.
●Generated, reviewed, and updated System Security Plans (SSP) against NIST 800-18 and NIST 800-53 requirements.
●Determined security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).
INFORMATION SECURITY ANALYST LEGACY CYBER TECH LLC. Jan 2017- March 2019.
●Implemented Google Cloud’s Identity and Access Management (IAM) best practices to manage service accounts securely, including using Workload Identity Federation.
●Provide Level 3 Production Support to the IAM system in all functional areas.
●Communicating the functions, capabilities, and processes of SailPoint IAM with clients and users.
●Provided operational support to Veterans Affairs Medical Device Protection Program (MDPP)
●Created Medical Device Security Control Overlay Compliance Questions for Enterprise Risk Assessment Tool
●Created Special Purpose Systems Control Overlay Compliance Questions for Enterprise Risk Assessment Tool.
●Designed, developed, and implemented Enterprise Risk Analysis Tool for Biomedical Engineers this tool assigns risk in accordance with Medical Device Control Overlay developed by my team.
●I worked on a training manual/PowerPoint for CCB Control Chain Board and trained the risk team on changes if needed to be made to the tool as to go through the CCB form.
●Support the Contingency planning team and Office of Business Continuity in developing DRP templates and associated plans and Regions using NIST SP 800-34
Develop Training manuals for the CP team, timelines, and Metrics during meetings with the Client’s Leadership.
Ensure findings based on security assessments are updated within the Plans of Action and Milestones (POA&M) and maintain the Cyber Security Assessment Management (CSAM) vulnerability tracking tool to ensure existing POA&Ms for the respective systems are appropriately documented.
Develop Security Test and Evaluation (ST&E) reports that detail existing vulnerabilities because of security assessments in addition to recommended countermeasures to remediate vulnerabilities.
Conduct independent security assessments in accordance with Continuous Monitoring requirements (NIST 800-137).
EDUCATION
●Master of Science in Information Technology, Southern New Hampshire University Graduated 2022
CERTIFICATIONS
Scrum Master Accreditation Certification
Certified Information Security Manager (CISM) – 2024
CompTIA Security Plus - 2024
Contact this candidate