Information Systems Security Officer

AHMED MUNU

Upper Marlboro, MD 301-***-**** *********@*****.*** linkedin.com/in/ahmed-munu-Phd

INFORMATION SYSTEMS SECURITY OFFICER

Results-driven information systems security expert with record of success strengthening data integrity in integrated communications environments through continuous systems analysis and monitoring. Highly analytical problem solver, able to develop system requirement specifications based on user needs and high-level system architecture. Trusted liaison between system owners and development teams, driving accreditation of information systems and authority to operate approval. Strong cross-functional collaborator and communicator, leveraging background teaching higher education courses and mentoring graduate students to break down complex concepts into action-oriented roadmaps for audiences at all organizational levels. Security Documentation Development IT System FISMA Compliance Security Policy Security Configuration Management Requirements Analysis Risk Assessment & Mitigation Encryption Techniques Information Assurance Data Center Management Compliance Standards (RMF, NIST, FISMA, DISA STIGS) Security Hardening. PROFESSIONAL EXPERIENCE

LEIDOS INNOVATIONS, Baltimore, MD

Information Systems Security Officer, 09/2019 – 04/2024 Key Projects

Inherited Leidos Data Center, supporting 30+ applications.

Coordinated activities with the Application and infrastructure teams and leverage system data for decision making and preparation of Risk Management Framework (RMF) artifacts.

Scheduled and performed technical assessments of systems and applications to determine the severity of security control weaknesses.

Coordinated with the System Owners, SAs and ISSM for Security relevant changes and updates to SSPs.

Completed Assessment and authorization packages in accordance with projected timelines and in alignment with customer requirements.

Reviewed the security assessment report for completeness and concurrence/non-concurrence on findings

Served as the primary point of contact to the CISO and Authorizing Officials (AO) regarding data center cybersecurity issues

Monitored, tracked and reported on daily and weekly activities conducted by the ISSM.

Restructured audit support team to drive efficient and effective monitoring and vulnerability management.

Developed and implemented strategies to mitigate identified risks.

Established, documented, and monitored security posture of the Leidos data center and information systems security program implementation as well as ensure compliance with the CMS/HHS organizational Risk Management Framework implementation plans and policies.

Provided monthly reports on IT systems patched and hardened according to CMS/HHS guidelines.

Consulted with business and technical leadership to ensure that data, processes and technology are designed for data protection and compliance with CMS/HHS requirements by working with IT teams to implement and maintain security controls, such as firewalls, access controls, IAM, encryption etc., as per agency specification

Provided guidance to and authored Leidos Data center System security plan updates from NIST SP800-53 r4 to NIST SP 800- 53 Revision 5.

Prepared and reviewed documentation to include System Security Plans (SSPs), Risk Assessment Reports, C&A Packages, and System Requirements Traceability Matrices (SRTMs) for adequacy and compliance with CMS requirements. Additional Responsibilities

Achieved system owner’s compliance with CMS system security documentation requirements.

Coordinated and participated in Leidos Data Center system infrastructure audits and risk assessments performed by internal/external audit contractors for financial, A-123, and FISMA audits.

Conducted continuous and annual comprehensive risk assessments to identify potential security threats and vulnerabilities within the organization's systems, networks, and processes

Evaluated security/privacy control implementation for compliance, to determine risk rating, and prepare related documentation.

Participated in walkthrough interviews and maintained communication with contractors and Leidos SME and stakeholders. AHMED MUNU Page 2-301-***-**** *********@*****.***

Requested, obtained, reviewed, and analyzed artifacts to support IT controls testing and implement assessment and accreditation of system to achieve ATO and CMS/HHS level policy compliance.

Developed and maintained cybersecurity authorization documentation IAW the Risk Management Framework (RMF) process and requirements.

Ensured that cybersecurity requirements are integrated into the LMDC continuity planning.

Participated in the development, evaluation and implementation of governance and compliance processes to mitigate cybersecurity risk and ensure protection of company assets and information.

Supported the planning and implementation of IT systems security controls and the deployment of automation tools.

Performed FISMA annual self-assessment and evaluated system controls to confirm policy and industry compliance.

Supported and documented security control audits, assisted in remediation, and ensured that Plan of Action and Milestones (POA&Ms) are effectively managed and remediated within documented timelines.

Tracked and mitigated audit findings and POA&Ms from system audits and continuous monitoring.

Assisted in the development of the system security policy, planning, and regular compliance.

Oversaw policy standards and implementation strategies to ensure procedures and guidelines comply with CMS cybersecurity policies.

Supported security incident response efforts, including investigation, containment, and recovery.

Identified and analyzed existing processes and procedures to meet new IT Security goals and objectives. LEIDOS INNOVATIONS, Allington, VA

Information Systems Security Officer, 06/2016 – 09/2019 Key Projects

Took over GSA Cloud Acquisition (CATS) environment with moderate- to low-level applications reporting thousands of vulnerabilities at all levels. Implemented vulnerability management program with tracking and remediation actions.

Decreased reported vulnerabilities by 85%. Ensured ATO achievement and FISMA compliance of key security documents. Collaborated with applications team to develop necessary security documents and earn approval from authorizing office.

Provided assessment and authorization (A&A) management support by guiding the development of all documentation necessary to complete the A&A process to include system security plans, contingency plans, and other associated documentation

Prepared and reviewed documentation to include System Security Plans (SSPs), Risk Assessment Reports, C&A Packages, and System Requirements Traceability Matrices (SRTMs) for adequacy and compliance with GSA requirements.

Consulted with business and technical leadership to ensure that data, processes and technology are designed for data protection and compliance with GSA requirements by working with IT teams to implement and maintain security controls, such as firewalls, access controls, IAM, encryption etc., as per agency specifications. Additional Responsibilities

Ensured system application owner’s compliance with GSA requirements for system security documentation.

Analyzed security control implementation adequacy to determine risk ratings and develop/test contingency plans.

Develop and submitted a security assessment report to GSA.

Designed security system plan in partnership with application team, focusing on NIST SP800-53 r4 compliance.

Facilitated FISMA annual self-assessment and reviewed system controls.

Drove implementation of system assessment and accreditation, achieving ATO- and DoD-level policy compliance.

Updated authorization package(s) as systems / software are modified or new components are added.

Met biweekly with application team to review vulnerability mitigation status. Generated biweekly reports for GSA senior management to enable effective decision-making regarding risk identification and management. LOCKHEED MARTIN, Allington, VA

Information Systems Security Officer, IS&GS, 05/2014 – 06/2016

Supported GSA Retail systems alignment with Federal Information Processing Standard (FIPS) 199 categorization.

Reviewed available information on threat sources, threat events, vulnerabilities, and predisposing conditions. Partnered with business owner to identify potential impacts of organizational breaches.

Aligned system certifications with GSA IT security policies and security assessment and authorization requirements.

Reviewed and provided comments on completeness on contingency Plan annual plan tests.

Ensured that POA&Ms or remediation plans are in place for vulnerabilities identified during risk assessment.

Tracked, updated, and submitted quarterly POA&Ms status to GSA management including corrective action plans. AHMED MUNU Page 2-301-***-**** *********@*****.***

Oversaw annual Federal Information Security Management Act (FISMA) self-assessment.

Coordinated and tracked mitigation of findings resulting in GSA applications audits and FAS vulnerability scanning of IT systems.

Developed and implemented strategies to mitigate identified risks.

Developed security policies, procedures, and guidance for compliance by sites hosting systems in collaboration with GSA ISSO.

Provided support to plan, coordinate, and implement IT security programs and policies.

Orchestrated system security plan, reviewed contingency, and configuration plans, and directed applications team to implement security requirements in FAS SDLC.

LOCKHEED MARTIN, Gaithersburg, MD

Staff Information Assurance Engineer, ITSS, 09/2012 – 05/2014

Directed Lockheed Martin Enterprise Operations Center, monitoring government agency virtual machines and generating real-time performance reports of government networks.

Conducted comprehensive system security analyses to support decision-making and risk management and update related documentation accordingly.

Influenced leadership’s cost-effective risk management decisions for applications supporting business functions.

Integrated agency’s information systems by recommending cost-effective IT security policies and procedures, which reduced risk to acceptable levels.

Created SOPs and playbooks for security guidance to support EOC incident response and stakeholder training policies.

Coached and managed three junior and senior technicians to strengthen individual and team performance. UNIVERSITY OF MARYLAND UNIVERSITY, COLLEGE PARK, College Park, MD Adjunct Professor, Networking & Telecommunications Services, 05/2010 – 10/2012

Taught 2 undergraduate and graduate courses each semester in telecommunications and networking and information system management.

Reviewed at least 3 graduate students thesis submissions per year, providing feedback and assessing progress. LOCKHEED MARTIN, Greenbelt, MD

Staff Information Assurance Engineer, IS&GS, 06/2008 – 09/2012

Served as ST&E test director, earning certification/accreditation of ERA OPA GA and re-accreditation of ERA base systems.

Developed testing artifacts for the system including as appropriate Rules of Engagement, a technical assessment plan, Security Requirements Traceability Matrix, Security Assessment Report, and other necessary documentation.

Supervised 4 junior information assurance (IA) engineers through system certification, accreditation planning, testing, liaison activities, progress tracking, and POAM/SIG adjudication with customer.

Developed test plans and oversaw test procedure execution for C&A and FISMA compliance.

Developed and maintained an overall Security Assessment Schedule.

Developed and submitted Security assessment report to ERA management.

Scheduled and performed technical assessments of systems and applications to determine the severity of security control weaknesses.

Executed assessments through reviewing system security documentation, vulnerability scan results, audit logs, configuration guides, and any other additional material provided by the system and system stakeholders.

Documented results of assessments in the compliance tool utilizing a standard reporting format for recording assessment results and findings along with recommended mitigations.

Identified, documented, tested, and validated IA controls, safeguards, and countermeasures.

Scheduled system security and FISMA scans, analyzed results, and mitigated deficiencies.

Drove environment security by evaluating security design and tests of operating systems, networks, and applications. EDUCATION & CREDENTIALS

WALDEN UNIVERSITY, Minneapolis, MN

Doctorate (PhD) of Applied Management & Decision Science, Information Systems Management UNIVERSITY OF MARYLAND UNIVERSITY, COLLEGE PARK, College Park, MD Master of Science (MS) in Telecommunications Management AHMED MUNU Page 2-301-***-**** *********@*****.*** UNIVERSITY OF SIERRA LEONE, Freetown, West Africa

Bachelor of Science (BS) in Physics, Minor in Mathematics CompTIA Sec+ Certified

Information Systems Audit and Control Association (ISACA) CISM Bootcamp

Contact this candidate