Sign in

Information Security Engineer

Columbus, OH
January 03, 2020

Contact this candidate


Samuel O. Ogoji CISA, CISM, CCNA, MCSE

C: 513-***-**** H: 614-***-****


Highly technical IT security engineer specializing in highly regulated environments including financial, government, and utilities. Direct experience in network engineering and administration, identity and access management, security administration, vulnerability assessments, incident response, control testing, and SOX, PCI DSS, NERC, and FISMA auditing.






IT auditing

Security auditing

Security administration

SOX testing





NIST 800-53

Vulnerability assessment

Risk assessment

MS Windows Administration

Policy development

IT Governance

MS Active Directory

Citrix administration

Cisco IDS and IPS

Cisco ASA firewalls

Cisco VPN

Network administration





eTrust Access Control



LT Auditor


USTech (DTE ENERGY) – Detroit, MI 06/2016 – 12/2018

Senior Security Engineer NERC Compliance Organization


Responsible for verifying and validating evidence of compliance with NERC CIP requirements particularly in the Patch and Vulnerability Management.

Recognized, identified and escalated compliance or process related risks.

Documented QA checklists for NERC CIP Requirements.

Performed security audits, risk assessments, and provided strategic direction for network infrastructure and global datacenters.

Monitored and evaluated a system’s compliance with NERC CIP security requirements

Verified change management process in the Patch and vulnerability Management

Refined and enhanced Third-Party Risk Management offering (defined risk appetite, risk segmentation, accountability alignment and risk management life cycle) and aligned to regulator guidelines.

Active Directory, Implementation for ADFS, Wins, DNS, connection signal signs Office 365.

Responsible for proactive and reactive communication with all regulated business and technical subject matter experts to support weekly compliance metrics.

Provided guidance and consultation to the Executive Team, Audit and Governance Teams, Information Security Services to successfully remediate any deficiencies along with General IT process improvement.

Used and implemented RSA Multi Factor Authentication as part of the access control

Participated in disaster recovery and incident response management documentation.

Assisted subject matter experts and requirement owners with interpreting requirements, determining DTE’s compliance to the requirement, evaluating evidence, and building controls, policies, and procedures to ensure compliance

Documented the established compliance sustainment process and recommended improvements.

Developed process control flow diagrams to identify security control points.

Participated in the evaluation of enterprise and department-level software including CyberArk, Tripwire, and CATSWeb.

Net2Source (NAVIENT )– Fishers, IN 08/2015 – 12/2015

Information Security Technical Architect


Identified existing IT security gaps as a driver to the development of an enterprise information security policy.

Used and implemented RSA Multi Factor Authentication as part of the access control

Managed a global team that provided strategic consulting and best practice implementation of all aspects of IT operations, more specifically in the areas of Project Portfolio Management, Risk Management, Change Management, Governance and Audit.

Performed FISMA boundary modifications by assessing functional components and adding them to or removing them from an existing boundary.

Researched and document application owners and associated accounts to support identity and access management (IAM).

Responded to FFIEC audit requests and findings by supporting the centralization of IAM and associated reporting.

NexTech (FIRST TENNESSEE BANK) – Memphis, TN 01/2015 – 06/2015

Information Security Risk Analyst


Participated in updating control requirements to support PCI DSS 3.0.

Performed risk assessments on third-party applications and key processes to identify potential vulnerabilities and assess policy adherence.

Used and implemented RSA Multi Factor Authentication as part of the access control

Performed audits to support SOX, SOC, SSAE16, PCI, and GLBA.

Identified opportunities for process improvements to deliver efficiency within the established assessment framework.

NatSoft (JPMORGAN CHASE) – Columbus, OH

08/2014 – 10/2014

Information Security Risk Analyst


Contracted to establish and manage a process to remove a backlog associated with privileged access defects and improve operational efficiency.

Functioned as the liaison between business teams and the centralized identity and access management (IAM) team to increase compliance and understanding of existing information technology policies and standards.

Troubleshoot, verified and reconciled accounts that were not working properly in the CyberArk.

Maintained privileged accounts within CyberArk vaults.

Verified and reconciled failed accounts within the QA and production CyberArk environments.

Performed daily risk management functions in the IAM space to support PCI DSS requirements.

Iconma (MASTERCARD) – O’Fallon, MO

08/2013 – 01/2014

Senior Security Analyst


Managed identity and access management (IAM) roles and entitlements for both internal users and existing customers.

Reviewed business and functional requirements to analyze and define access needs, maintaining least privilege across the environment.

Monitored and checked to ensure that the role get the correct entitlements in a role based access control in compliance with PCI DSS

Assessed the impact of proposed security and access control modifications to insure the availability of both internal and customer-facing systems.

Interacted with internal and external users to respond to inquiries regarding roles, entitlements, and related security matters.

Coordinated identity management and access implementations across multiple environments.

Provided back-up support to the security help desk.

USmax (DHS-CBP ) – Springfield, VA 11/2012 – 04/2013

Security Analyst


Conducted research and threat analysis on current vulnerabilities and exploits in SOC environment.

Conducted operating system, application, and database vulnerability assessments using Tenable Nessus scanning tools.

Analyzed vulnerability assessments and calculated and assed risk and potential impact to the organization based on threats, vulnerabilities, and mitigating factors.

Briefed management on current vulnerabilities and provided recommendations of countermeasures.

Authored information security notification based on vulnerabilities applicable to the environment; tracked compliance to notifications requiring corrective action.

Assisted information system security officers and system administrators in the validation and remediation of identified vulnerabilities.

WidePoint Solutions (FMCSA-DOT) – Washington, DC 10/2009 – 06/2012

Security Engineer


Performed system security administration on designated technology platforms including operating systems, applications, and network devices.

Performed identity and access management (IAM) functions for designated systems and applications.

Performed risk assessments to determine security requirements.

Conducted system vulnerability scans utilizing eEye Retina tools and published weekly vulnerability reports.

Developed and implemented plans and solutions to remediate or mitigate identified vulnerabilities.

Conduct system vulnerability scan of the Blackberry mobile phone using Retina Tools

Participated in disaster recovery and incident response management

Assessed system technical controls as defined by NIST 800-53.

Conducted baseline security scans utilizing the Center for Information Security Configuration Assessment Tool (CIS-CAT).

Implemented Single Sign On Access Control into the System

Performed security self-assessment, contingency plan, security test and evaluations, and business impact assessments.

Applied, and Updated Symantec SEP Antivirus/ Encryption solutions for Endpoint Security

Participated in the Patch Vulnerability Group meetings to discuss Microsoft Patch Tuesday before deployment into production.

Documented the results of assessments and testing in support of System Certification and Accreditation requirements.

Developed Plan of Action and Milestone (POAM) documentation to support requirements.

Monitored security controls to ensure that security designs were correctly implemented and functioning effectively.

TCS (CITIGROUP) – Cincinnati, OH 08/2007 – 06/2009

Lead Information Security Analyst/SOX Compliance Advisor


Performed incident identification and management as a member of the Security Event Monitoring Team.

Documented procedures and both internal and industry best practices to develop and update process control manuals.

Monitored security events in SQL Server, Oracle databases, and Teradata, utilizing LT Auditor and BoKS and eTrust tools. (SIEM)

Monitored system and network security events utilizing ArcSight and eTrust Access Controls.

Monitored systems and conducted reviews of logs, reports, system settings, and user permissions.

Analyzing and correlating incident event data to develop preliminary root cause and corresponding remediation strategy

Worked with other contract teams to effectively respond to cyber incidents

Following established incident response procedures to ensure proper escalation, analysis and resolution of security incidents

Configured and monitored Cisco ASA firewalls.

Proactively disclosed and remedied potential breaches and risks to systems and data.

Followed-up on security events and escalations to ensure a prompt resolution.

Performed risk assessment surveys to identify security requirements.

Participated in the review of internal controls to support PCI DSS requirements.

AMERIKONSULT, INC (Consulting) – Columbus, OH 01/2004 – 08/2007

Senior IT Auditor


Participated in the audit planning process and the development of internal audit procedures and guidelines.

Assessed clients’ IT risks using key controls and objectives to determine the scope of testing.

Collaborated with external audit firms in monitoring and conducting audits.

Performed reviews of internal controls to support SOX, NERC, and PCI compliance; utilized COBIT and COSO frameworks.

Prepared detailed audit reports and made meaningful recommendations to all levels of management.

Analyzed security controls in the Windows environment to test and verify compliance.

Conducted vulnerability assessments and system incident and event management activities.

NATIONWIDE INSURANCE SERVICES – Columbus, OH 07/1997 – 01/2004

Helpdesk Coordinator/Technology Analyst/ Network Systems Support Analyst


Maintained user and system accounts, and groups within Active Directory.

Responsible for troubleshooting and fault finding computers and network connectivity problems to resolution.

Maintained and corrected problems related to server and workstation agents and the Wintel environment.

Performed system administration for the Windows and Citrix environments.

Applied, and Updated McAfee Antivirus/ Encryption solutions for Endpoint Security

Engineered and configured WAN connections utilizing T1, ISDN, ATM, Frame Relay, QOS, and CSU/DSU.

Installed and managed a Cisco VPN Concentrator and associated VPN tunnels and accounts.

Configured and monitored Cisco IDS and IPS.

Monitored communication lines, network devices, and servers utilizing HP OpenView and IBM Netview.

Participated in disaster recovery tests and operations.


BS, Aerospace Technology – Kent State University, Kent, OH

Certificate in Networking and Distributed Systems – Columbus State Community College, Columbus, OH

Certificate in Interconnecting Cisco Networking Devices – Global Knowledge, Worthington, OH


Certified Information Systems Auditor – CISA, ISACA

Certified Information Security Manager – CISM, ISACA

Cisco Certified Network Associate – CCNA, CISCO

Microsoft Certified Systems Engineer – MCSE 2000, Microsoft

Microsoft Certified Professional + Internet – MCP+I, Microsoft




Servers, PCs, peripherals; Cisco ASA, Cisco VPN Concentrator, CyberArk Vaults, Cisco ASA.

OS and Software:

MS Windows Server NT 4.0, 2000, 2003; UNIX, Linux, Cisco IOS, AS/400, MS Exchange, Citrix, CyberArk, ArcSight, LT Auditor, eTrust Access Controls, BoKS, Help, Tivoli, Peregrine, Remedy, GSM, JIRA.

Languages and Protocols:

Visual Basic, C++, TCP/IP, NetBEUI, DHCP, WINS, DNS, SMTP, HTML, FTP, Telnet, Frame Relay, VPN, Active Directory.


Member, Information Systems Security Association (ISSA)

Member, Information Systems Audit and Control Association (ISACA)

Contact this candidate