Information Security Manager
Resume:
Victor F. Kabba
***** ******** *****, **********, ** 22193 ǁ adbwz7@r.postjobfree.com ǁ 571-***-****
IT Framework
E-Authentication, Privacy Threshold Analysis, PIA, Risk Assessment Report, System Security Plan, Contingency Plan, ST&E, NIST SP 800-53A, Security Assessment Report, POA&M, NIST Risk Management Framework, NIST 800-53, NIST 800-53A, NIST 800-30, NIST 800-34, NIST 800-18, FIPS, FISMA, ATO.
Software Platform
Microsoft Office Suite, CSAM, XACTA IA Manager
Professional Experience
C & B Strategic Consulting Inc. Information Assurance Specialist May 2017-Present Responsibilities
Responsible for Federal Information Security Management Act (FISMA) compliance for the ongoing security authorization activities for over ten (10) systems with accordance with National Institute of Standards and Technology (NIST) 800 series ( NIST 800-53A rev4 and 800-37 rev1) under Risk Management Framework (RFM).
Developed Standard Operation Procedures (SOPs) for Risk Management Framework
(RMF) accreditation package submission: Access Control (AC), System Communication
(SC), Contingency Plan (CP), Identification Authentication (IA), System Integrity (SI), System Services Acquisition (SA), Risk Assessment (RA), Audit Accountability (AU), Program Management Planning (PL), Configuration Management (CM), and Change Control Board Procedures.
Support FISMA compliance, Security Authorization Process (SAP) and ongoing Authorization artifacts: System Security Plan (SP), Contingency Plan (CP), Contingency Plan Test (CPT), Business Impact Analysis, FIPS-199, and Privacy Threshold Analysis
(PTA).
Performed annual security reviews and compliance self-assessments to ensure compliance for five (5) applications.
Mange and update Plan of Action and Milestone (POA&M) to evaluate risk analysis and provide findings to record compliance, list vulnerabilities and schedule for completion of resolution.
Facilitate meeting between agency, department heads, band RMF team by PowerPoint presentation or conference call meetings.
Administer company information security testing and protection plan.
Oversee hardware infrastructure and keep updates with latest technology.
Ensure software is patched and able to protect from threats.
Make recommendations for mitigating identified risk.
Identified and evaluated potential threats and vulnerabilities. Daggers Group Inc. Information Assurance Analyst September 2015-May 2017 Responsibilities
Created C&A presentations for System Owner, Project Managers, System Engineers, and other stake holders to achieve an Authorize to Operate (ATO) using Microsoft Word, Power Point, Video and Projector.
Performed Security Assessment and Authorization (A&A) process based on FISMA guidelines and compliance using NIST 800-53 as a guide.
Develop and maintain Plan of Action and Milestones (POA&Ms) of all accepted risks upon completion of Assessment and Authorization (A&A) process to satisfy NIST requirement.
Held kick-off meeting with CISO and systems stakeholders prior to assessment engagement.
Conduct audit reviews, control test for (800-53) to create and produce Security Assessment and Risk Assessment.
Determine security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).
Conducted risk assessments regularly; ensured measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST800-30 and NIST 800-37.
Education and Certification
CompTIA Security + CE
Certified Ethical Hacker (CEH)
IPAM-University of Sierra Leone.
Contact this candidate