Security Officer

Andrew Ndamfombad

**** ********* ** *** ***, New Carrollton Md 20784

adc4qo@r.postjobfree.com Tel. 240-***-****

A highly motivated Security Control Assessor with over 5 years of experience in Information Assurance (IA), Knowledgeable and executing all the six phases of Assessment and Authorization (A&A) process, review and develop key A&A documents sch as SSP, SAR and POAM as well as conducting Risk Assessment utilizing NIST SP 800 -30. Communicate with stakeholders on what is required for a successful Assessment of an information system to achieve Authorization to Operate (AO). Act as a liaison on Pre, during and post assessment for a given package which is undergoing the Assessment and Authorization process. Notwithstanding, review and validates all available artifacts needed for the system.

Neotecc LLC - WASHINGTON, DC

SECURITY CONTROL ASSESSOR

October 2016 to Present

Job Duties:

• Perform ongoing Assessment and Authorization projects in support of client security systems and ensuring quality control of A&A documents.

• Conduct risk assessments and collaborate with clients to provide recommendations regarding critical infrastructure, network security operations and Continuous Monitoring processes.

• Extensive knowledge in Categorizing Information Systems (using FIPS 199 and NIST 800-60 as a guide)

• Create, update and revise System security Plans, Contingency Plans, Incident Response and Plan of Action & Milestone

• Participate in a Kick-off Meeting and review the Security Assessment Plan (SAP) with the stake holders prior to the actual assessment.

• Document and finalize security Assessment Report (SAR) and recommend any changes to Information Owner (IO) required for the information system

• Determine security controls effectiveness (i.e., controls implemented correctly, operating as intended, and producing the desire results). Using NIST 800-53A r4

• Evaluate threats and vulnerabilities based on tenable Nessus reports, use the vulnerator to determine the severity of vulnerabilities from scan output.

• Provide assessment exit briefings to Information System Security Officer (ISSO) and system stakeholders and ensuring that all findings are documented on Plan of Action & Milestones.

• Generate, review and update System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements.

9 SOLUTIONS Inc (Contractor) WASHINGTON DC

SECURITY CONTROL ANALYST January 2014 – May 2016 October 20

Job Duties:

Developed Security Assessment Report (SAR) detailing the results of the assessment along with a plan of action and milestones (POA&M) to the Designated Authorizing official to obtain the Authorization to Operate (ATO).

Conducted a review of the plan of action and milestone (POA&M) process to ensure corrective actions and timely mitigation of the vulnerabilities.

Supported the Information System Security Officer (ISSO) and collaborated with the system's Information System Owner (ISO)

Reviewed the system security plan for the security controls put in place or planned

Collected and validate artifacts from the system owner to support quality information system audit and review.

Performed Security control assessment (SCA) using NIST 800-53Arev1 per NIST, FISMA standard and guidelines.

Prepared Security Assessment and Authorization (SA&A) packages to ensure that management, operational and technical security controls adhere to NIST SP 800-53 standards.

Reviewed organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance following NIST standard guidelines.

Monitored security controls post authorization to ensure continuous compliance with the security requirements.

Ensured all POA&M actions are completed and tested in a timely fashion to meet client deadlines.

Monitored controls post authorization to ensure continuous compliance in accordance with FISMA guidelines

Developed and conducted SCA (Security Control Assessment) according to NIST SP 800-53A to assess the adequacy of management, operational privacy, and technical security controls implemented.

University of Buea – Bsc in Economics

Brightwood College – Associate in information Technology

DoD 8570 IAT Level II (Security + Certified

SKILLS & EXPERIENCE

POA&M Management

Vulnerability Management System (e.g. Tenable Nessus Security Scan)

Excel, Word, Access, Power Point, SCAP Scan,

PROFESSIONAL EXPERIENCE

EDUCATION & CERTIFICATION

Contact this candidate