Post Job Free
Sign in

Information Security Officer

Location:
Washington, DC
Posted:
March 24, 2020

Contact this candidate

Resume:

Chuba Betrand Ezema

**** ******* *****, *****, ** 20774. Phone 202-***-****

Email: adcfh7@r.postjobfree.com

Summary

Information Security Analyst with 6 years of experience in Risk Management Framework (RMF), Security control implementation and categorization in accordance with FIPS andNIST-800 Series guidelines, Assessment and Authorization (A&A). Vulnerability Assessment Management, SSP, SAP, SAR, POA&M implementation. System Development Life Cycle (SDLC).

I am a performance driven professional, with strong organizational skills, result oriented, attention to details especially in IT threats and system security management. Ability to work in large complex corporate environment, with demonstrated excellent teamwork

Experience

Information Security Analyst,

Zot Inc Columbia MD

February 2016 to present.

Developed (A&A) packages, ensured all required documents are included such as the System Security Plan (SSP), Security Assessment Report (SAR), POA&M, Contingency Plan (CP), for the Authorizing Officer (AO), to grant (ATO).

Reviewed, developed IT security policies, security standards, security operation procedures and processes for various systems within the organization.

Performed Risk Management Framework (RMF) in accordance with NIST 800-37, applying FIPS 199 and NIST 800-60 to categorize information system.

Performed Risk Assessment (RA) by identifying, analyzing and reviewing documents relevant to the security controls implemented

Ensured organizational policies are adhered to every stage in the System Development Life Circle (SDLC).

Ensure all FISMA updates, changes, reviews are documented quarterly.

Responsible for authoring artifacts and related documents necessary for FISMA accreditation

Conducted Security Assessment Plan (SAP) by interviewing, examining and testing the controls to see the controls are implemented effectively, operating as intended, and producing the desired outcome.

Documented and reviewed System Security Plan (SSP), using NIST 800-18, Security Assessment Report (SAR) security Plan of Action and Milestone (POA&M).

Created, updated and reviewed System Security Plan, in accordance with NIST 800-18, using NIST 800-61 Contingency (CP) Incident Reports, using NIST 800-61.

Reviewed technical controls and provided implementation response to ensure systems and organizational critical mission of Confidentiality, Integrity and Availability triage (CIA) are adequately protected.

Reviews security categorization of systems using FIPS 199 & NIST SP 800-60 Vol 2 Rev 1

Updates technical, operational and management control families and controls with guidance from NIST 800-53 Rev 4 and FIPS 200.

Reviews and updates SSP implementation statements of respective applicable control to assigned systems as need arises using NIST 800-18

Reviewed security controls and provided implementation responses as to if/how the systems are currently meeting the requirements.

Independently put together a variety of Security Authorization deliverables including, System

Security Plans, Security Assessments Reports, Risk Assessment Plans and POA&M.

Drafts, finalizes, and submit Privacy Threshold Assessments (PTA) s, Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs) for annual review and recertification.

Worked closely with Security Control Assessors (SCA) to determine effectiveness of current security posture and a path forward to implement future security controls, where potential vulnerability might exist.

Identified potential risks and made needed recommendation to the system owner for risk acceptance, transfer or avoidance respectively.

Evaluate and support the documentation, validation, assessment, and accreditation processes necessary to ensure that Information Technology (IT) systems postures are secured

Scheduled and attended weekly meetings for audits, POA&M findings and post action reviews.

Make recommendations for remediation actions for the failed controls/weakness found in POA&M.

Participated in the security Business Impact Analysis (BIA) Private Impact Analysis (PIA) Private Threshold Analysis (PTA) Contingency Plan (CP) Contingency Plan Test (CPT

Participated in ST&E Kick off meeting and populated the Requirement Traceability Matrix (RTM)as per NIST 800-53A.

Maintained close, trusted vendor-relation updates and providing problem solution input

Developed Continuous of Operations (COOP) and Disaster Recovery (DR) operations and conducted evaluation of (COOP) and (DR) during annual incident response training.

Maintained and updated system security documentation as required with Organization’s policies and procedures in accordance with NISTs requirements.

Managed vulnerabilities with the aid of Nessus Vulnerability Scanners to detect potential risks, analyze, prioritize the risk score and ensure they are remediated.

Reviewed security logs to ensure compliance with policies, procedures and identifies the potential anomalies.

Performed audit reviews with the aid of SIEM tools and identified log report triggers that could possibly cause a threat to the system if necessary actions are not implemented.

Reviewed signatures within IDS/IPS tools (snort) to ensure system security baseline were up to date to minimize false positives and maintain accuracy of false negative in the system.

Utilizing the Cyber Security Assessments and Management (CSAM) to record, manage, assess and remediate failed security controls.

Cyber Security analyst,

Encompass Inc

Bowie, MD

March 2013 to November 2015

Prepared, updated and reviewed (A&A) packages and aligned SSP in accordance with NIST 800-53, rev4 and reviewed System Assessment Report (SAR) post assessment.

Documented POA&M’s weakness/finding and ensure they are mitigated.

Conducted IT risks Assessment on system’s key infrastructures, Operating Systems (OS) and applications.

Participated as a member of Certification and Accreditation team to perform risk Assessment, update System Security Plan (SSP), Contingency Plan (CP) & Continuous Monitoring (CM)

Reviewed user’s access to critical systems to ensure only authorized users can gain access to the organization’s systems.

Documented change management processes to ensure unauthorized changes are not made to the system.

Worked closely with the Information Security Officer and Information Technology department staff to assess and reduce information security risks and ensure compliance with established financial institution regulations as part of the GRC process.

Assisted in daily security alert monitoring and reporting, security information and event management, annual risk assessment assistance, quarterly logical access reviews, audit response assistance, and security policy maintenance.

Use defined audit or risk methodologies and best practices to plan, scope, and execute information Security risk assessments.

Responsible for ensuring that Information Security policy, standards, and processes, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans. are routinely updated for all systems.

Conduct ongoing analysis of data received from both external and internal sources and advises security leadership on recommended risk mitigation strategies and remediation priorities as appropriate.

Audited systems for security compliance in vulnerability assessments and resolutions

Evaluated messages in the Information Security inbox and responded or delegated based on severity

Performed Vulnerability scanning, analyze and prioritized potential weakness found in the systems.

Re scanned systems to ensure the vulnerabilities are thoroughly remediated.

Assisted with Active Directory Group Policy administration and server hardening.

Assisted in the development of organization’s IT Security policies, procedures and guidelines.

Responsible for monitoring malware and threats detection/prevention with IDS/IPS, installing and updating antivirus.

Participated in weekly security meetings and build up strategies with an end goal to provide adequate hardening of the system as needed.

Worked closely with patch management team to fix missing patches, disabling unnecessary ports and services.

Analyzed network traffic for malicious malware or abnormal activities for attack vectors.

Responsible for monitoring systems for PII with aid of Data Loss Prevention (DLP)

I also handled audit logs and threat analysis with SIEM tools like Qradar, Splunk and Archsight.

Education

Bachelor of Science (Marketing)

University of Science & Technology Enugu, Nigeria.

Global Intercom Computer (Escuela del Informatica) Barcelona, Spain.

Skills

Risk management Framework (RMF), IT Financial Framework PCI DSS, A&A, FISMA/NIST, Risk Assessment, Third Party Risk management, Nessus, Qualys Wireshark, Splunk, Qradar, Archsight, SDLC, Linux/Windows/Mac OS, Symantec DLP, McAfee, Microsoft office suite, IDS/IPS, NIDS/HIDS

Certification:

CompTIA Security+



Contact this candidate