Security Officer

Ndikum Fru Herbin

Upper Marlboro *****

*******@*******.***

240-***-****

A highly motivated Security Control Assessor (SCA) with over 5 years of experience in

A Competent Information Assurance (IA) Analyst with over 6 years of experience in Information Assurance, Proficient in all the six phases of Assessment and Authorization (A&A), review, develop and update A&A documents (SSP, SAR and POAM), conduct Risk Assessment in accordance with NIST SP . Communicate with stakeholders on what is required for a successful Assessment of an information system to achieve Authorization to Operate (AO). Act as a liaison on Pre, during and post assessment for a given package which is undergoing the Assessment and Authorization process

Apex System (Contractor) - WASHINGTON DC

Information System Security Officer (ISSO) – DHS HQ

November 2016 - Present

serves as the principal point of contact for all IT security aspects pertaining to the IT systems for which the ISSO is responsible.

Works closely with the Component ISM and DHS CISO staff, as appropriate, to interpret and apply IT security policies and implementing procedures.

Works with system owners to document weaknesses in Plans of Action and Milestones (POA&Ms) and to initiate corrective action.

Employs automated tools approved by the DHS CISO, such as the Information Assurance Compliance System (IACS) IA Manager Assessment Engine.

Ensures that all DHS personnel have received computer security awareness training.

Maintains an inventory of security relevant hardware and security relevant software and their locations. Develops a system security plan for every IT system assigned.

Maintains documentation detailing the information systems hardware, firmware, and software configuration and all security features.

Evaluations proposed and completed modifications to assigned information systems and provides input on the impact of system security.

Ensures security procedures are in place and performed in the case of terminated employee specifically to prevent unauthorized access.

Assists in the development of system modifications and system change proposals.

Maintains appropriate records for the information systems.

Establish and maintain an incident response capability to ensure timely reporting of computing security incidents to DHS in support of DHS HQ component security operation center (SOC) and DHS SOC.

Review and update annually contingency plan on behalf of the system owner.

Report monthly scan for FISMA reporting to DHS HQ for all systems.

Summit Technologies (Contractor) - WASHINGTON, DC

Security Control Assessor (SCA) EPA

January 2014 – October 2016

Job Duties:

Developed Security Assessment Report (SAR) detailing the results of the assessment along with a plan of action and milestones (POA&M) to the Designated Authorizing official to obtain the Authorization to Operate (ATO).

Conducted a review of the plan of action and milestone (POA&M) process to ensure corrective actions and timely mitigation of the vulnerabilities.

Supported the Information System Security Officer (ISSO) and collaborated with the system's Information System Owner (ISO)

Reviewed the system security plan for the security controls put in place or planned

Collected and validate artifacts from the system owner to support quality information system audit and review.

Performed Security control assessment (SCA) using NIST 800-53Arev1 per NIST, FISMA standard and guidelines.

Prepared Security Assessment and Authorization (SA&A) packages to ensure that management, operational and technical security controls adhere to NIST SP 800-53 standards.

Reviewed organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance following NIST standard guidelines.

Monitored security controls post authorization to ensure continuous compliance with the security requirements.

Ensured all POA&M actions are completed and tested in a timely fashion to meet client deadlines.

Monitored controls post authorization to ensure continuous compliance in accordance with FISMA guidelines

Developed and conducted SCA (Security Control Assessment) according to NIST SP 800-53A to assess the adequacy of management, operational privacy, and technical security controls implemented.

DoD 8570 IAT Level II (Security + Certified)

CAP Certified

CISSP (In Progress).

Bachelor’s degree in Computer Sciences.University of Dschang Cameroon(2001-2004) 3years

Clearance Level: Public Trust Tier III

SKILLS & EXPERIENCE

Microsoft Excel, Word, Access, Power Point, SCAP Scan, STIG

CSAM, Vulnerator. POAM, Visio, Nessus Scan, ECOP, ISVM, CVE, Service Now, Sophos, McAfee, XACTA, Continuum, Nessus Security Center, Symantec, GSS, Major Application, (MA), Mobius

PROFESSIONAL EXPERIENCE

EDUCATION & CERTIFICATION

Contact this candidate