SAMUEL MUNDAME
*******@*****.***
Willing to relocate
PROFILE SUMMARY
Qualified IT professional armed with broad-based background and skills in the areas of information security and information Risk management. Exceptionally focused and skilled Information with a thorough understanding of ascertaining security threats and vulnerability, formulating plan of action and milestone to prioritize, remediate, and monitoring corrective actions. Extensive experience in implementing, configuring, developing, testing, IT security risk and compliance. Vast in knowledge of NIST guidelines, FISMA, ISO, SOC2, PCI-DSS, Security Control Assessment, Vulnerability Management, SOX, SAR, POAM. Able to multitask effectively and seeking to work in a professional environment where my skills in Identifying, analyzing and problem solving can be fully utilized.
EXPERTISE AND QUALIFICATION
Experience security, risk and compliance analyst
Creating and maintaining standards required for protecting information system. Experience with network vulnerability assessments and penetration testing methods.
Identify security flaws in computing platforms and applications; develop strategies and techniques to mitigate identified cyber security risks.
Performing risk assessments utilizing the NIST Risk Management Framework and the NIST 800-53 catalog of security controls
Performing the capacity planning required to create and maintain security metrics.
Reviewing policies and procedures. Implementing and enforcing security for all section of information system to aid compliance with regulations, laws and standards.
Understanding of network attacks, DDoS, Phishing, email protocols/security/spam, encryption, authentication, logging and log analysis, IP and device reputation, and security rules and policies
Creating monitoring and maintaining security awareness program to help increase security awareness.
Perform and manage assessments against information security frameworks, including but not limited to PCI DSS, ISO 27000 series.
Assist in evaluating security measures implemented to protect information and information systems.
Establish a continuous monitoring strategy to proactively monitor and track security-related defects and the status of their resolution to report.
Create security metrics to help measure the effectiveness of security measures and control implemented to manage risk.
Conduct internal Risk Assessments by analyzing Threats Event Frequency, Vulnerability, and Loss Magnitude in determining risk or Risk appetite
Review, update and prepare enterprise security program for GDPR regulation and SOX testing of Controls experience.
Great understanding of the RMF steps and also various security framework and regulations.
Experience with Advanced Threat Protection, Application Control, Application Guard, CRM, Exploit Guard. And other applications
Threat analysis, vulnerability management and Risk management.
Window Domains Active Directory user request, terminal Server
Application support, users request AD, emails, Modifying account, O365 migration.
Experience in creating and building user access for Production and other applications
WORK EXPERIENCE
Information Security MD Anderson Cancer Center, Object Win Houston TX NOV. 2018-Present
Develop, design, evaluate and implement information security governance processes, including policies, standards, procedures and risk management practices.
Manage and conduct security assessment of third parties, incident management track and report third party risk identified through due diligence.
Familiar with using GRC tool ( Service now) to support automation of services in our systems
Performing risk assessments utilizing the NIST Risk Management Framework and the NIST 800-53 catalog of security controls.
Work closely with business senior managers and managers to ensure awareness and understanding of third party risk program requirements and associated risk within their portfolios.
Support development and continuous improvement of third party risk and compliance program for high and critical vendors.
Experience with compliance requirements/standards such as Payment Card Data Security Standards / PCI, Sarbanes-Oxley Act and Privacy Shield or GDPR
Experience in security, compliance and privacy assessments for enterprise systems and processes to align with compliance frameworks such as PCI, SOX, SOC2, ISO, GRC and GDPR.
Perform and manage assessments against information security frameworks, including but not limited to PCI DSS, ISO 27000 series and SOX testing control.
Experience with the design and testing of IT security controls in a managed hosting Software-as-a-Service environment. experience in automating cloud or hybrid cloud IaaS and PaaS technologies:
Ensure required risk management activities and control weaknesses are remediated prior to contract execution with third party provider or appropriate risk acceptance is documented and approved by business senior management. Ensure appropriate systems are updated, remediation action plans to address control weaknesses are documents and approved by appropriate stakeholders.
Help remediate findings by Audit teams to better improve the security posture of the organization.
Assists workforce with security based questions to derive the inherent risk
Develop Risk management policies and procedures that align with international standards such as NIST, ISO 27001, 27002, GDPR and HIPPA.
Knowledge with GRC tools such as Matric Stream
Conduct internal Risk Assessments by analyzing Threats Event Frequency, Vulnerability, and Loss Magnitude in determining risk or Risk appetite
Performed TPV risk assessments by developing DPIA, TPV questions, identifying inherent and residual risk.
Developed tracking log for tracking third party vendors, analyze and developed SLA in accordance to the business objectives
Information Security/Risk Analyst Irotech. Wilcrest, Houston May. 2018–OCT. 2018
Responsible for ensuring program level compliance with FISMA Controls (e.g., SP800-53) and PCIDSS
Create and update Contingency plans and Disaster recovery plans for information systems using NIST SP 800 – 34
Review risks, threats, and vulnerabilities and oversee the development of corrective action plans in partnership with management, IT personnel, and other relevant groups.
Review daily information security news/alerts and understand how new vulnerabilities may affect SOS infrastructure
Deploy, manage, and maintain a formal information security risk register and the corresponding or associated software.
Analyze reports to understand threat campaign(s) techniques, lateral movements and extract indicator of compromise (IOCs).
Recommend sound remediation and recovery strategies; suggest defensive policy enhancements and information technology procedures.
Threat management (Intel Consumption, discovery, tracking).
Deliver status reports, briefings recommendations, and findings to management and executives as required.
Perform IT security control testing and develop recommendation, risk option base on confirm observation.
Performed incident review and review Security Control Assessments, Configuration Management Plans (CMP), Contingency Plans (CP), and Incident Response Plans (IRP) and other tasks and specific security documentation
view internal and external audits and review internal control systems and work with other agency’s business units to monitor security controls and data protection.
Executes automated malware analysis to determine initial threat impact and takes actions to address the incident.
Information Security Analyst Washington Tech Solutions, upper Marlboro MD May. 2014–.April 2018
.
Identify, evaluate, remediate vulnerabilities performing assessment on third party software and ensure appropriate security implementation is met.
Performing risk assessments utilizing the NIST Risk Management Framework and the NIST 800-53 catalog of security controls.
Prepares and reviews documentation to include System Security Plans (SSPs), Contingency plan, Contingency plan test, Privacy impact analysis, Privacy threshold assessment and Risk Assessment Reports
Evaluates security risk assessments and presents security information to workforce and management.
Great understanding of the RMF steps and also various security framework and regulations.
Threat analysis, vulnerability management and Risk management.
Analyze the severity levels for all vulnerability scans and follow up with the remediation process.
Monitor and advice on information security vulnerabilities related to all team's infrastructure systems.
Review daily information security news/alerts and understand how new vulnerabilities may affect SOS infrastructure in cloud environment.
Carry out review and updates on system as well as prepares theses system for assessment and audits, making sure they work effectively as per company standard and compliance.
Analyze and evaluate IT scanning tools for vulnerability reports, patch management and remediation
Assisted in performing the 7 steps of the Risk Management Framework on information system to identify, evaluate, analyze and mitigate threat and risk.
Analyze vulnerability result to help remediate vulnerabilities and threat
Conduct web site assessment and monitoring applications and database system
Assist in reviewing and updating policies and procedures, and training staff and clients on security threats, risk, vulnerabilities & exploit.
Understanding of network attacks, DDoS, Phishing, email protocols/security/spam, encryption, authentication, logging and log analysis, IP and device reputation, and security rules and policies
Analyze the firm’s policies & procedures and perform gap analyses on Regional and Global standards to ensure organization and regulatory expectations are clearly established.
Excellent knowledge in security technology, Identity access management, anti- malware solution and network security in protecting data privacy.
Entitlement and provisioning of account maintaining proper policies and procedure for profile creation and maintenance and review so as protect data privacy.
Research and implements security standards that remediate information system threats and vulnerability & determine the severity level for compliance scans (CVSS) score.
Developed Risk acceptance, KPIs, risk Exception process that aligns with the business objectives and prepare executive summary report for current and exploitable vulnerabilities.
Cyber Security Analyst SO.NA.RA Limbe-Cameroon June2012- July 2013
Conducted meetings with the IT team to gather documentations, and Evidence (Kick–off meeting) about their control environment.
Performed Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), and E-Authentication with business owners and selected stakeholders.
Hold kick-off meeting with CISO and systems stakeholders prior to assessment engagement.
FISMA Reports, Standard Operating Procedures (SOP) in accordance with NIST
Conduct the ST&E Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A
Security Test and Evaluation (ST&E): Performed Security Test and
Evaluation assessment on several different environments using both Scanning tools and manual assessment.
EDUCATION:
Bachelor Degree in Computer Science
University of Yaoundé
Bachelor in Information Assurance(AIU)
HOUSTON
CERTIFICATIONS
CCSKv3 Certified
AWS Associate Developer Certified, Scrum Master Certified
CompTIA Security+ Certified.
TECHNICAL SKILLS:
Operating systems:
MS-DOS, Windows system, (Windows 10)
Windows Servers.
Control Tools & Utilities: Nessus Vulnerability Scanner, McAfee, Splunk, Nexpose, Cherwell, Microsoft Outlook, O365, SharePoint, Team and Skype.
HIGHLIGHT:
Performance Improvement
Leadership Skills
Problem Solving
Communication Skills
Information Gathering
Interpersonal Skills
Team Management
Attention to Details