ARCHANGE (ANGEL) TCHAGOUE

**** ****** ****** *****, *#10, Oakton, VA, 22124

862-***-**** adg00v@r.postjobfree.com

Dedicated and highly driven Security Assessment and Authorization [A&A] professional, knowledgeable in Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), Vulnerability management using applicable NIST/FedRamp/HIPAA/PCI-DSS/Gramm Leach-Bliley standards etc. A proven goal-getter and team lead with strong communication and customer service.

KEY COMPETENCE

Security Monitoring

Security Assessment

Security Authorization

System Categorization

Security Assessment Report

Incident Response

Report Writing

Client & Vendor Relations

RMF/FISMA/NIST/ISO

POA&M Remediation

Vulnerability Management

MS Office

Contingency Planning (Disaster Recovery)

DevSecOps

Selection/Implementation of Controls

Project Management and Support

PROFESSIONAL EXPERIENCE

Information Security Analyst [ Client Facing]

Crest Consulting Group- Rockville, MD March 2017 - Present

Working with Management in determining and recommending Information assurance governance structure to protect IT resources.

Developing, reviewing, and updating information system policies and procedures governing security best practices for assigned systems.

Creating, reviewing, and updating ATO package documents such as SSP, SAR, POA&M. [IR, SAP, DRP, BIA, PTA, PIA, RA, ISCP, and CPT.]

Extensive Experience with conducting Risk Assessment (RA) and completing Risk Management Framework (RMF) process to obtain ATO.

Performing security packages validation to ensure completeness on Risk Assessment, (RA), FIPS-199 Security Categorization, PTA, PIA, SORN, and E-authentication.

Monitor controls post authorization to ensure continuous compliance with the security requirement.

Work with ISSOs to ensure documenting and remediating audit findings, security planning and reporting, and mitigation of security vulnerabilities are completed in a timely manner.

Ensures that systems stakeholders adhere strictly to the government regulatory standards and guidance such as FISMA.

Perform risk assessments for on diverse application systems - including reviewing evidence, interviewing personnel, tests, and inspections, producing assessment reports and recommendations.

Evaluate security assessment documentation and provide written recommendations for security authorization to the AO.

Conducting Vulnerability scanning and assessment of report using tools such as Tenable Nessus, Qualys, HP WebInspect and HP Fortify.

Experience using centralized security document repository such as MS SharePoint, CFACTS, Modulo and DM 36O to manage deliverables

Senior Cyber Control Assessor

Matrix Computer Consulting- Manassas, VA April 2015– March 2017

Conducted Assessment & Authorization (A&A) Kick-off Meetings.

Conducted IT Controls risk assessment to identify system threats, vulnerabilities, risks, and generate reports. Develop and Conduct Security Test and Evaluation (ST&E) according to NIST SP 800-53A.

Developed, reviewed, and updated security Policies and Procedure.

Updated and Monitored Security controls pre/post authorization to ensure compliance and governance with all necessary security standards.

Performed GAP analysis to identify controls changes from NIST-800 53 rev 3 to NIST-800 53 rev 4 and updated security plans and relevant documents to reflect the changes.

Helped facilitate and support the Ongoing Authorization Program for the organization.

Reviewed completed security documentation for completeness, accuracy, and quality.

Provided support to configuration management and control processes to integrate security and risk management.

Conducted security impact analyses of security controls based on proposed system changes.

Documented the application level controls that include security controls in a narrative format.

Supported the preparation of security test plans, execute, and assess the security control effectiveness using security control testing procedures, and created Security Assessment Reports (SAR) based on assessment findings.

Familiar with NIST Publications SP 800-18, SP 800-30, SP 800-37 rev 1, SP 800-53 rev 4, SP 800-53A, SP 800-60 and FIPS 199 and FIPS 200.

Assisted the system owner with defining security objectives and system performance requirements.

Worked with the system administrators to examine and test the security posture of the systems and applications

Conducted Security Assessment via document examination, interviews, and manual assessments.

Created reviewed and updated POA&M documents

Implemented, reviewed, maintained and continuous monitoring for control systems in accordance with FISMA guidelines, NIST 800-137

Financial Analyst

Eastman Companies- Livingston, NJ Jan 2014 – April 2015

Developed management tools to measure and analyze financial and operational information KPI (Key Performance Indicator) & MAP (Measurable Accountability Plan) using Workspeed, MRI

Prepared and managed annual budgets, income statements, expenses, cost variance and deal analysis using Excel based financial models

Oversaw investment portfolio and performed market and competitors research using Costar, Loopnet to ascertain trends, key performance indicators, gap analysis and forecasting

Sourced and analyzed real estate transactions including buyers and lenders, potential lease deals, mortgages with Argus for possible acquisition

Contributed to 14% business growth by developing strategic recommendations for management regarding long-range planning and statistical analysis

EDUCATION AND CERTIFICATION

ESG MANAGEMENT SCHOOL - ESGF — Paris, France

Masters in Financial Management — 2010

ESG MANAGEMENT SCHOOL – ESG— Paris, France

Bachelor in Business Administration Business — 2008

***Certified Authorization Professional CAP - Ongoing

***SECURITY + - Ongoing

Contact this candidate