ARCHANGE (ANGEL) TCHAGOUE
**** ****** ****** *****, *#10, Oakton, VA, 22124
862-***-**** adg00v@r.postjobfree.com
Dedicated and highly driven Security Assessment and Authorization [A&A] professional, knowledgeable in Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), Vulnerability management using applicable NIST/FedRamp/HIPAA/PCI-DSS/Gramm Leach-Bliley standards etc. A proven goal-getter and team lead with strong communication and customer service.
KEY COMPETENCE
Security Monitoring
Security Assessment
Security Authorization
System Categorization
Security Assessment Report
Incident Response
Report Writing
Client & Vendor Relations
RMF/FISMA/NIST/ISO
POA&M Remediation
Vulnerability Management
MS Office
Contingency Planning (Disaster Recovery)
DevSecOps
Selection/Implementation of Controls
Project Management and Support
PROFESSIONAL EXPERIENCE
Information Security Analyst [ Client Facing]
Crest Consulting Group- Rockville, MD March 2017 - Present
Working with Management in determining and recommending Information assurance governance structure to protect IT resources.
Developing, reviewing, and updating information system policies and procedures governing security best practices for assigned systems.
Creating, reviewing, and updating ATO package documents such as SSP, SAR, POA&M. [IR, SAP, DRP, BIA, PTA, PIA, RA, ISCP, and CPT.]
Extensive Experience with conducting Risk Assessment (RA) and completing Risk Management Framework (RMF) process to obtain ATO.
Performing security packages validation to ensure completeness on Risk Assessment, (RA), FIPS-199 Security Categorization, PTA, PIA, SORN, and E-authentication.
Monitor controls post authorization to ensure continuous compliance with the security requirement.
Work with ISSOs to ensure documenting and remediating audit findings, security planning and reporting, and mitigation of security vulnerabilities are completed in a timely manner.
Ensures that systems stakeholders adhere strictly to the government regulatory standards and guidance such as FISMA.
Perform risk assessments for on diverse application systems - including reviewing evidence, interviewing personnel, tests, and inspections, producing assessment reports and recommendations.
Evaluate security assessment documentation and provide written recommendations for security authorization to the AO.
Conducting Vulnerability scanning and assessment of report using tools such as Tenable Nessus, Qualys, HP WebInspect and HP Fortify.
Experience using centralized security document repository such as MS SharePoint, CFACTS, Modulo and DM 36O to manage deliverables
Senior Cyber Control Assessor
Matrix Computer Consulting- Manassas, VA April 2015– March 2017
Conducted Assessment & Authorization (A&A) Kick-off Meetings.
Conducted IT Controls risk assessment to identify system threats, vulnerabilities, risks, and generate reports. Develop and Conduct Security Test and Evaluation (ST&E) according to NIST SP 800-53A.
Developed, reviewed, and updated security Policies and Procedure.
Updated and Monitored Security controls pre/post authorization to ensure compliance and governance with all necessary security standards.
Performed GAP analysis to identify controls changes from NIST-800 53 rev 3 to NIST-800 53 rev 4 and updated security plans and relevant documents to reflect the changes.
Helped facilitate and support the Ongoing Authorization Program for the organization.
Reviewed completed security documentation for completeness, accuracy, and quality.
Provided support to configuration management and control processes to integrate security and risk management.
Conducted security impact analyses of security controls based on proposed system changes.
Documented the application level controls that include security controls in a narrative format.
Supported the preparation of security test plans, execute, and assess the security control effectiveness using security control testing procedures, and created Security Assessment Reports (SAR) based on assessment findings.
Familiar with NIST Publications SP 800-18, SP 800-30, SP 800-37 rev 1, SP 800-53 rev 4, SP 800-53A, SP 800-60 and FIPS 199 and FIPS 200.
Assisted the system owner with defining security objectives and system performance requirements.
Worked with the system administrators to examine and test the security posture of the systems and applications
Conducted Security Assessment via document examination, interviews, and manual assessments.
Created reviewed and updated POA&M documents
Implemented, reviewed, maintained and continuous monitoring for control systems in accordance with FISMA guidelines, NIST 800-137
Financial Analyst
Eastman Companies- Livingston, NJ Jan 2014 – April 2015
Developed management tools to measure and analyze financial and operational information KPI (Key Performance Indicator) & MAP (Measurable Accountability Plan) using Workspeed, MRI
Prepared and managed annual budgets, income statements, expenses, cost variance and deal analysis using Excel based financial models
Oversaw investment portfolio and performed market and competitors research using Costar, Loopnet to ascertain trends, key performance indicators, gap analysis and forecasting
Sourced and analyzed real estate transactions including buyers and lenders, potential lease deals, mortgages with Argus for possible acquisition
Contributed to 14% business growth by developing strategic recommendations for management regarding long-range planning and statistical analysis
EDUCATION AND CERTIFICATION
ESG MANAGEMENT SCHOOL - ESGF — Paris, France
Masters in Financial Management — 2010
ESG MANAGEMENT SCHOOL – ESG— Paris, France
Bachelor in Business Administration Business — 2008
***Certified Authorization Professional CAP - Ongoing
***SECURITY + - Ongoing