OBJECTIVE: Information Security Analyst with over years of IT experience in security control assessment (SCA), continuous monitoring, risk assessment, and system security authorization. I am seeking a FISMA Information System Security position in a growth-oriented organization with focus on system security, auditing risk assessments and testing information technology controls.
SUMMARY
Experience with the integration of the security risk management process into the System Development Life Cycle (SDLC), including, but not limited to, security categorization of information and information systems; selection of security control requirements, implementation of security controls; assessment of security control effectiveness; authorization of the information system; and ongoing monitoring of security controls effectiveness.
Utilize NIST Special Publications (NIST SP) to assist in the management and oversight of the Certification & Accreditation of IT systems as mandated by the National Institute of Standards and Technology Act, DIACAP and FEDRAMP.
Advise and assist program managers in obtaining security control assessment and accreditation for assigned systems and monitor to ensure relevant policies are followed.
Assist with the development and maintenance of security policies, standards, and guidelines, and security awareness program materials.
Works with system owners to document weaknesses in the Plans of Action and Milestones (POA&M) process for the tracking and execution of security related tasks, requirements and weakness remediation.
EDUCATION & CERTIFICATION
Certified Information System Security Professional(CISSP)
Certified CompTIA Security+
Certified Authorization Professional (CAP)
AWS Certified Cloud Practitioner
Bachelor’s Degree in Law, Lagos State University, Nigeria
Master’s Degree in laws, University of Baltimore, Maryland
SKILLS & TOOLS
FISMA Compliance with policy and standards- NIST SP 800-137, 800-37, 800-115, 800-30, 800-60, 800-53, 800-53A, FIPS 199, FIPS 200
Security and Privacy Controls Assessment
Development and Review of Security Authorization Document
Risk Assessment
Cyber Security Assessment & Management Tool (CSAM)
Nessus Vulnerability Scanner
Microsoft Office Applications
PROFESSIONAL EXPERIENCE
INFORMATION SYSTEM MANAGEMENT SERVICES INC.
Information Security Analyst (03/2014 – Present)
Assess and document security requirements for Federal information systems using NIST 800-53, and FIPS 200
Develop the Security Assessment Plan to test the security control applicable to information system
Perform annual security control assessment of information system to ensure FISMA compliance
Perform vulnerability and compliance scan identify weaknesses using Nessus
Research and analyze Nessus scan report to validate findings, ruling out false positives
Develop Security Assessment Report (SAR) with findings and recommendation on possible remediation
Interface with senior executives, system owners and administrators to present the vulnerability find and recommend remediation strategy
Participated in exit conferences to summarize key findings and recommendations.
Developed, reviewed, and updated the System Security Plans (SSP) against NIST 800-53 rev4 requirements
Assessed system security controls using 800-53A
Assist in the development of Plan of Actions and Milestones (POA&M) for documenting, prioritizing, remediating, and monitoring corrective actions using CSAM
Participate in POA&M closure, validating the artifacts submitted reflect the recommended remediation and that the issue has been resolved
Developing and updating security authorization packages in accordance with the client’s requirement and compliant with FISMA
Advised the ISO, System Owner and Program Manager on the security requirements of the system, including updates and changes to FISMA regulations and NIST documentation, and the impact of new security vulnerabilities on the system architecture and GSS
Participate in the categorization of the system in accordance with FIPS 199 and 800-60 according to NIST impact requirements of Low, Moderate or High system.
Select the security controls based on its categorization using SP 800-53 rev4
Use SP 800-53a to assess the security controls
Develop, review, complete the security authorization packages such as:
E-Authentication using NIST SP 800-63-1
Risk Assessment Report using SP 800-30
System Security Plan using SP 800-18
Contingency Plan using SP 800-34
Perform a Contingency Plan test annually using Tabletop exercises
Conduct a Security Test & Evaluation
Develops a Security Assessment Report
Develop and perform Privacy Threshold Analysis
Documented and managed Risks in accordance with SP 800-30 and SP 800-37 using nine steps to evaluate the threats, vulnerabilities, and security controls surrounding the
information system as well as the likelihood of an exploit and the impact it will have to the system operations.
HELP DESK TECHNICIAN (7/2012 - 03/2014)
SMART SOLUTIONS INC
Troubleshot issues with internet connectivity, network accessibility (login errors, network drive access, etc.), MS Office (Outlook, Word, Excel, WordPerfect, etc.)
Monitored interfaces, disk space, and performed system backups
Provided help desk support for on workstation and printer problems
Unlocked user accounts and resetting user password through Active Directory authentication system.
Responded to requests for technical assistance via phone and email.
Adding sub-templates for users with multiple jobs and directing tickets to the right department to get them solved.
REFERENCES
Available upon request
U.S. Citizen
Public Trust -- Eligible to obtain security clearance