OBJECTIVE: Information Security Analyst with over years of IT experience in security control assessment (SCA), continuous monitoring, risk assessment, and system security authorization. I am seeking a FISMA Information System Security position in a growth-oriented organization with focus on system security, auditing risk assessments and testing information technology controls.

SUMMARY

Experience with the integration of the security risk management process into the System Development Life Cycle (SDLC), including, but not limited to, security categorization of information and information systems; selection of security control requirements, implementation of security controls; assessment of security control effectiveness; authorization of the information system; and ongoing monitoring of security controls effectiveness.

Utilize NIST Special Publications (NIST SP) to assist in the management and oversight of the Certification & Accreditation of IT systems as mandated by the National Institute of Standards and Technology Act, DIACAP and FEDRAMP.

Advise and assist program managers in obtaining security control assessment and accreditation for assigned systems and monitor to ensure relevant policies are followed.

Assist with the development and maintenance of security policies, standards, and guidelines, and security awareness program materials.

Works with system owners to document weaknesses in the Plans of Action and Milestones (POA&M) process for the tracking and execution of security related tasks, requirements and weakness remediation.

EDUCATION & CERTIFICATION

Certified Information System Security Professional(CISSP)

Certified CompTIA Security+

Certified Authorization Professional (CAP)

AWS Certified Cloud Practitioner

Bachelor’s Degree in Law, Lagos State University, Nigeria

Master’s Degree in laws, University of Baltimore, Maryland

SKILLS & TOOLS

FISMA Compliance with policy and standards- NIST SP 800-137, 800-37, 800-115, 800-30, 800-60, 800-53, 800-53A, FIPS 199, FIPS 200

Security and Privacy Controls Assessment

Development and Review of Security Authorization Document

Risk Assessment

Cyber Security Assessment & Management Tool (CSAM)

Nessus Vulnerability Scanner

Microsoft Office Applications

PROFESSIONAL EXPERIENCE

INFORMATION SYSTEM MANAGEMENT SERVICES INC.

Information Security Analyst (03/2014 – Present)

Assess and document security requirements for Federal information systems using NIST 800-53, and FIPS 200

Develop the Security Assessment Plan to test the security control applicable to information system

Perform annual security control assessment of information system to ensure FISMA compliance

Perform vulnerability and compliance scan identify weaknesses using Nessus

Research and analyze Nessus scan report to validate findings, ruling out false positives

Develop Security Assessment Report (SAR) with findings and recommendation on possible remediation

Interface with senior executives, system owners and administrators to present the vulnerability find and recommend remediation strategy

Participated in exit conferences to summarize key findings and recommendations.

Developed, reviewed, and updated the System Security Plans (SSP) against NIST 800-53 rev4 requirements

Assessed system security controls using 800-53A

Assist in the development of Plan of Actions and Milestones (POA&M) for documenting, prioritizing, remediating, and monitoring corrective actions using CSAM

Participate in POA&M closure, validating the artifacts submitted reflect the recommended remediation and that the issue has been resolved

Developing and updating security authorization packages in accordance with the client’s requirement and compliant with FISMA

Advised the ISO, System Owner and Program Manager on the security requirements of the system, including updates and changes to FISMA regulations and NIST documentation, and the impact of new security vulnerabilities on the system architecture and GSS

Participate in the categorization of the system in accordance with FIPS 199 and 800-60 according to NIST impact requirements of Low, Moderate or High system.

Select the security controls based on its categorization using SP 800-53 rev4

Use SP 800-53a to assess the security controls

Develop, review, complete the security authorization packages such as:

E-Authentication using NIST SP 800-63-1

Risk Assessment Report using SP 800-30

System Security Plan using SP 800-18

Contingency Plan using SP 800-34

Perform a Contingency Plan test annually using Tabletop exercises

Conduct a Security Test & Evaluation

Develops a Security Assessment Report

Develop and perform Privacy Threshold Analysis

Documented and managed Risks in accordance with SP 800-30 and SP 800-37 using nine steps to evaluate the threats, vulnerabilities, and security controls surrounding the

information system as well as the likelihood of an exploit and the impact it will have to the system operations.

HELP DESK TECHNICIAN (7/2012 - 03/2014)

SMART SOLUTIONS INC

Troubleshot issues with internet connectivity, network accessibility (login errors, network drive access, etc.), MS Office (Outlook, Word, Excel, WordPerfect, etc.)

Monitored interfaces, disk space, and performed system backups

Provided help desk support for on workstation and printer problems

Unlocked user accounts and resetting user password through Active Directory authentication system.

Responded to requests for technical assistance via phone and email.

Adding sub-templates for users with multiple jobs and directing tickets to the right department to get them solved.

REFERENCES

Available upon request

U.S. Citizen

Public Trust -- Eligible to obtain security clearance

Contact this candidate