Security Information
Resume:
I am a Risk Management Framework analyst with over 6 years of experience in Assessment and Authorization (A&A) activities and tasks for information systems, Plan of Action & Milestone (PO&AM) management, Operation Policy and Procedures, Vulnerability Management as well as conducting Security Control Assessments (SCAs). Experienced in all phases of preparing and reviewing complete Authorization-to-Operate (ATO) packages for information technology systems and applications as defined by the Federal Information Security Management Act of 2002 (FISMA) and implemented by the guidance of the National Institute of Standards and Technology (NIST) Special Publication 800-53 series. Have excellent leadership skills, works in a timely manner of executing deliverables to senior executives in an organization as well as excellent verbal and communication skills. AREAS OF EXPERTISE & TECHNICAL SKILLS
IT Security controls assessment, Third Party Risk Management (TPRM), Risk Management Framework (RMF), Assessment & Authorization (A&A), Information Assurance, NIST 800 series, FISMA Compliance, Plan Of Action & Milestone, Risk Assessment, System Security Plan (SSP), Security Assessment Report (SAR), FIPS 199 System Security Categorization, IT Policy Coherence, Risk Analysis and Microsoft Office Suite (Word, Excel, PowerPoint, Jira, Confluence), SaaS Assessments FedRAMP, Splunk, Nessus,. PROFESSIONAL EXPERIENCE
Verizon Mar 2020 - Present
Information Risk Analyst
Assist with risk analysis, due diligence, contract review and oversight functions in accordance with EB&T’s Vendor Management Policy
Coordinate with business units to ensure that vendor relationships further EB&T’s business objectives and satisfy EB&T’s operational, technology, legal, and compliance requirements
Under general guidance and direction of team lead, perform risk analysis and due diligence on prospective vendors, ensuring timeliness and accuracy of vendor responses, documenting EB&T findings, and maintaining all supporting documentation
Deliver EB&T contracts to vendors, review vendor responses and assist in contract negotiations in coordination with legal counsel, the Vendor Management lead and business units
Schedule and perform audits of vendors and contract files
Coordinate with vendor management, internal audit, information security, compliance, and finance to gather information and to assess project and vendor risk
Prepare regular vendor management reports as necessary
Perform in depth reviews of vendor SOC1 and SOC2 reports
Administrative functions including monitoring the vendor management mailbox, obtaining responses to vendor questionnaires, obtaining, and filing executed contracts and other documentation, and updating vendor listings
Perform other duties and special projects, as necessary.
Able to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems.
Demonstrates professionalism and accountability. International Business Machine (IBM) Dec 2016 –Feb 2020 RISK MANAGEMENT FRAMEWORK ANALYST
Performs updates to System Security Plans (SSP) Using NIST 800-18 as a guide to develop SSP, Risk Assessments, Business Continuity Plan, and Incident Response Plans
Performs RMF assessment which includes initiating meetings with various System Owners (SO) and Information System Security Officers (ISSO)
Creates change control procedures, drafts, reviews, and updates Plans of Action and Milestones (POAMs)
Conducts FedRAMP Readiness Assessments and review ATO Packages for FedRAMP Cloud environments
Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation
Performs assessment, POAM Remediation, and document creation using NIST SP 800-53 Rev.1 and NIST SP 800-53
Develops solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and corrective action plan. Assisted ISSOs create solutions to weaknesses based on system functionality
Performs evaluation of policies, procedures, security scan results, and system settings to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, and continuous monitoring
Ensures that the Information Systems Security department's policies, procedures, and practices as well as other systems user groups are compliant with FISMA, NIST, and general agency standards
Reviews documentation to include System Security Plan NIST 800-18 as a guide, Authorization to Operate
(ATO), Security Assessment Report (SAR) using NIST800-30 as a guide, FIPPS 199 System Categorization using NIST 800-60 Vol1/Vol2 based on confidentiality, integrity and availability (CIA), policy and procedures, e-authentication, privacy threshold analysis (PTA), privacy impact analysis (PIA), contingency plan (CP) and interconnection security agreement as per NIST 800-47, certification and accreditation (C&A) packages and system standard operating procedures . DELTAAH TECH CONSULTING – Maryland Jan 2014 – Sept 2016 Linux/Cloud Infrastructure Engineer
Responsible for the build, configuration, and maintenance of both physical and virtual machines in the UNIX environment consist of Red Hat Enterprise Linux (RHEL), CentOS, Ubuntu servers.
Performance Management &Tuning of Linux/UNIX Kernel. Responsible for working on day-to-day administration tasks and resolves the tickets using IBM Problem Management application on our Internal Management System
Maintaining integrity of security with the use of group policies across domains. Supporting users through email, on call and troubleshooting. Maintaining inventory of all components including systems and other hardware. Performed User Account management, data backups, and users' logon support. Maintaining user's data backup by creating user folder in File Server and applying security permission on folders.
Worked closely with Project Managers to understand a code/configuration release scope and how to confirm a release was successful.
Diagnose and resolve problems associated with DHCP, DNS, VPN, NFS, Tomcat and Apache. Build, manage, and continuously improved the build infrastructure for global software development Engineering teams including implementation of build scripts, continuous integration infrastructure Designed Ansible Playbooks to manage configurations and automate installation process. Coordinate/assist developers with establishing and applying appropriate branching, Continuous Delivery is being enabled through Deployment into several environments of Test, QA, Stress and Production using Nessus
Work closely with the Networks and Security Team in opening firewalls and DNS requests required for the infrastructure.
Excellent quick learner and delivering solutions as an individual and as part of a team.
Perform analytical, problem solving, communication as well as interpersonal skills. Also involved in documenting technical processes and finding out with Root Cause Analysis using Admin console.
Documented and edited the deployment procedures, customer facing and resolution issue for our feature references.
Worked in 24/7 Production Support on a bi-weekly basis. EDUCATION AND CERTIFICATIONS
Master’s Degree in Cyber Security Technology
University of Maryland
Bachelor’s degree in Information Technology
University of Buea Cameroon
CERTIFICATION
Security+
Oracle Certified Associate – Oracle Database 11g, Administrator
Certified Scrum Master
Contact this candidate