Information Security Test
Resume:
Valentine Nkowa
***** ****** ****** **, ******* MN, 55304
US Citizen
adisyt@r.postjobfree.com.
Information Security Risk Assessment:
Possess over seven years of cyber security functions in the Assessment sector especially in Third Party Vendor Assessment.
Wells Fargo has over 4 million Assets (Vendors) globally and for that reason, Wells Fargo requires experience consultants to assess the third-party Assets to meet compliance. Resources include Community Banking, Consumer Lending, Staff Support & venture Capital, wholesale Banking, Wealth Brokerage & Retirement and Enterprise Information Technology.
US Citizen Willing to Relocate If Need Be.
Work Experience at Wells Fargo.
Information Security Consultant 5 April 2018 to Present
Perform light and Full Assessments on Third party Vendor’s
Perform Assessment on Wells Fargo Assets such as Database, Data warehouse, Applications and Data Centers.
Using Nist SP 800-53 for control selections based on the system categorization Low, Moderate or high.
Understanding of the BCP Program. We need to know if the Third Party Asset is included in our Business Continuity program. Is the BCP Tier for the Third Party Asset Tier 1 or Tier 2.
Tier 1 = 0 – 2 hours, Tier 2 = 2 – 4 hours and Tier 3 = 12 – 24 hours (RTO).
Understanding of Change management process.
An assets such as Database, Data warehouse, Applications and Data Centers stores, process, transmits or handles data within Wells Fargo information Assets
Perform Assessment on application call SPARC using the ISRA process on GRC platform
Perform Annual certifications and plan updates and also recertifying the security plan which is FFIEC requirement.
Work with ISSO and system owners to identify common control.
Use systems of records such as AppOne and Trims to facilitate analysis on the Relationship and Engagement managers.
The System of records helps us to avoid duplication of efforts.
Test controls using Risk assessment methods sometimes by examination, Interview and actual testing following the requirements.
Remediate inherent risk then send the asset for SME review.
Good knowledge of third-party management.
Understand Wells Fargo data classifications such as Public, Internal use, Confidential and restricted. Such as standards such as PCI DSS, FISMA, SOX, Cobit, ISO and HIPAA.
Work with different framework such as FISMA, SOX, COBIT, ISO 270001, HIPAA, PCI DSS etc on a given day to make sure that they meet compliance standard by getting certified.
Understands GLBA 501 (B), Gramm Leach – Billy Act policy and procedure. Customer information has to be maintained by Wells Fargo and the Disposal of Consumer information maintained by Wells Fargo
Understand the ISRA process from Analysis to the Line of business Review.
Conduct discovery meetings with business SME’s for discussions on the environments of the security plans.
Understands all the risk management chat to determine if the security plan is a light or full Assessment based on factors such as the record count and how many people have access to the plan.
Prioritize my task based on compliance date and managers need.
Advanced Information Security technical skills and understanding of information security practices and
Ability to take on a high level of responsibility, initiative, and accountability
Good attention to detail and accuracy skills
Strong collaboration and partnering skills
Knowledge and understanding of information security industry standards and government regulations
Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis
Information Security Assessor/Security Control Assessor
Summary
Information Security professional with plenty of hands on experience using: Risk Management Framework (RMF), NIST Special Publications (NIST SP 800-*), NIST standard and guidance implementation, oversight and compliance. Assists in meeting mandates, directives, reporting, and other security-related processes with respect to Federal regulations such as FISMA act 2002 and 2014; OMB mandates; Federal Information Processing Standards (FIPS); to ensure that Information Systems and information, the process are secure by ensuring the appropriate controls are properly implemented, working as intended and yield expected results. Good knowledge of information systems security through monitoring of security controls, compliance verifications, and assessments in accordance with NIST, FISMA, RMF, and industry best security practices.
US Citizen
Work Experience
Washington Tech Solutions, Upper Marlboro MD Nov 2012 to April 2018
Information Security Assessor/Security Control Assessor
Responsibilities
•Assist in the preparation of, tracking and reporting on FISMA compliance activities, including: annual contingency plan tests, quarterly POA&Ms updates and user access reviews.
•Create Security Assessment Plans to initiate Information Security Assessment.
•Conduct Assessments of controls on Information Systems by interviewing, examining and testing methods using NIST SP 800-53a rev4 as a guide.
•Review and update System Security Plan (SSP) based on findings from Assessing controls using NIST SP 800-18 rev1, NIST SP 800-53a rev4 and NIST SP 800-53.
•Entered Control findings and status from Risk Assessment in Security Testing and Evaluation (ST&E).
•Generate Security Assessment Reports (SAR).
•Scheduled and conducted working sessions/interviews with stakeholders to gather and analyze security controls implementation and the information system security posture.
•Support the Security Assessment and Authorization (SA&A), FISMA compliance, NIST requirements and continuous monitoring for Security Controls.
•Tracked authorization expirations for different system including general support systems (GSS) and Major Applications (MA).
• Participated in technical meetings/JAD sessions with key personnel
•Assisted in the review, development, updates and maintenance of information security policies, procedures and control techniques to ensure FISMA and another Federal requirement.
•Assisted in the development of Plans of Actions and Milestones (POAM).
•Categorize Information System and Information processed, determine the High-water Mark (HWM) and document it the System Security plans (SSP)
•Identified gaps in the information security policy, standard, processes and procedures gaps based on migration from NIST SP 800-53 Rev 3 to NIST SP 800-53 Rev 4.
•Examine, Interview and test tailored security controls.
•Develop, review and update Information Security Policies, System Security Plans (SSP), and baselines in accordance with NIST, FISMA, OMB A130.
•Engage appropriate information security control for Federal Information System based on NIST SP 800-37 rev1, NIST SP 800-53 rev4, FIPS 199 and FIPS 200.
•Develop, implement and enforced security infrastructure, risk management compliance, policies and standards, threat and vulnerability management.
•Perform Vulnerability Scan on required systems using Nessus, Burp Suite and Retina, and also analyses Vulnerability scan reports.
•Knowledge of compliance standards such as PCI DSS, FISMA, SOX, Cobit, ISO and HIPAA.
•Experienced managing project deliverables timeline and on budget.
•Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.
•Carried out Security Awareness and training to staff.
• Worked with team members to Categorized information systems and developed System security plan for them based on NIST SP 800-60 and NIST SP 800-18.
•Selected and Tailored Security Controls for Information systems based on control baselines and high water mark using NIST SP 800-53 rev 4.
•Updated SSP with the Information System owner when necessary.
•Developed Plan of Action and Milestone (POA&M) to ensure that adequate controls are implemented.
•Created Security authorization package (SSP, SAP, SAR and POA&M).
•Conducted vulnerability testing using tools like: Nessus, Burp Suite, Retina and Web Inspect, and analyzed scan reports.
•Performed continuous monitoring on Information systems using NIST SP 800-137.
•Conducted Vulnerability assessment and validated remediated vulnerabilities.
SELECT COMFORT, Plymouth, MN March, 2009 – Sept, 2012
Business Analyst/Tester Lead
Select Comfort or Sleep number provides quality mattresses to help ease the pains of many Americans. Select Comfort has different channels of sales such as retail stores, direct econ, wholesale, corporate events and NR.
Responsibilities:
•Gathered Business requirements by interacting with the Business Analysts and the business users and created mockup reports.
•Do estimates for projects and submit final functional documents for approval.
•Work with other developers and DBS’s to make sure the project is done in a timely manner.
•Performed Functional, Integration, Regression, Security and Boundary testing on different modules to check for the stability of the system.
•Manage 4 team members in the US as well as 2 team members in India.
•Prepare my Team members and guide them of which testing was finished on time
•Maintained and update test plans, test cases, test environment, and testing software through test life cycle.
•Worked with Users and Business Analysts to define and design test scenarios and test data.
•Created the Regression Test cases and automated them for the purpose of regression testing.
•Agile methodology followed as SDLC.
•Created the Regression Test cases and automated them for the purpose of regression testing.
•Involved in importing requirements, converting them to tests, developing design step executing test cases, logging defects and generating Graphs & Reports, documented final results and summarized issues, defects or bugs using Quality Center.
•Analyzed the Business requirements before decomposing into test requirements.
•Reviewed Business Requirement Documents and the Technical Specification.
•Tested the interface between database and the application.
•Developed test scripts in VB script for Data Driven tests.
•Executed the test scripts and analyzed the results.
•Participated in requirement walkthroughs and creation of test plan.
•Developed Test Plans, Test Cases to test the Screens and workflows for Quality Assurance.
•Performed Sanity Testing and Smoke Testing.
•Investigating software bugs and reporting to the developers using Quality Center.
•Performed Usability Testing.
•Performed Integration testing, System testing and Regression testing.
•Interfacing with developers to resolve the technical issues.
•Assisted the Newly joined test team members to understand the application.
•Used Quality Center for bug tracking and reporting, also followed up with the development team to verify bug fixes and update bug status.
•Developed Test Scenarios with Test Data to support Test Objectives. Designed Test Cases for Manual Testing. Prepared and executed Test cases as per the Functional requirement document
•Developed Requirement Traceability Matrix for each project to ensure all requirements are mapped to test.
•Enhanced the test scripts through Check Points and Parameterization.
•Generated and tracked defects using Quality Center
ECOLAB, MN Nov 2007 – Jan 2009
Lead Quality Assurance Analyst
The purpose of the project was to conduct an end-to-end software application solution that will be used by pest Elimination business users to manage contracts, call center activity, and field service execution. There will backend interface, Mobile device interface as well as Laptop interface
Responsibilities:
•Working with other Business team to gather requirements and document the required processes for Ecolab Pest Division
•Testing the Application in the back office and also testing how it works with the mobile device setting as well as the laptop version
•Making sure the implementation of multiple interfaces is successfully by testing the application itself before it is installed into our systems.
•Perform data migration between the new application and Ecolab systems.
•Test the new application integration, security, performance as well as the reporting system.
•Testing to make sure that Ecolab hardware can accommodate the new application.
•Working with business users to train them on the new applications
•Add requirement and write test cases in Quality center. Modify requirements, add defects in defect lab and execute test cases in quality center.
•Analyze user requirements and functional specifications to create test cases for system testing
•Meetings on a daily base by all the stakeholders to make sure we are on track with the releases.
•Daily communication with offshore team to ensure better coordination.
•Making sure that my team meets the timeline for executing and creation of test cases.
•Making sure that the offshore team is meeting their goals by communicating with them on a daily basis.
•Prepare Test Plan and Test Cases for the Application to be tested.
•Execute the test cases in quality center
•Bugs were entered in quality center where they were dispatched to developers for fixing.
•Perform performance testing on the backend as well as on the mobile device
•Quality Center was used for management of the requirement, test cases and the bug.
Boston Scientific, MN Feb 2007 - Oct 2007
Quality Assurance Analyst (BI Report (DW) and Siebel Functionality Testing as well as Oracle financial modules such as AP, AR, GL)
Responsibilities:
•Write test cases based on the requirements for Sales Reporting - Phase 2 projects (Data Warehouse).
•Testing Material master, Vendor master and the purchasing process. (SAP MM Module).
•Follow the (SDLC) development life cycle for testing or agile methodology (Scrum) developed by Boston Scientific starting from requirement gathering to maintenance.
•Agile Methodology (Scrum) was used since the milestones were short.
•Stakeholders meet every day for about an hour to see were the team was and allocate resources were needed.
•Bug issues were resolve quickly and retested since the milestones are very short.
•Perform UI testing as well as data validation testing in Cognos environment.
•Collaborated with developers and business analysts to ensure customer satisfaction.
•Perform Siebel testing for US INSIGHT 4.1 release. (Back end testing).
•Perform manual testing for functionality Service Request.
•Perform regression, performance Integration and system testing.
•Executed test cases and logged defects in Remedy and PVC tracker.
•Partnered with developers and business analysts in fixing bug.
•Participated in implementation and deployment phase.
•Conduct BI testing to making sure the reports meet requirements
•Perform manual Performance/ Load and Stress test in Siebel application.
•Perform testing using (ETL)informatics to move data from source to destination
•Using Informatica tool to extract data from source to destination or from database to staging area and from staging area to dimension or fact area.
•Used DDl and DML queries to database and data warehouse
Carol, Inc April 2006 - Jan 2007
Lead Quality Assurance Analyst/Business Analyst
Responsibilities:
•Test functionality in different browsers such as IE, Fire Fox etc.
•Attend status meeting and also write bug reports
•Write and execute test cases in production, staging and home page
•Find and track defects, interact with stakeholders and also fix defects
•Adding multiple checkpoints, parameterized points, recovery scenario points within the application with Quick Test Pro.
•Add requirement and write test cases in Quality center. Modify requirements, add defects in defect lab and execute test cases in quality center.
•Agile Methodology (Scrum) was used since the Requirements were constantly changing.
Environment: Windows, Rally, Jira, My SQL, QC
Education.
University of District of Columbia - Washington D.C.; graduated 5/1990 - B.A. Finance and Economics
Bowie State University - Bowie, Maryland; graduated 12/2001 - M.B.A. in Administrative Management and Public Administration
College of St. Catherine’s - St. Paul, Minnesota; graduated 5/2006 - M.A. Organizational Leadership, Concentration in Strategic Management
University of Saint Thomas - St. Paul, Minnesota; graduated spring 2008 - Master in Software Systems
Training/Certification.
RICHLAND COLLEGE: Completed 416 hours in Implementation Manager Training, Aug, 2011 (HIT) Health Information Technology
M.C.P. (Microsoft Certified Professional) Received Certificate in 2000
O.C.P. (Oracle Certified Professional) Oracle 8 and Oracle 8I
Cognos 10 BI Report Author Certified - 2009
Cognos 10 BI Administrator Certified - 2009
Cognos 10 BI Modeling Certified – 2012
Oracle BI 11g
Splunk Fundamental 2020
Certified Ethical Hacker (CEH) 2019
Security Plus 2020
CISA Certification 2020
PMP Certified 2020
DeVop AWS Certified - 2019
Requirement Management
Implementation
Process & Methodology
Client Relations
Deployment
Testing SAP
Additional Information
SKILLS:
•Application of Risk Management Framework(RMF)
•NIST SP NIST SP 800-18, 800-37, […] 53a rev4, […] 800-30, 800-60, FIPS 199
•Risk Management Tools CSAM, RiskVision (GRC Agiliance)
•Vulnerability Tools Nessus, Burp Suite, Retina, Web Inspect.
•Develop and maintain Assessment and Authorization (A&A) documentation
•Working knowledge of best practices and compliance requirements (FISMA, NIST 800 SP)
•Support Assessment and Authorization (A&A) procedure and processes
•Enterprise security assessments, reviews
•Development of information security policies and standards
•Ongoing Continuous monitoring of information systems
•Information Systems Security
•Information Assurance
•System Categorization
•Third Party Management
INTERPERSONAL SKILLS
•Good Verbal and written communication skills.
•Effective problem solving skills with attention to details.
•Ability to work independently or on a team on multiple tasks.
•Knowledge of Site minder, Ping, LDAP Web logic and Web sphere
•Strong collaboration skills and result oriented.
•Ability to communicate technical issues to non-technical people.
•Ability to think critically and creatively.
•Ability to manage complex issues and develop solutions
•Excellent verbal and written communication skills
•Knowledge of all secure transport solutions
•Knowledge and understanding of banking or financial services industry
•Experience working in a large enterprise environment
•Strong analytical skills with high attention to detail and accuracy
•Ability to manage multiple and competing priorities
Contact this candidate