Information Security Chemical Engineering
Resume:
Stanley Chijioke Udorji
Address: **** ***** **** ****** *** Unit C320, Gambrills MD 21054
Phone: 301-***-**** Email: *************@*****.***
LinkedIn: linkedin.com/in/stanley-udorji-0b49831b7
Information Security Analyst
A versatile, collaborative, accomplished, and knowledgeable cybersecurity professional with a successful track record. Experience well over 4 years. Outstanding organizational and problem-solving skills. Highly collaborative with a talent for building productive relationships that allow smooth functioning while driving others towards excellence and attaining business goals. Possess verifiable interpersonal and communication skills that help put across things with a crisp point. Have a solid track record in achieving the set goals and delivering personal best at every step of the way to provide optimal results. Thrive in fast-paced business environments and cherish a chance to self-manage things through the innate problem-solving skills and never say never attitude.
Skill Areas: wAssessment and Authorization (A&A) wCSAM wIT Security Compliance wVulnerability Assessment wNetwork Vulnerability Scanning wInformation Assurance wSystems Risk Assessment wSystems Development Life Cycle wTechnical Writing wProject Management and Support
Professional Experience
WereSoft Technologies Consulting LLC, Bowie, MD (2018 – Present)
Information System Security Analyst
Developed and implemented a continuous monitoring process for the vendor management program.
Plan and conduct security risk assessments for all third-party vendors/suppliers.
Work as a remediation analyst to ensure all vulnerabilities discovered during the assessment are remediated and mitigated timely.
Facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities
Reviewed authorization documentation for completeness and accuracy for compliance.
Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4
Ensured cybersecurity policies are adhered to and that required controls are implemented.
Validated information system security plans to ensure NIST control requirements are met.
Developed resultant SCA documentation, including but not limited to the Security Assessment Report (SAR)
Authored recommendations associated with findings on how to improve the customer’s security posture in accordance with NIST controls
Assisted team members with proper artifact collection and detail to clients examples of artifacts that will satisfy assessment requirements
Reviewed security logs to ensure compliance with policies and procedures and identifies potential anomalies.
Updated and reviewed A&A Packages to include Core Docs, Policy & Procedures, Operations, and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, POA&M, CPTPR, BIA, PTA, PIA, and more
Collected Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless. Provided security expertise and guidance in support of security assessments
Uploaded supporting docs in the System’s Artifact Libraries, Google Docs, and CSAM
Updated, reviewed, and aligned SSP to the requirements in NIST 800-53, rev4; so that assessments can be done against the actual requirements and not ambiguous statements.
Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on single or multiple assets across the enterprise network
Reviewed SAR post-assessment: created and completed POAM's milestones to remediate findings and vulnerabilities.
Independently reviewed complex security analysis of existing systems for compliance with security requirements.
Monitored security controls post-authorization to ensure continuous compliance with the security requirements.
Supported A&A (C&A) activities according to the A&A project plan
CEIK International LLC, Monrovia, MD (2016 – 2018)
Information System Security Analyst
Develop, review, and update Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with NIST, FISMA, OMB App. III A-130, NIST SP 800-18, and industry-best security practices.
Apply appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199, FIPS 200, and OMB A-130 Appendix III.
Conduct systems and network vulnerability scan in order to identify and remediate potential risks.
Performed Federal Information Security Management Act (FISMA) audit reviews using NIST 800-37 rev 1.
Updated IT security policies, procedures, standards, and guidelines according to the department and federal requirements.
Performed risk assessments, developed/updated and review System Security Plans (SSP), Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and other tasks and specific security documentation.
Perform vulnerabilities scan with the aid of CIS-CAT, Retina, Nessus, NMAP, and MBSA Vulnerability Scanner to detect potential risks on single or multiple assets across the enterprise network. Nessus tenable deployment and management, analysis, and assessment of results.
Developed Rules of Behavior (RoB), Interconnection Security Agreement (ISA), and Memorandum of Understanding (MoU) for the client.
Worked with IT Operations and Network Engineers to mitigate system vulnerabilities discovered in network devices (routers, switches, VPN Concentrator), servers, and workstations.
Familiar with NIST Publications SP 800-18, SP 800-30, SP 800-37 rev 1, SP 800-53 rev 4, SP 800-53A, SP 800-60 and Federal Information Processing Standards (FIPS) - FIPS 199 and FIPS 200.
Worked with the System Owner to generate the Implementation Statements to security controls.
Working knowledge of duties required to implement information security controls and lead information security initiatives.
Ability to translate business requirements into control objectives.
Coordinate and manage team activities during assessment engagements.
Establish schedules and deadlines for assessment activities.
Monitor controls post-authorization to ensure continuous compliance with the security requirements.
Using RSA Archer to lower overall IT and security risk and minimize security incidents and compliance costs.
Professional Development & Credentials
B.Eng. Chemical Engineering NnamdiAzikiwe University Awka, August 2010
M.SC. Cybersecurity Management and Policy University of Maryland Global Campus, June 2022
CompTIA Security + CE (Certified)
CAP (Certified Authorization Professional) (Certified)
A+ Completed
Contact this candidate