Security Analyst Manager
Resume:
Chioma Nwosu,CISM
Washington, D.C. 202-***-**** ********@*****.***
Professional Summary
Efficient and results-driven cybersecurity professional with a wide array of information security domains experience including governance risk and compliance (GRC), information system security engineering (ISSE), assessment and authorization (A&A), etc. Highly knowledgeable in FISMA and FedRAMP compliance, Network Security, NIST Risk Management Framework (RMF) ISO27001, PCI DSS compliance, SOX attestation process, and providing security recommendations and solutions to mitigate risks, ensure business continuity, improve organizational risk level and enhance security capability.
Certifications
*Certified Information Security Manager (CISM), ISACA
* CompTIA Security+
Education & Training
University of Maryland Eastern Shore- Bachelor of Science (BS) 2009-2014
The Cloudticians Organization 2016-2018
KEY SKILLS
• Experience with developing and evaluating security documents, including system security plans, contingency plans, security procedures, and continuity of operations plans.
• Experience with various Governance, Risk, and Compliance (GRC) tools for monitoring and tracking privacy controls.
• Outstanding analytical and critical thinking skills with in-depth security and gap analysis.
• Advanced knowledge and hands-on experience with Microsoft Office applications including, Excel, PowerPoint, Word, Outlook etc.
• Excellent oral and written communication skills.
• Develop and maintain cybersecurity artifacts including, POAMs, Continuity of Operations Plans (COOP), Security Assessment Report (SAR).
• Hands on experience with Industry Standards and Frameworks including NIST, ISO 27001, COBIT, CNSSI., SOX attestation process etc.
•Risk Management Framework (RMF)
Relevant Professional Experience
Cyber Security Analyst / Risk & Vulnerability Analyst
NRI Consulting Services 02/2018-08/2021 Silver Spring, Maryland
* Worked independently & with a team to develop, update, and maintain the organizations Security Authorization Package (SAP) including System Security Plan (SSP) Security Assessment Report (SAR) and Plan of Action and Milestone (POA&M) to obtain the Authority to Operate (ATO) for existing and new information systems.
* Developed, managed, reviewed, updated System Security plan (SSP), Security Assessment Report (SAR), and Plan of Action& Milestones based on the results of the continuous monitoring process using NIST 800-137 guidelines.
* Created, validated, documented, IT Governance Compliant assessments in accordance with organizational policy and established regulatory standards (NIST SP 800-37, STIGs, CIS Benchmarks ensuring systems applications, databases, middleware and hardware infrastructures are compliant with current OMB Circular A-123,FISMA NIST policies.
* Incident response task: Collaborated internally and externally to develop and support operational procedures/policies to mitigate risks related to classified data spills, intrusions and unauthorized accesses within organizational compliance guidelines relative to specific Federal agency clients to maintain system integrity and availability.
* Managed and used ACAS (Assured Compliance Assessment Solution) and VRAM (Vulnerability Remediation Asset Manager) for A&A management efforts to conduct analysis and secure systems.
* Assisted with installation and setup of new hardware, including desktops, servers, and networking equipment.
* Created, maintained, and updated the organizations Plan of Action and Milestone (POA&M) detailing the identified vulnerabilities and the plans taken to remediate weaknesses; collaborated with system engineers and SMEs on acceptable weaknesses mitigation solutions.
* Performed, reviewed, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommended mitigation strategies.
* Reviewed and validated user access rights.
* Conducted Risk Assessments for info. systems using NIST 800-30 guidelines, Security Authorization Packages for Major application & General Support System using the NIST Risk Management Framework (RMF) to ensure compliance with FISMA.
* Tracked, provided, and reported security requirements throughout the project life cycle of all projects that are within the authorization boundary of assigned information systems.
* Provided oversight and guidance for day-to-day security activities for systems within authorization boundaries.
* Ensured Confidentiality, Integrity, and Availability (CIA) of assigned information systems and applications.
* Provided support to the Information System Security Manager (ISSM) for maintaining the appropriate operational IA posture for a system, program, or enclave.
Information Assurance/ Compliance Analyst
KMM Technologies 10/2014- 12/2017 Washington, DC
* Developed, implemented, reviewed and update enterprise IA policies, directives, guidelines, and memorandum.
* Reviewed, updated, maintained information assurance control documentation in Xacta and developed customer-related summary documents to the customer for specific applicability and compliance purposes.
* Performed vulnerability assessments, implementation of security controls in networking devices, databases, operating systems, hardware and software components. Administered and managed IA Vulnerability Alerts (IAVA).
* Contributed to the security planning, security assessments, risk analysis, risk management, certification and awareness activities for system and networking operations.
* Supported the building of security architectures. Actively engaged in providing resolutions and findings in support of various offices and activities.
* Reviewed regulations, directives, guidance, grading criteria, regulations, and other artifacts/products as required to identify applicable cybersecurity standards and inspection criteria.
* Collaborated with team members and business stakeholders to complete security artifacts such as Plan of Action and Milestones (POA&Ms) and to monitor progress in correcting weaknesses or deficiencies associated with information systems.
* Evaluated security controls and compliant baselines using recommendations from NIST-800 series & FISMA guidance.
* Documented findings and severity levels of vulnerabilities and non-compliance in a matrix, formal report, written, and oral briefings.
*Provided support for any other security functions as directed by the program manager or the applications support and infrastructure support project managers.
Help Desk Specialist
Planned Systems International 01/2013—12/2014 Maryland
* Performed account maintenance activities, such as account updates, password resets, unlocks, and identification and disabling of dormant accounts.
* Assisted to improve Standard Operating Procedures and user guides.
* Managed help desk phone lines/ email accounts and Remedy or ticketing system for help desk tickets.
* Troubleshot and appropriately reported unexpected problems that may arise during the data abstraction of trials.
* Responded to inquiries and resolved issues submitted to an issue/ticketing system (e.g., ServiceNow) by the cancer research community and program stakeholders, utilizing effective communication.
* Provided troubleshooting on desktop applications, computer hardware/software and networking issues; installed software onto desktop & laptop computers and set up hardware and software.
* Participated in kick-off meetings, performed other tasks, as assigned.
References- All professional references to be provided on demand
Contact this candidate