Yawou Kodjovi

Odenton, MD

240-***-**** adsked@r.postjobfree.com

DHS-HQ 6C-High Risk

SKILLS

Incidence Response

Risk Management Framework

Continuous Monitoring

Policies & Procedures

NIST 800 Series/NIST CSF

Risk Assessment

Internal Security Auditing

Information Assurance

Vulnerability Assessments

WORK EXPERIENCE

GDIT, Washington, DC March 2020 – present

ISSO

Develop, implement, and ensure compliance with information security policies including System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Risk Assessment Report, Incident Response Plan, and SOPs.

Coordinates continuous audits, acts as liaison between stakeholders and external auditors to ensure that audit findings are remediated accordingly, and corrective actions implemented per SOPs and regulations.

Provide management with monitoring reports for security issues and assist departments through awareness trainings in the implementation of security tools to be integrated in their new application.

Ensure protection of PII, PHI in accordance with laws, regulations, SOPs, and guidelines.

Investigate and recommend corrective actions and flaw remediations for data security breaches related to established guidelines.

Document and communicate audit issues, root causes and risks, and provide practical, innovative, and value-added solutions to issues identified.

Maintain oversight of front-line unit remediation efforts for cyber security exposures, gaps, and deficiencies on technology infrastructure.

Review and conduct self-assessment on the implemented security controls.

Assist with providing guidance on creating POA&Ms and POA&M waivers.

Review STIG documentation.

Select and implement system controls in Xacta360.

Report on vulnerabilities to the Information System Manager (ISSM) and System Owner (SO).

Monitor and manage system assets.

Assist the Penetration Testing team during system assessment and created POAMs based on the findings report.

Check, monitor, and communicate with the ISSM and platform team about Indicators of Compromise (IOCs) for potential intrusions on assigned systems.

Diversity Protective Corporation, Washington, DC Aug 2016 – Mar 2020

Information Security Analyst

Implemented the Risk Management Framework (RMF) in accordance with NIST SP 800-37 Rev 1.

Reviewed security categorization of systems using FIPS 199 & NIST SP 800-60 Vol 2 Rev 1.

Updated technical, operational and management control families and controls with guidance from NIST 800-53 Rev 4 and FIPS 200.

Reviewed and updated SSP implementation statements of respective applicable control to assigned systems as need arises using NIST 800-18.

Compiled Security Authorization deliverables including System Security Plans, Security Assessments Reports, Risk Assessment Plans and POA&M.

Drafted, finalized, and submitted Privacy Threshold Assessments (PTA) s, Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs) for annual review and recertification.

Monitored security controls effectiveness using NIST SP 800-137 Rev 1 as a guide.

First Coast Security Solutions, Washington, DC May 2014 – Aug 2016

Information Security Analyst

Scheduled kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.

Created Requirement Traceability Matrix (RTM) and documented whether controls being assessed passed or fail using NIST SP 800-53A as a guide.

Conducted security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination, and testing.

Documented assessment findings in the Security Assessment Report (SAR) and recommended remediation actions for control that failed and vulnerabilities.

Reviewed A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT).

Performed vulnerability assessment of information systems to detect deficiencies and validated compliance using management tracking tool (CSAM).

Requested scans and scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.

TECHNICAL COMPETENCIES

Software: Proficient in Microsoft Office Suites Programs (Word, Excel, PowerPoint, Outlook, Nessus Tenable, ServiceNow) Xacta360, CSAM

EDUCATION, CERTIFICATIONS

UMUC, Largo, MD, Information Technology

American University, The Washington College of Law, June 2006

ITIL 4, Security +, CASP

Contact this candidate