Security Officer Scrum Master

Jack Lontum

**********@*****.***

Security Control Assessor (SCA)

Tel:302-***-****

Profile

I am a goal-oriented information security professional with 4+ years of experience in System Development Life Cycle (SDLC) and Risk Management Framework (RMF). I am skilled in security and privacy control assessments with a proven track record of delivering exceptional risk management support within the environment of operations. Adheres to procedures, standards, principles, directives, policies, laws, regulations and developing solutions to create a conducive and secure working environment beneficial to the organization and stakeholders. I am committed to protecting the confidentiality, integrity and availability (CIA Triad) of information and information systems. Possesses strong analytical skills, excellent communication skills and relevant interpretation of data.

Summary of Cybersecurity Skills

Proficient in assessing systems using NIST Publications 800-53A, 800-53B, 800-37, FIPS 199, FIP 200, OMB Circular A-130, and all relevant NIST Publications

Have a clear understanding of System Security Plan (SSP) guidelines, Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action & Milestone (POA&Ms)

Experience managing False Positive Request (FPR), POA&Ms, Waiver/ Acceptance of Risk (AOR) Request, Incident Response Plan (IRP), Penetration Testing requirements, Privacy Threshold Analysis (PTA), Configuration Management Plan (CMP), and Privacy Impact Assessment (PIA).

Ability to adapt and deliver in a fast paced & time sensitive business environment

Methodologies: NIST SP 800-37 Rev.2 - RMF, ISO 27001, ISO 31000, IEC, GDPR, FISMA, FedRAMP and HIPAA

Participate in client interviews and security assessments to determine the security posture of the information and information systems

Technological Tools: SAP, Service Now, JIRA, Nessus, eMASS, CSAM, Vulnerability Scan, IDS/IPS, SIEM, POA&M, Virtualization, MS Office Suite – Access, Excel, Word and Power Point

Professional Experience

Rmantras Solutions Inc

Security Controls Assessor April 2020 to Present

Review, maintain and ensure all Assessments and Authorizations (A&A) documentation are included in the ATO package

Ensure the proper implementation of appropriate security control for information and information system based on NIST Special Publication FIPS 200, 800-53 Rev.4, the categorization of the system using FIPS 199 and NIST 800-60 A&B

Develop and update Security Assessment Plan (SAP) and Plan of Action and Milestone in accordance with compliance and organizational policies

Perform security and privacy control assessments employing various methods (Examine, Test and Interview) depending on the control being assessed

Ensure vulnerabilities and risks are efficiently mitigated in accordance with organization Continuous Monitoring Plan

Collaborate with system owners and common control providers to remediate vulnerabilities in Plan of Action and Milestones (POA&Ms) identified during control assessments

Assess threats, risks, and vulnerabilities from emerging security issues and also identify mitigation processes

Follow RMF NISP SP 800-37 government security standards and requirements to secure information system and maintain Authorization to Operate (ATO)

Analyze risk within the system to identify and implement appropriate and relevant security countermeasures

Create and maintain Assessment and Authorization (A&A) documentation with system owners, like system and privacy security plan, control privacy plan, security and privacy assessment plan, privacy control assessment, and the recommended plans of action and milestones to support ATO decision making by the authorizing official

Implement, document and update RMF process for various information systems in accordance with the respective NIST Special Publications

Maintain knowledge of FISMA, FedRAMP, RMF and NIST Special Publications 800 series.

Support, develop, update Security Awareness training, including phishing campaigns, results analysis, and recommending improvements based on results

IPKEYS LLC

Information System Security Officer (ISSO) February 2018 – April 2020

Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation

Evaluate the assign information systems’ security control compliance with the federal requirements and the client’s monitoring strategy

Perform the management of emerging and defined risks associated with the administration and use of assigned information systems

Coordinate with the client’s Cybersecurity Unit to achieve and maintain the information systems’ compliance and authorization to operate (ATO)

Ensure that systems are operated, maintained, and disposed of in accordance with policies outlined in the approved security authorization package

Serve as a member of the Configuration Control Board (CCB) to ensure configuration management for Cybersecurity-relevant software, hardware, and firmware is maintained and documented

Work within a team environment to provide technically sound guidance in order to adhere to the cybersecurity industry best practices and the client’s monitoring strategy

Analyze collected information to identify vulnerabilities and potential for exploitation and effectively present the results and guidance derived from scans to system owners or other leadership as required

Effectively communicate verbally and in writing to track and detail the demands, efforts, and shortcomings in meeting the goals of the client’s information system monitoring strategy

Support the integration/testing, operations, and maintenance of systems security

Align business processes and information technology strategy with the conditions and circumstances of the functional environment and established effective performance measures

Contribute to the definition and implementation of planning processes and/or systems at the enterprise level including both strategic and operational activities

CERTIFICATIONS

Security+

Certified Scrum Master

Certified Authorization Professional (CAP) in Progress

EDUCATION

MSc: Health Information Management and Administration, Wilmington University, USA.

BSc: Political Science & Administration, Federal University of Maiduguri, Nigeria.

Contact this candidate