Security Analyst System

Henry Oluwole

****B Hardwick Ct Hanover MD *****

301-***-**** adt0iv@r.postjobfree.com

Professional Summary

Efficient and results-driven cybersecurity professional with wide array of information security domains experience including governance risk and compliance (GRC), Assessment and Authorization (A&A) etc. Highly knowledgeable in FISMA and FedRAMP compliance, Network Security, NIST Risk Management Framework (RMF) and providing security recommendations and solutions to mitigate risks, improve organizational risk level and enhance security capability.

Clearance: Public Trust

Professional Certification: (IAT / IAM Level II)

Certified Authorization Professional (CAP) 2022 – 2025

Security + om going

Security Skills and Tools

In-depth knowledge and experience with RMF, eMASS, Xacta, and National Institute of Standards and Technology (NIST) Guide: SP 800-30, SP 800-37, SP 800-53r4, 800-145, SP 800-190, SP 800-53A, SP 800-18, SP 800-60 Vols 1 & 2, FIPS 199, FIPS 200.

Outstanding analytical and critical thinking skills with in-depth security and gap analysis.

Advanced knowledge and hands-on experience with Microsoft Office applications including Visio, Excel, PowerPoint, Word, Outlook etc.

Excellent oral and written communication skills.

Develop and maintain cybersecurity artifacts including, POAMs, Continuity of Operations Plans (COOP)

Thorough understanding of cloud computing virtualization technologies, infrastructure as a service, platform as a service and software as a service

Professional Experience:

Information System Security Office (ISSO)

Securigence (Department of Interior OCIO) Dec 2021 - Present

Managed ATOs in CSAM, documenting and maintaining, Assessment Plans, POA&Ms, implementation statements etc. Reviewed and assessed vulnerability scan results to identify weaknesses and created Plan of Action and Milestones (POA&Ms) to remediate the weaknesses.

Developed mitigation strategies to reduce threats and vulnerabilities.

Performed comprehensive Security Control Assessment (SCA) and prepared a report on management, operational, technical, and privacy security controls for audited applications and information systems.

Facilitated kick-off meetings with system owner, ISSO, and other stakeholders to gather security control documentation and artifacts about the applicable security control.

Developed implementation and design documents describing how security features are implemented.

Assisted in the development of Standard Operating Procedures (SOP) in support of information system.

Conducted periodic and continuous reviews of the system to ensure compliance with the authorization package using NIST 800-137

Information Assurance Specialist

JPI (US Coast Guard) July 2021 – Dec 2021

Maintained A&A RMF compliance metrics for various systems; briefed to Sr. leadership, maintained system ATOs using eMASS through entire lifecycle of the system.

Assisted the ISO in gaining program efficiencies in eMASS for signature and approval and directly supported ISSM in maintaining system ATOs using eMASS through the entire lifecycle of the system

Developed and maintained A&A artifact stored on the organizations SharePoint

Worked extensively with several risk management tools such as CSAM, Xacta and eMASS

Developed and performed security compliance in line with cloud computing FEDRAMP, FISMA, HIPAA Federal and State information technology regulations.

Information System Security Analyst December 2020 – January 2021

VITG (Office of Personnel Management) (OPM)

Serve as an Assessment and Authorization (A&A) validator with proficiency in Risk Management Framework (RMF) and affiliated NIST security controls.

Conduct comprehensive RMF assessments, including preparation, execution, and concluding documentation, using Security Control Assessor (SCA) approved processes.

Utilize cybersecurity vulnerability scanning and security testing tools and performed analysis of the results of these tools.

Demonstrate technical experience in identifying vulnerabilities or misconfigurations across a wide variety of technologies.

Employ organizational and interpersonal skills to succeed in a fast-paced environment Establish Continuous Monitoring for each system (Vulnerability Scanning and Testing Controls)

Review and assess vulnerability scan results to identify weaknesses and create Plan of Action and Milestones (POA&Ms) to remediate the weaknesses.

Develop mitigation strategies to reduce threats and vulnerabilities.

Supports reviews and audits of continuous system monitoring and contingency planning. Updates associated documentation as needed.

Address cybersecurity issues and concerns related to disaster and service recovery aimed at maintaining Business Continuity of Operations Plans (COOP) and Contingency Plans.

Develop and document RMF artifacts including System Security Plan (SSP), Control Implementation Summary / Matrix, Incident Response, Configuration Management, Account Management Policies etc.

Information Security Analyst Nov 2019 – November 2020

VITG (Social Security Administration) (SSA)

Assessed information systems for compliance with the NIST RMF and the associated security controls.

Reviewed current security assessment and authorization processes and provided recommendations for improvement.

Conducted system security categorizations, security control assessments, risk assessments, and provide recommendations to enhance the security posture of the information system.

Drafted agency specific security control assessment (SCA) guidance, procedures, and templates to allow thorough and accurate control assessments, risk analysis, and final documentation in the Security Assessment Report (SAR).

Supported the Risk Management Branch by implementing appropriate methods to evaluate risk levels associated with improperly implemented security controls, characterizing aggregate levels of risk to include recommendations to fix, mitigate, or accept the risk.

Developed Risk Assessment Reports (RAR) and Artifact Request List (ARL)

Provided support by providing guidance on security control requirements and corresponding control implementation statements.

Educational Background

M.S in Information Assurance - December 2018

University of Maryland University College – Largo, MD

B.S in Corporate Communication - May 2013

University of Baltimore – Baltimore, MD

Contact this candidate