JERRY JOHN AMEGBEDZI

Email: adu1m3@r.postjobfree.com Address:

Cell: 513-***-**** LinkedIn: JERRY JOHN AMEGBEDZI LinkedIn

Summary: Remote work preferred. Security +, CASP+ and working on CISSP with 9 years of experience as a cybersecurity specialist with a focus on security compliance (NIST 800-37 RMF and other security frameworks). Experienced in working on federal information systems, health care, financial and other industries. Have worked with all branches of the Department of Commerce, HHS CMC, and many other organizations. Experienced Information System Security Officer with a demonstrated history of working in the government administration industry. Skilled in RMF, Information Security, NIST, Vulnerability, and Incident Response. Strong information technology professional.

Educational Background

Associate Degree BioScience Technology-Cincinnati State University

Cincinnati, Ohio

August 2014 to May 2017

Licenses & Certifications

CompTIA Security+ Certifications

Issued Jan 2021 to Jan 2024

CompTIA Advanced Security Practitioner (CASP+)

Issued Jan 2021 to Jan 2024

Experiences

CareerTech Consulting

132 Washington Blvd Laurel MD 20707

July 2016 to December 2022 (7 years +)

Senior Information Security Analyst

Managing and monitoring POAMs for the assigned systems using CSAM and paying great attention to the completion date of each POA&MS

Support the review of all Cloud Service Provider documentation for compliance as well as work with stakeholders until the cloud system documentation meets FedRAMP A&A requirements

Verifying and validating that each POAM content is updated and is being assigned to the right engineer or POC to have them work on remediating the vulnerabilities for that POAM.

Working with the ISSO to make sure all POAMs are closed before their due date and have all the attached evidence required.

Assisting with continuous monitoring using NIST SP 800-137 as a guide to make sure the assigned system is secure and can effectively perform normal operations without compromising it CIA requirements or compliance.

Performs RMF assessment on several different environments at the Census Bureau using both scanning tools and manual assessment. Assessment included initiating meetings and interviews with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment in the SAR.

Security Documentation: Develop and perform updates to System Security Plans (SSP), System Assessment Plan (SAP), Risk Assessments, Incident Response Plans, System Assessment Report (SAR) and draft Plans of Action and Milestones (POAMs).

Performs evaluation of policies, procedures, security scan results, and system settings in order to address controls that were deemed insufficient during Security Assessment and Authorization (A&A), RMF and continuous monitoring

Develop Solution to Security weaknesses: Developed solutions to security weaknesses documented in POAM using tools like Excel Spreadsheets, Cyber security Asset & management (CSAM) and Trusted Agency FISMA (TAF) and Corrective Action Plan (CAP). Assisted ISSOs create solutions to weaknesses based on system functionality and pre-existing architecture.

Develop, review and amended Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with NIST publications and industry best security practices.

Perform vulnerability/risk assessment analysis to ST&E team to support Assessment and Authorization testing.

Review Nessus and WebInspect vulnerability scan results for mitigation actions and assist the SOs to create and maintain POA&Ms for the deficiencies identified in the scan results

Experience integrating applications in a hybrid cloud / SaaS model

Develop policy and procedural controls relating to Management, Operational and Technical Controls for the Organization.

Create System Security Plans, Risk Assessment, Security Assessment Report and Plan of Action & Milestones Report and Authorizing Official's Briefing Report.

Apply appropriate information security control for Federal Information System based on relevant NIST SP.

Conduct security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented. A Security Assessment Report (SAR) was developed detailing the results of the assessment along with plan of action and milestones (POA&M) to the designated approving Authorization Official (AO) to obtain the Authority to Operate (ATO).

Amends IT security policies, procedures, standards, and guidelines according to department and federal requirements.

CareerTech Consulting

132 Washington Blvd Laurel, MD 20707

May 2014 to July 2016 (2 years)

Junior Information Security Analyst

Developing crosswalk of federal and state security standards

Analyze existing security requirements, standards, and system documentation to conduct a gap analysis.

Understand, develop, and deliver meaningful reports on the program state and adherence to frameworks and standards.

Developed Information Security Package for a variety of Systems.

Created and disseminated the SA&A authorization schedule, based on the information systems’ A&A timeline criteria, reauthorizations, and obtain required signatures for system stakeholders.

Supported the SO to ensure FISMA documentation, ATO artifacts are executed in a timely manner.

Work with the client, SaaS providers and internal development team to identify security gaps and resolve them to protect client data

Created security authorization packages on cloud systems by ensuring FedRAMP packages are well implemented.

Perform continuous monitoring on systems and remediate all vulnerabilities as well as closing all open POA&Ms.

Conduct risk assessment interviews to determine the Security posture of the System using NIST SP 800-39 and NIST SP 800-30 as a guideline to identify system threats, vulnerabilities, and impact level.

Create and update the Security Assessment and Authorization (SA&A) artifacts; Risk Assessments Report (RAR), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), Contingency Plan, Security Test and Evaluations (ST&Es), E-Authentication, Plan of Action and Milestones (POA&Ms).

Developed Information Security Package for a variety of Systems.

Create and disseminate the SA&A authorization schedule, based on the information systems’ A&A timeline criteria, reauthorizations, and obtain required signatures for system stakeholders.

Supported the SO to ensure FISMA documentation, ATO artifacts are executed in a timely manner.

Conduct risk assessment interviews to determine the Security posture of the System; used NIST SP 800-39 and NIST SP 800-30 as a guideline to identify system threats, vulnerabilities, and impact level.

Developed contingency planning and Tabletop Exercise for Disaster Recovery testing of an information system.

Develop a Security Assessment Report (SAR) from the completion of the Security Test and Evaluation (ST&E) using NIST SP 800-53A to maintain system Authorization to Operate (ATO).

Skills

Proven analytical and problem-solving abilities

Ability to present ideas in business-friendly and user-friendly language.

Highly self-motivated and directed.

Ability to conduct research into IT security issues and products as required.

Knowledge of HIPAA, FERPA, and PCI-DSS compliance frameworks

Experience with HIPAA, NIST, and FedRAMP

Contact this candidate