Post Job Free
Sign in

Security Analyst Information

Location:
Maplewood, NJ
Posted:
March 28, 2023

Contact this candidate

Resume:

FRANK IKENNA OBIORA

** ****** ******, *********, *** Jersey, 07040

Tel 973-***-****, Email: *****.******.******@*****.***

Information Security Analyst, knowledgeable in information systems security practices, security controls implementations, compliance verifications, and assessments in accordance with NIST, FISMA, RMF, and industry-best security practices.

Professional Summary

Application of Risk Management Framework (RMF)

Experienced in the development of Contingency Plans, Configuration Management Plans, System Security Checklists, System Security Plan, (SSP), Security Assessment Report, POAM, Privacy Impact Assessments, among other information security documentations

Experienced performing information System security risk assessments, security control analysis, risk mitigation strategies, develop and maintaining Assessment & Authorization (A&A) documentation.

Working knowledge of System Assessment & Authorization (A&A)

Working knowledge of best practices and compliance requirements (FISMA, NIST 800 SP, FIPS guidelines and instructions).

Technical Skills

FISMA and FIPS Standard Guidelines to comply with federal and private agencies.

NIST 800 series, 800-37, 800-60 vol. 2, 800-53, 800-53A, 800-18, 800-30, 800-137

Software: MS Office (Word, Excel, Outlook, Access, PowerPoint), SharePoint.

Tools of POA&M: CSAM AND XACTA

Wireshark

Nessus

NMAP

Education & Certifications

Master's degree in Cybersecurity Maryville University of Saint Louis – Missouri (Present)

BSc (Hons) Geological Sciences Nnamdi Azikiwe University Awka, Anambra State Nigeria (2004)

PROFESSIONAL EXPERIENCE

SAIC/FRTIB, VIENNA VA July 2019 – Present

Information Security Analyst

Develop and continuously update System Security Plans (SSP), FIPS 199 and other related boundary documentation.

Work on various projects conducting A&A activities to include developing documentation and updating policies, procedures, and processes with the implementation of RMF under NIST risk

Monitor, evaluate and report the status of an information security system and direct corrective actions to eliminate or reduce risk.

Update existing Authorization packages throughout the life cycle of the Major applications and General Support Systems

Advise Information System Owner (ISO) of security impact levels for Confidentiality, Integrity and Availability (CIA) using NIST SP 800-60 V2.

Facilitate the A&A status meetings to include discussion on moving systems toward a successful A&A effort

Track and update Plans of Action and Milestones (POAM) regarding the mitigation and remediation status.

Develop the system categorization using FIPS 199, Initial Risk Assessment per NIST 800-60 Vol.II guidelines.

Select the data type for each boundary component during the development of FIPS 199 in accordance with NIST 800-60 Vol.II guidelines

Select the security control in accordance with the categorization of the boundary and submitted to the System Owner for review and tailoring according to the environment of operation for control implementation details

Develop Information System Documentations, System Security Plans (SSP) Security baseline Controls in accordance with FISMA, NIST 800-18 and industry-best security practices

Interview the SMEs to generate the needed information required to develop the SSP, System Description, implementation statement for the security controls implemented

Facilitate the bi-weekly meeting with the customer to provide an update on the status of the A&A work

Facilitate Kickoff meeting towards getting started on a new boundary to include discussion on systems that are in scope.

Northrop Grumman/SSA, Woodlawn MD February 2018 – July 2019

Information Security Analyst

Developed, reviewed, and updated Information Security System Policies, System Security Plans (SSP), and Security baseline Controls in accordance with FISMA, NIST 800-18 and industry-best security practices.

Performed assessment and authorization (A&A) documentation efforts under the NIST Risk Management Framework (RMF)

Provided all necessary support in submitting completed packages for an ongoing Assessment and Authorization to obtain an ATO or renew it for new systems and applications, as needed

Developed and updated System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), and other boundaries related documentation.

Performed the monitoring and maintenance of security controls, drafted processes & procedures, created A&A packages and oversaw the monthly Continuous Monitoring reports.

Participated in A&A status meetings and facilitated moving systems toward a successful A&A effort.

Developed System Categorization document utilizing NIST FIPS 199 processes.

Conducted Privacy Threshold Analysis (PTA) and Privacy Impact Analysis (PIA) where necessary by working closely with the SMEs and the System Owner.



Contact this candidate