OBJECTIVE

An Information Security Analyst with five years of professional experience specializing in cybersecurity, vulnerability assessment, risk management security control implementation, Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), Risk Management Framework (RMF) processes, Risk Assessment (RA), System Development Life Cycle (SDLC), as well as Contingency planning. Thorough understanding of NIST 800-53 Rev 4 and 5 security controls. Audit projects including Security Audit, HIPAA, POA&M management, continuous monitoring, Authentication & Access Control, System Monitoring and Regulatory Compliance in accordance with NIST, OMB, Risk & Compliance and industry best security standards. depth understanding of information technology concepts and cloud computing models. Dynamic IT professional with the ability to adapt well to changing environments and interact well at all levels. Proven ability to lead and direct, solve problems creatively, and make strategic decisions in fast paced environments also a quick learner.

CYBERSECURITY SKILLS

Cybersecurity Creative thinker Risk mitigation Audit reporting Nessus Vulnerability Scanner IT Security Compliance Rapid7 Nexpose Vulnerability Assessment System Development Life Cycle Splunk cyber defense Risk Management Framework (RMF) HITRUST Vendor Risk Assessment PCI Forensic Security Incident Handling and Response Threat and vulnerability management Monitor Networks Security Auditing Security Control Firewall SIEM Management malware analysis Security Audits.

PROFESSIONAL EXPERIENCE

Cyber Security Analyst (ISSO)

Metropol-Tech Consulting Inc Maryland Dec 2019 – Present

Work with a team of Information System Owners, Developers and System Engineers to select and implement tailored security controls in safeguarding system information.

Reviewed, updated, and developed required security documentation including but not limited to System Security Plans (SSPs), Contingency Plans (CP), Plan of Action and Milestones (POA&Ms), Security Assessment Reports (SAR).

Implement the Risk Management Framework (RMF) in accordance with NIST SP 800-37.

Monitored activity on the network to detect intrusions and unusual or suspicious activity.

Perform Security Categorization (FIPS 199), conduct assessment and review Privacy Threshold Analysis (PTA), E-Authentication, Contingency Plan and Testing, Incident Response, SORN, for compliance and completeness.

Analyzes and updates System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E).

Hand on experience with Rapid7 Nexpose, Metasploit and Forcepoint

Support rollout of Threat and Vulnerability Management/Scanning solutions across various business entities. Assist Program

Support the Information Security Continuous Monitoring (ISCM) team to ensure security policies and procedures are properly enforced, whilst increasing visibility to stakeholders on the security posture of systems.

Create Plans of Action and Milestones (POA&M) for identified vulnerabilities and performed compliance monitoring.

Continuously monitored security controls effectiveness using NIST SP 800-137r1 as a guide.

Extensive experience in IT auditing with emphasis on commercial public companies and federal government departments using application Controls, NIST, PCI DSS, COBIT, ISO 27001.

Conducted regular audits of systems and networks to identify security risks and vulnerabilities.

Supported and managed information systems in process of obtaining ATO, while maintaining Confidentiality, Integrity, and Availability (CIA) of Information.

Conduct risk assessments regularly; ensured measures raised in assessments were implemented in accordance with risk profile, and root causes of risks were fully addressed following NIST 800-30 and NIST 800-37

Security Control Assessor (SCA)

T – Rex Corporation Maryland October 2016 - November 2018

Determines Technical, Operational and Management security controls effectiveness by assessing whether controls are implemented correctly, operating as intended, and meeting security requirements.

Participate in weekly meetings to discuss the status of the assessment process.

Developed Security Assessment Plan (SAP) to initiate Security Assessment for low, moderate and high control information systems.

Undertook IT Control risk assessment to identify system threats, vulnerabilities and risk, and generate reports.

Schedule assessment kick-off meetings with assessors and Security Control Interview meetings with the ISSO, System Owners and Common Control Providers.

Documented assessment findings in a Security Assessment Report (SAR) and produced a plan of action and milestones (POA&M) for all controls having weaknesses or deficiencies.

Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using management tracking tool. (CSAM)

Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53a

Undertook IT Control risk assessment to identify system threats, vulnerabilities and risk, and generate reports.

Perform comprehensive Security Control Assessment (SCA) and prepare a report on management, operational, technical, and privacy security controls for audited applications and information systems.

IT Support Technician

Graybar Electric Supply New Jersey September 2014 – October 2016

Maintain and Support of all Call Center pc's and server

Provided technical computer support, such as configuration, installation and trouble- shooting of computer hardware and software.

Maintain inventory of all hardware and software.

Report incident ticket status to immediate supervisor.

Configure network equipment to provide the most reliable communication possible.

Handled a large volume of phone calls, chat and emails.

Perform installations of new PC hardware and upgrading of existing hardware.

Provided technical computer support, such as configuration, installation and trouble- shooting of computer hardware and software.

Performed installation, configuration, maintenance, and support of audio visual equip- ment.

Manage backups for all server systems and appliances.

Performed intermediate computer hardware, software and peripheral setups, installations, and configurations (i.e., monitors, keyboards, scanners, disk drives, etc.)

EDUCATION

Associate Degree in Cyber Security (Essex County College. NJ)

CERTIFICATIONS

CompTIA Security+

CompTIA CYSA+

CompTIA Pen Test+

CompTIA CASP+

Nigeria Institute of Safety Professionals (NISP), Level 1-3

Nigeria Institute of Safety Professionals (NISP), Rig Safety Course

Tordco Nigeria LTD (Drilling Technology)

Mosl Mud School. (Basic Mud Engineering Training)

Contact this candidate