Amaka Odoh Cousin IT Security Analyst Resume
AMAKA ODOH COUSIN
Staten Island, NY • 929-***-**** • email@example.com PROFESSIONAL SUMMARY
Insightful, and results-driven Information Security Analyst with expertise in risk management framework (RMF), systems development life cycle (SDLC), vulnerability scanning, security controls assessment, risk management, and vulnerabilities management of a wide range of vulnerabilities and threats. Incident response and contingency planning, Disaster recovery, Project Management-versed in direct and remote analysis with strong critical thinking communication and people skills. Able to thrive in fast-paced and challenging environments where accuracy and efficiency matter. Specialized in providing IT security expertise and guidance in support of security assessments and continuous monitoring for government (FISMA, FedRAMP, & NIST) and commercial clients. Functional areas of expertise include:
● Assessment and Authorization (A&A)
● Certification and Accreditation (C&A)
● IT Security Compliance
● Vulnerability Assessment
● Network Vulnerability Scanning
● Incidence Response
● Information Assurance
● Systems Risk Assessment
● Systems Development Life Cycle
● Project Management and Support
● Data Loss Prevention
● Privilege Access Management
● Recommended IT security improvements, to achieve systems Confidentiality, Integrity and Availability
● Assisted the ISO and ISSO in the preparation of Assessment and Authorization (A&A) package for Information systems and developed Security, Test and Evaluation controls (ST&E) on select system
● Excellent communication skills and analytical ability
● Excellent written, proofreading, and verbal communication skills
● Detail oriented, organized with the ability to multitask.
● Privilege Access Manager.
TECHNICAL AND SPECIALIZED SKILLS
Nessus Vulnerability Scanner, Qualys, Microsoft Visio, Excel, Word, PowerPoint, Access, Mac, Microsoft Windows, Linux, VMware, Oracle virtual box, CSAM, RSAM, Tripwire, RMPS, Jira, Remedy, ServiceNow, Qradar, Active Directory, Trend Micro, Delinea PAM solution, Rapid7 InsightVM, Cisco Umbrella, Windows Defender, Microsoft Purview.
CONTROLS AND FRAMEWORKS
NIST RMF(FISMA), ISO 27002: 2013, ISO 19011: 2018, SOC 2(TYPE I AND TYPE II), COBIT, FIPS 199, FIPS 200, CIS, NIST SP 800-53 REV.4 AND REV 5, 800-18, 800-37, 800-30, 800-137, MITRE and HIPAA. PROFESSIONAL EXPERIENCE
Information Security Analyst MAY 2022- APRIl 2023
NEW JERSEY TURNPIKE AUTHORITY
- Reviewed a broad knowledge of internal audit policies and practices, risk management methodologies and current laws and regulations in order to facilitate the Authority’s Risk Assessment process.
- Assessment and documentation of security gaps that require remediation and continuous monitoring.
- Network vulnerability scanning and information assurance.
- Perform Security Risk Assessments on multiple internal applications.
- Conduct interviews with service providers to clarify processes, understand the technology involved in service delivery and identify control gaps.
- Documentation of security gaps that require remediation recommendations. Amaka Odoh Cousin IT Security Analyst Resume
- Managed all privileged Accounts. Created password policies and strictly enforced compliance.
- Assessment of cloud architecture and implementation of Security controls
- Reviewed security posture of the Authority in compliance with Maturity assessments and IT Audit
- Collate conclusions and recommendations and present assessment findings to management regarding the efficiency and effectiveness of control mechanisms.
- Conducted a Knowbe4 training and campaign to create awareness for endpoint users.
- Identifying and investigating network intrusions, threats and containing attacks.
- Conducted a systematic security gap analysis of the internal security controls using the recommended frameworks.
- Update of reference sets in the SIEM with Malicious IOCs on a periodic basis.
- Expert knowledge of Multiple recommended Frameworks.
- Sole Administrator of The Secret Server Cloud.
IT Security Analyst MAY 2018 - 2022
PANTHERGON IT & CYBER SECURITY SOLUTIONS, LLC
- Provided security expertise and guidance in support of security assessments
- Supported A&A (C&A) activities according to the A&A project plan
- Reviewed authorization documentation for completeness and accuracy for compliance
- Facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities
- Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4
- Ensured cyber security policies are adhered to and that required controls are implemented
- Validated information system security plans to ensure NIST control requirements are met
- Developed resultant SCA documentation, including but not limited to the Security Assessment Report (SAR)
- Authored recommendations associated with findings on how to improve the customer’s security posture in accordance with NIST controls
- Assisted team members with proper artifact collection and detail to clients examples of artifacts that will satisfy assessment requirements
- Reviewed security logs to ensure compliance with policies and procedures and identifies potential anomalies
- Updated and reviewed A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, POA&M, CPTPR, BIA, PTA, PIA, and more
- Collected Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment
(SCA) is seamless
- Uploaded supporting docs in the System’s Artifact Libraries, SharePoint and eMASS.
- Updated, reviewed, and aligned SSP to the requirements in NIST 800-53, rev4; so that assessments can be done against the actual requirements and not ambiguous statements
- Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network
- Reviewed SAR post assessment; created and completed POAMs milestones to remediate findings and vulnerabilities
- Independently reviewed complex security analysis of existing systems for compliance with security requirements
- Monitored security controls post authorization to ensure continuous compliance with the security requirements
IT Security Engineer JUN 2016 – APR 2018
ABUJA NATIONAL HOSPITAL
- Provided security expertise and guidance in support of security assessments
- Facilitated Controls Assessment and Monitoring Activities
- Reviewed security documentation for completeness and accuracy for compliance
- Monitored computer networks for security issues
- Investigated security breaches and other cybersecurity incidents
- Documented security breaches and assessed the damage they cause
- Work with security team to perform tests and uncover server & network vulnerabilities
- Fix detected vulnerabilities to maintain high-security standards Amaka Odoh Cousin IT Security Analyst Resume
- Developed company-wide best practices for IT security
- Researched security enhancements and make recommendations to management
- Participated in enterprise phishing simulation test
- Sustain and improve the enterprise information security risk management framework, policy, processes, and tools
- Manage the risk reporting process with the Director of Information Security Program Management and Autodesk’s Chief Information Security Officer (CISO)
- Manage relationships with security, technology and business stakeholders to identify and communicate security risks and mitigation approaches
- Develop and implement the next-level down risk management processes (process-level, asset-level, etc.), including embedding risk assessments into existing capabilities (architecture reviews, secure design and development, etc.)
- Develop and articulate the vision, strategy, and direction of the information security risk program
- Work proactively with the IT compliance function regarding key information security risk considerations
- Establish and deliver against the risk program goals, objectives and tactics. EDUCATION
Bachelor of Science (BSc) in Accounting & Finance Ambrose Ali University, Ekpoma SKILLS & COMPETENCIES
- Ability to establish and maintain effective working relationships with clients and co-workers
- Skills in interviewing users to help analyze and resolve issues
- Strong organizational, analytical and planning skills
- Ability to read and interpret system security policies, rules and regulations
- Ability to communicate security and risk-related concepts to both non-technical and technical audiences
- Strong communication (verbal & written) and presentation skills
- Ability to use tools that offers advanced remediation, Tracking and reporting capabilities.
- Ability to interpret how vulnerabilities in IT environments translate to business Risk and remediate accordingly.