Risk Management Information Technology

Thomas Toyin Oladele

443-***-****

************@*****.***

Professional Summary

Passionate and goal-oriented cybersecurity professional with rich experience in Risk Management Framework (RMF) and the implementation of system security utilizing practices and procedures for the accreditation and continuous monitoring of information systems all through the information system life cycle. Utilizing applicable agency security policies, Government mandates and Directives, NIST Guidelines and other industry security best practices.

Areas of expertise

Security Skills/Compliance Frameworks

Risk Management Framework (RMF)

Health Insurance Portability and Accountability (HIPAA)

Systems Development Life Cycle (SDLC)

Federal Information Security Modernization Act of 2014 (FISMA)

Solid experience working with NIST SP 800 series

Plan of Action and Milestones (POA&M)

CSAM, Xacta and other GRC tools for RMF workflow/repository management

WireShark

Scanners

oTenable Nessus, Qualys,

oAppSpider, WebInspect, Burpsuite.

EDUCATION

Masters in Applied Information Technology (Cybersecurity & Assurance) (Dec. 2024)

Towson University, Towson, MD

Bachelor of Science in Information Technology December 2021

Towson University, Towson, MD.

professional experience

Johns Hopkins Hospital Baltimore, MD

Security Control Assessor FEB 2021 – Present Information System Assessment and Authorization (A&A) efforts for new systems or/and as part of yearly system reauthorization for FISMA Compliance.

Brief management on statuses of information system assessment.

Provide guidance to System Owners and users regarding initial assessment procedures and the full assessment process as far as required time, resources etc.

Prepare and conduct assessment of security controls to assess adequacy of Management, Operational, and Technical Controls implemented in accordance with NIST guidelines.

Review and analyze O/S and Application scans including grouping of vulnerabilities and remove duplicate findings, and false positives.

Review SSPs and other security artifacts in preparation for the assessment.

Lead client interviews as part of the security assessment, system categorization review; and security test and evaluation processes.

Document assessment results and findings within CSAM.

Prepare ATO package - Security Assessment Report (SAR), SSP and POA&M for authorization recommendation to the AO.

Prepare Risk Assessment Report (RAR) for Residual Risk.

Johns Hopkins Hospital

Information Security System Officer (ISSO) Feb. 2015- Feb. 2021

Provided technical support to System Owners and IT Managers on design, development, and secure implementation of information systems.

Provided technical security expertise in designing, developing, implementing, and maintaining IT Security policies, procedures and standard templates that enhance repeatable processes.

Planed and managed periodic compliance activities such as the Incident Response Training and Testing (enterprise-wide), Contingency Training and Plan Testing etc.

Performed system categorizations, system test and evaluations and risk assessments.

Supported the development, review, and update of security artifacts such as SSP, SAR, POA&M, CP, BIA, PTA, PIA, RA, ISA, IR, MOU, DRP and SLAs for compliance, accuracy, and completeness.

Worked with common control provider to Identify common controls, selected baseline controls and tailored selected controls to align with system categorization and organization business needs.

Worked with other system stakeholders in selecting security controls using FIPS 199/FIPS 200, NIST 800-53rev4 as a guide and in documenting these controls in the system security plan (SSP)

Conducted self-assessment of security controls to assess adequacy of Management, Operational, and Technical Controls implemented in accordance with NIST guidelines.

Tracked the resolution of assessment findings in CSAM through the Plan of Action and Milestones (POA&M).

Identified new, maintained existing and properly disposed-off information systems in accordance with NIST guidelines as well as organization security policies.

Analyzed monthly security scans and mapped resulting findings to security controls as part of ongoing assessment.

Maintained an up-to-date baseline for the secure configuration and operations of all devices.

Johns Hopkins Hospital Baltimore, MD

IT Technician NOV 2010 – FEB 2015

Provided helpdesk support for organization IT users, including provisioning, set up and troubleshooting.

Performed troubleshooting and diagnostic routines to identify problems relating to hardware, application software, and network communications.

Logged support service requests and tracked and delivered support services using online ticketing systems.

Primary point of contact for end-user support and troubleshooting (both internal and remote).

Screened, referred, and diagnosed internal inquiries and work requests as they relate to maintenance of computers and related systems.

Maintained compliance with relevant regulatory requirements (PCI), company policies, including appropriate inventory control policies and data center access procedures.

Maintained and upgraded PCs and related equipment, as well as installation and support of in-house applications, and timely support of end-users.

Conducted regular monitoring and reviews of system usage to ensure that employees use equipment appropriately according to company employee handbooks.

Diagnosed and solved hardware or software faults.

Conducted troubleshooting of system and network problems

Contact this candidate