It Security Risk Management
Resume:
SOLOMON OYEDEJI
Cheverly, Maryland 20785
PHONE: (813) 482- 2459
E-MAIL: ********@*****.***
PROFESSIONAL PROFILE:
Performs Audit Assessment with ITGC and Application Controls.
Experience with SDLC for System acquisition, development and implementation.
Project coordination experience that is highly applicable to various divisions of IT/Security expertise including ability to manage risk Analysis in accordant with Risk Management step or FISMA guidelines and IT infrastructure process improvement efforts.
Detailed-oriented to IT/IA Infrastructure guidelines, practices and planning in consistent with various NIST publications, FISMA& other corporate IT Security / Audit guidelines.
Reliable team player who possess ability to improve efficiency & increase profitability as well as secured IT / IA systems. • Leadership, Analytic, and Interpersonal skills as well as collaborative skills.
Highly/skillful experience in Security Governance, Regulatory Requirements, Data Protection, Security Awareness, and Analytics and Reporting. SKILLSET SUMMARY:
Working with the NIST Cybersecurity Framework and auditing security controls identified in NIST SP800-171, NIST SP800-53A, NIST 800-137, NIST 800-37 and CMMC.; IT Security Analyst/Audit - Sarbanes Oxley Compliance (SOX 404), SSAE 16, HIPAA, PCI, (DSS), SAP, NIST 800-53,ISO 27001, Sans-20,Assessment of Internal Controls, Fraud Investigation and IT / IA Incident Analysis, FISCAM & FISMA Audits, IT Security/Auditing - Risk Management, Security Assessment & Authorization, Certification & Accreditation, IT Security/Audit Planning, Vulnerability Management, Security Test & Evaluation, Policy &Process development CERTIFICATIONS:
Project Management Professional - (PMP) – Active
Certified Information Systems Auditor (CISA) – Active
Certified Information Security Management (CISM) – Active
Information Technology Infrastructure Library (ITIL) - Foundation. - Active.
CompTIA Security+ - Active.
Certified Cloud Practitioner (AWS-Cloud)
2
WORK EXPERIENCE:
06/2023 – Current
Defense Counterintelligence & Security Agency – MN Information System Security Professional (ISSP)
Responsibilities:
Serves as Information Systems Security Professional (ISSP) within the DCSA central region covering MN, IL, WI, SD, ND, IA, NE.
Reviews, validates, and verifies contractor’s Information System Security Plans, supporting documentation, and evaluating computer systems for accreditation of contractor information systems to process Federal Information following the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).
Provides the Authorizing Official (AO) with a recommendation to issue either an Authority to Operate (ATO) letter or a Denial ATO (DATO) letter. In RMF, this is the Security Control Assessor’s role
Enforces IT security control requirements and recommends configurations for information systems and networks.
Engages and interfaces with industry security professionals to assess required implemented security controls.
Performs Cybersecurity activities including SCA/SCR, in support of assigned/designated IT system assess and authorize activity utilizing the Risk Management Framework
(RMF).
Leads and conducts on-site oversight visits of contractor facilities for Security Vulnerabilities Assessments (SVA), reviewing Continuous Monitoring documentation, and other supporting documents as well as interviewing Facility Security Officers, Information System Security Managers, Information System Security Officers, Special Access Program (SAP)and System Administrators.
Exercises security oversight of cleared contractor information systems within the National Industrial Security Program (NISP).
Analyzes, assesses, evaluates, verifies and validates cleared contractor information system security plans and controls
Delivers system authorization risk recommendations to Authorizing Official.
Conducts Administrative Inquiries regarding information spills; this is typically when information of one level of classification has been introduced to a computer system at a different clearance level. These investigations include gathering the facts, conducting 3
reviews of the events, as well as providing cleanup details to the organization that committed the spill.
Develops and maintains security documentation and artifacts for assigned/designated Information Systems.
Conducts operating system reviews per Security Technical Implementation Guidelines
(STIG) using DoD tools such as Security Content Automation Protocol (SCAP) Compliance Checker (SCC) and STIG viewer.
Identifies strategies to manage risk through mitigation of IT vulnerabilities, considering the rapidly evolving Cybersecurity threat to IT systems.
Serves as spokesperson at conferences and training meetings to convey NISP and RMF implementation guidance and Cybersecurity information relating to industrial security.
Meets with company officials from corporate leadership to managers, to front office staff and I have effective communications with everyone.
Collaborates on a pilot program developing guidance for ISSP’s (agency-wide) to analyze Controlled Unclassified Information (CUI) located throughout Industry 0/202 – 09/2022
RYAN Consulting Group > Elli Lilly Group
Senior Cyber Security Specialist
Project
Security Assessment for Ransomware Attacks on systems.
Served as primary point of contact for the Information Security Integrated Risk management (ISIRM) as well as Information Security Integrated Risk management and Business Engagement (ISIRMBE)
Reviewed, and updated documents submitted by ISIRM & ISIRMBE application teams;
Scheduled meetings with ISIRM & ISIRMBE application team
Provided assessment process guidance, conducted assessment interview sessions, and authored assessment report.
Reviewed assessment outputs for overall accuracy and completeness
Worked with the NIST Cybersecurity Framework and auditing security controls identified in NIST SP800-171, NIST SP800-53A, NIST 800-137, NIST 800-37, SAP, and CMMC.
Developed, Implemented and validated security control RTGs/POAMs in Archer to support the Risk Management Framework (RMF) and Security Accreditation.
Drafted and completed SSP for major systems and sub-systems.
Worked in alliance with NIST SP 800-171A, 800-53, 54; DFARS, 902-100, and other special publications tools to achieve Authority to Operate (ATO) for the existing systems, new systems and well as systems with major/minor changes. 4
Ensured proper weekly compliance for the Eli Lilly enterprise and other assigned systems.
Uploaded, reviewed and updated document in ITSCF.
Used sample testing selection to complete validation/remediation processes if and when required.
06/2015 – 12/2019
XScion Solutions-Mclean, VA > ASM Researches, VA > Veterans Affairs Administration Senior IT Security Specialist
Project: Continuous Readiness in Information Security Program (CRISP) Remediation Veterans Affairs (VA) - All Medical Facilities in USA sites. Security Information and Event Management (SIEM) Team
Used Splunk tool to response, process and remediates security alerts/incidences.
Used Splunk to collect, analyze and report high volumes of machine-generated data
Using CA Service Desk service tools to create ticket for any alert that triggered as necessary.
Used various tools such as Solar Winds, Service Now, Active Directory, etc., to search and remediate alerts or Incidences.
Configured and managed patch and vulnerability management systems.
Created and implemented security audits across VA region 5 enterprise systems - made sure VA systems are safe from various malicious attacks/access using CyberArk, splunk and solawind tools.
Create, deploy and managed Microsoft PKI Certificate Authority as needed using the Microsoft template, to support global authentication standards for the organization ATO Remediation / Review Analyst:
Documented and Reviewed ATO packages: SSP, RA, SAR, POA&M, IRP, ISCP, PIA, reports, etc., based on the security assessments performed on systems and Security Artifact in alliance with NIST 800 guidelines for various government agencies.
Responsible for the Analysis and validation of the scanned vulnerability results.
Analyzed vulnerability scan. results, system audits, log events and troubleshoot.
Performed Security Assessments on different clients to determine if controls were implemented correctly, operating as normal and meeting control objectives.
Performed Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA) and Authentication with business owners and selected stakeholders.
Defined, implemented, and maintained information security policies, standards and procedures.
5
Led/Managed teams as IT Security Analyst.
Developed and conducts ST&E (Security Test and Evaluation), Security Assessment plan
(SAP) according to NIST SP800-53A.
Identifies risks in VA GRC - HQ/EO security systems and work with technical teams/experts to resolves security issues.
Responsible for Interacting directly with VA designated system owners (SO). system stewards, and Information Assurance (AI), system certifiers/accreditors to facilitate C&A of all VA 6,700systems.
Created and maintained C&A documents and facilitated security testing to achieve successful accreditation for all VA systems.
Performed risk Analysis/risk mitigation and assessed security risk of vendor partners,
Evaluated the security attestations, credentials, certifications and evidenced materials presented by vendors
Communicated vendor security risk effectively to all stakeholders,
Ensured FISMA compliance and making sure C & A packages remain current and up to date within the last one-year frame for all Veterans Affairs Systems
Ensured that systems' Plan of Action & Milestone (POA&Ms) are closed or update provided where necessary in the POA&M tracking tool named CSAM.
Provided weekly or bi-weekly status report to client on the systems and any C&A package update.
Testing and Documentation of key SOX 404 and IT General controls leveraging a defined process compliance monitoring process.
Audit Readiness Documentation/Preparation:
Performed both IT Security System Analyst and Audit by testing controls relevant to Audit/SSAE-16 readiness efforts.
Managed teams as IT Security Audit readiness /preparation
Participated in the collaborative efforts in Federal Compliance and Financial Audits by developing the Audit programs, conducting audits, preparing work paper and audit reports using FISMA, NIST 800 -53, ISO 27001, ITIL and SANS 20 frameworks.
Contributed to initiating FISMA metrics such as Annual Testing, POA&M Management, and Program Management.
Performed Application control, Financial Improvement and Audit Readiness (FIAR) Audit in Government agencies.
6
01/2013 – 06/2015
Vivid Worldwide Inc. - Laurel, MD
Information Security Analyst
Responsibilities:
System Certification and Accreditation (C&A) Administrator with strong interpersonal, technical skills and experience.
Responsibled for Interacting directly with customers and certifiers/accreditors to facilitate C&A of systems.
Created and maintained C&A documentation and facilitated security testing to achieve successful accreditation.
Evaluated effectiveness of control activities in order to provide reasonable assurance regarding client’s achievement of their business objectives including, accounts payable, accounts receivable and cash disbursements.
Conducted Risk assessment, run security tools and implement security blanket on Solaris and windows servers while working collaboratively with an interdisciplinary team, including accreditors, certifiers, and end users.
Implemented patches on Windows, Solaris and Red Hat systems.
Risk Analysis/risk mitigation, assessed the security risk of vendor partners,
Evaluated the security attestations, credentials, certifications and evidence presented by vendors
Communicated vendor security risk effectively to all stakeholders,
Ensured and facilitated risk decisions by appropriate leadership levels within the organization.
Ensured FISMA compliance and made sure C & A packages remained current and up to date within the last one-year frame.
Ensured that Security Assessment Report (SAR) and the Authorization to Operate (ATO) are within 3 years lifespan.
Ensured that systems' Plan of Action & Milestone (POA&Ms) are closed or update provided where necessary in the POA&M tracking tool named CSAM.
Worked with system security officers (ISSO) to make sure things are in order with subject systems.
Assisted in IT management by identifying gaps between policy and process, developed recommendations to remediate control weaknesses and be responsible for developing and maintaining IT control metrics related to compliance activities.
Tested compliance with company policies and procedures to ensure it conformed with industry standards and applicable such as ISO and ITIL frameworks.
Tested and evaluated the effectiveness and adequacy of General Computer controls on the Organization’s policies and procedures.
Prepared audit scopes, reported findings, and presented recommendations for improving 7
data integrity and operations.
EDUCATION:
Master of Science in Cyber Security Management & Policy. 04/2024 - University of Maryland, College Park, Maryland. Master of Architecture, Urban & Community Design/Planning. University of the District of Columbia, Washington DC. AA Architecture Design / Pre Master of Architecture 12/2010 - Hillsborough Community College, Tampa, Florida References will be available upon request
Contact this candidate