Risk Management Information System
Resume:
IGNATIUS NWAIWU, CISSP
Lanham Maryland 20706
Home: 301-***-****
Cell: 301-***-****
*******@*****.***
TECHNICAL SKILLS SUMMARY:
NIST Special Publications and Guides, OMB circulars, FISMA Act 2002, and FIPS
Security Assessment & Authorization (SA&A) (NIST 800-37 RMF)
FISMA Complaint Tools: XACTA AE,360, XACTA i.0 & Continuum (DHS IACS), Archer GRC, TAF, CSAM, JCAM &ASSERT
Vulnerability Scanning Assessment
FedRAMP Cloud system management
Ca PAM
IT Risk Assessment, Incident Management, Continuous System Monitoring
Vulnerability Assessment Tools -. Tenable Nessus, Nessus Security Eeye Retina, MBSA, Web Inspect, DB Protect, HP Fortify, Qualys, NMAP, Carbon Black, eMcAfee AV ePO.
EMPLOYMENT EXPERIENCE:
ManTech International, INC. - Information System Security Engineer (ISSM Support), Wash. DC, -April. 2024 to Present (Top Secret/SCI Poly) (Federal Bureau of Investigation (FBI))
Reviewed and assessed security authorization activities in compliance with the Information System Assessment & Authorization (SAA) Process of the NIST Risk Management Framework (RMF).
Collaboratively worked with the ISSO to ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS
Perform assessment of ISs, based upon the risk Management Framework (RMF) methodology in accordance with the FBINet Classified, FBI Security Compartmented Information (SCI), and FBI Unet Unclassified systems Implementation Guide
Reviewed and ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle.
Reviewed and ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis
Reviewed and ensure IS vulnerability scans are performed according to risk assessment parameters
Managed the risks to ISs and other FBI assets by coordinating appropriate correction or mitigation actions, and oversee and track the timely completion of (POAMs)
Ensured that security controls are monitored for FBI ISs to maintain security Authorized to Operate (ATO) and security control evidence are uploaded to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase
Ensured that changes to an FBI IS, its environment, and/or operational needs that may affect the authorization status are reported and documented
Silosmashers, INC. - Information System Security Officer, Wash. DC, -May. 2020 to Present (Top Secret) (Department of Homeland Security (DHS))
Ensure compliance with data and application security policies and relevant legal and regulatory requirements and applicable Risk Management Framework (RMF) requirements.
Ensure controls are Implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Ensure appropriate changes and improvement actions are implemented as required. Maintain current knowledge of authenticator management for unclassified systems.
Ensure compliance with protection requirements, control procedures, incident management reporting, remote access requirements, and system management for all systems under the scope.
Ensure compliance with data and application security policies and relevant legal and regulatory requirements and applicable Risk Management Framework (RMF) requirements.
Ensure appropriate changes and improvement actions are implemented as required. Maintain current knowledge of authenticator management for unclassified systems.
Ensure compliance with protection requirements, control procedures, incident management reporting, remote access requirements, and system management for all systems under the scope.
Perform all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destination.
Monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, network, databases, and Web-based security.
TISTA SCIENCE& TECHNOLOGY, INC. - Information System Security Officer, Wash. DC, -April. 2019 to February 2020 (Public Trust) (Supporting Library of Congress (LOC))
Manage Authorization Packages of assigned Information Systems
Perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web scans to determine compliance
Review vulnerability scans and provide mitigation techniques
Advise the information System Owner (ISO), Chief Information Security Officer (CISO), Information Systeme Security Manager (ISSM), and the Delegated and and/or Authorizing Officer (DAO/AO) on any assessment and authorization issues.
Create, review and update Plans of Action and Milestones (POA&Ms)
Monitor and analyze Intrusion Detection System (IDS) to identify security issues for remediation.
Ensure security assessment completed, and results are documented and prepare the security Assessment report (SAR) for Authorization boundary.
Ensure the updates and the implementation of the security policies and procedures.
Work closely with third-party vendors to ensure appropriate security support is provided for hosted application.
Initiate a Plan of Action Milestones (POA&M) with identified weaknesses for each.
Conduct research and providing review recommendations on software and technologies to address vulnerabilities
Review Splunk & Qualys Audit logs for compliance
Conduct security assessment interviews, tests and evaluation to determine the Security posture of the System and to develop a Security Assessment Report (SAR) using NIST SP 800-53A required to maintain Authorization to Operate (ATO), Risk Assessment, System Security Plans, and System Categorization
ADMINISTRATION OF CHILDREN AND FAMILIES- Federal Cyber Security Manager, Washington DC-June 2018 to Jan.2019 (Public Trust) (Supported ACF)
Develop procedures, awareness programs and supporting templates for ACF SA&A.
Supported the CIO in making Authorization decisions with documented system compliances
Oversight of quality assurance (QA) and its on-going maintenance of quality assurance program
Ensure a weekly security status meeting by the contract support staff of the DFS
Ensure a weekly Validation and Testing of Data status meeting by the contract support staff of the IV&V Team
Attend all Lines of Business (LOB) meetings including Advisory and PMOs
Track & monitor tasks assigned to staff to ensure they are on schedule
Provide Oversight to Support Personnel who perform DFS cyber security assessment of Risk Management Framework, Security Testing, IV &V testing & Continuums Monitoring program
SCIENTIFIC APPLICATION INTERNATIONAL CORPORATION- Information Security Project Manager, Mclean VA Oct. 2017 to Mar. 2018 (Public Trust) (PBGC)
Review all work from quality assurance perspective
Ensure non-Occurrence of service deficiencies
Develop and maintain security artifacts including SSP, FIPS 199, PTA/PIA and ISCM Plan
Track & monitor tasks assigned to staff to ensure they are on schedule
Provide Oversight of Personnel who perform cyber security technical assessments of Risk Management Framework, Security Testing, & Continuums Monitoring program.
Develop, Coordinate, Support & Implement IT Security Training
Plan, Schedule, Coordinate, Prepare, Execute, and/or document the results of test plans and scripts for IT Security User Acceptance Testing (UAT) for development,
Review work instructions and operational procedures for compliance with security requirements and policy
Prepare, Review, Update and Maintain SSP and associated documents, Implement and Support Continuous Monitoring
STRATEGIC ENTERPRISE SOLUTIONS. - Information System Security Officer, Wash. DC, -Oct. 2016 to Oct. 2017 (Public Trust) (Supported DHS/ICE)
Maintain an asset inventory of hardware and software within the program/development offices or field site facility
Participate in DevOps Sec (security integrated into Agile processes) requirements for assigned systems
Monitor and respond to Information Security Vulnerability Management (ISVM) Patch Management
Conduct an annual assessment in accordance with guidance in the DHS Information Security Performance Plan
Ensure that requests for Security Assessment & Authorization (SA&A), or Certification and Accreditation(C&A) of assigned major application or general support system is completed in accordance with the DHS 4300A Handbook Policy and procedure
Maintain and update Authorization Packages security documentation including Privacy Impact Analysis, Privacy Threshold Analysis, System Security Plan and System Assessment Report using RSA Archer
Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit)
Support the creation, monitoring, and updating the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates
Ensure the implementation of cloud Security & maintenance of the security controls to the assigned DHS system in AWS (FedRAMP).
CGH TECHNOLOGIES- Information Security Analyst, Wash. DC, SW-May 2014 to Sept, 2016 (Public Trust) (Supported OPM)
Develop & assemble Security Assessment and Authorization (SA&A) HCDW system using NIST 800-special publications
Participating in DevOps Sec (security integrated into Agile processes) requirements for assigned systems
Vulnerability Scanning & Analysis of OPM USAjobs Servers for open weaknesses.
Site / Physical facility assessment and survey
Review and validation of systems security assessment & authorization (SA&A) artifacts using FISMA compliant Trusted Agent
Develop a Continuous Monitoring Plan for information systems, IT security controls for systems at the program or system level
Ensure systems compliance of periodic Continuous monitoring process, Contingency Plan & test of artifacts using Trusted Agent a FISMA compliant tool
Review and analyze POA&M items for closures with Weaknesses Completion Plans (WCP) and make recommendations for corrective actions
SCIENTIFIC RESEARCH ANDAPPLICATION INTERNATIONAL, INC.- Information Assurance Analyst, Fair Oak, Virginia-Jan,2010 to April,2014 (Public Trust) (Supported OPM)
Develop & assemble Security Assessment and Authorization (SA&A) artifacts using NIST 800-special publications (NIST 800- 53 Rev 4, 800-53 A rev 1, 800-37 rev 1, FIPS-199)
Review risk assessment reports for consistency following NIST 800-30 and agency’s Information Security Policy
Create Review and Update Information security policies and procedures for Agency system compliance use
Conduct Security Assessments (Security Testing and Evaluations) in support of security authorizations (accreditation), documenting and presenting test results and mitigation strategies
Review and analyze POA&M items for closures with Weaknesses Completion Plans (WCP) and make recommendations for corrective actions
Review & analyze Notice of Findings & Recommendations (NFRs) from FISMA Audit and provide recommendations for corrective actions
Perform vulnerability scans, analyze scan reports and make recommendations for corrective actions
TECHGUARD SECURITY, INC. - Information Security Engineer, Baltimore, MD – Aug. 2004 to Dec 2009 (Public Trust) (Supported PBGC)
Perform systems certifications and accreditations in accordance with FISMA regulations and OMB requirements
Develop security documentation to ensure the Confidentiality, Integrity & Availability of the assigned systems
Tasked with the responsibility of researching, developing and maintaining the agency’s policies, procedures, and guidelines (Information Assurance handbook (IAH)
Develop and maintain security artifacts including SSP, FIPS 199, PTA/PIA and ISCM Plan
Perform security tests and evaluations (ST&Es)
Conducts risk assessments and implements solutions to reduce vulnerabilities.
Monitor system operations for compliance with security policy and accepted best security practices
Perform Vulnerability scan and analysis of PBGC systems
Create Systems Plan of Action &Milestone (POA&M)
Supervision of employees and taking lead in the general tasking activities supporting the clients
GNS, INC. - Senior Network Engineer, Rockville, MD – Sept 2003 to Sept. 2004
Responsible for the review of the operational procedures for the Department of Commerce’s Lotus Notes/Domino mail
Reviewed and analyzed the implementation of Lotus notes/Domino server security features
Tasked with reporting and making recommendations on the proper use of securing Lotus Notes
Provided network end user support for department staff, which involved configuring individual workstations
CES CORPORATION - Local Area Network Administrator, Silver Spring, MD –Mar. 2001 to Sept. 2004
Installed and configured MS client mail (MS Outlook 2000), Win 95, 98 NT 4.0 and 2000 Pro Access 97 Database and Netscape Communicator as Linux mail
Tasked with system backup using ARC serve, Backup exec software and Veritas Auto loader
Supported at least 200 users running Windows 95/98/NT/2000/XP professional workstations in Netware /Linux mixed environment of African Development Foundation
Tasked with configuring, monitoring and administering the firewall servers
Installed and configured Gauntlet firewall and network scanning security software
Managed, monitored, and maintained Novell Netware, Linux Squirrel web mail, Network Printers, Win NT firewall & DHCP Servers and MS Active Directory
OAO CORPORATION - Local Area Network Administrator, Greenbelt, MD –May 1999 to Mar. 2001
Supported at least 300 users and nodes in Win 95/98, NT, 2000 professional and Macintosh workstations in Win NT LAN environment in DC Office of Planning
Installed and configured Win 95, 98 NT 4.0 and 2000 Professional workstations
Monitored and maintained MS Exchange 5.5, primary domain controller, backup domain controller and IQ tracking mail servers & Agency Web mail system
Installed and configured Win NT servers (PDC & BDC)
Created individual and group mailboxes in the MS Exchange server 5.5
KEANE FEDERAL SYSTEM, INC – Network Administrator, Rockville, MD –Sept. 1997 to April 1999
Installed, configured and deployed more than 1,300 Windows 95/98 systems, Microsoft NT workstations, printers, scanners, and other network peripherals
Upgraded, tested and maintained more than 300 client workstations, and supported over 1, 500 LAN/WAN users in the Netware environment
Installed, configured, and maintained Lotus Notes and cc: Mail
Proficient with remote management using Zen works
Backed up network resources using Arc serve
EDUCATION:
Masters Business Administration – Marketing, University of the District of Columbia
Bachelor of Science - Business Administration, Johnson C Smith University
CERTIFICATIONS:
CISSP (Certified Information System Security Professional) (ISC)2 certified)
AWS CCP (AWS Cloud Certified Practitioner}
CNA (Certified Netware Administrator)
MCP (Microsoft Certified Professional)
CLEARANCE:
Top Secret/SCI Poly (Active)
Secret (Active)
PROFESSIONAL DEVELOPMNET/TRAINING:
Cloud Security Administrator-Akamai University
AWS cloud practitioner Training
Business Case Development Training
Information Security seminars and webcasts
International Information system Security Certification Consortium (ISC)2
Peer Review Training
Project management Training
MCSE Training
Productivity and Management Professional Development
LAN configuration and maintenance Training
REFERENCES AVAILABLE UPON REQUEST
Contact this candidate