Risk Management Information Security

MARY AJULUCHUKWU OKWESA

Chesapeake Virginia, ****4.

***********.*******@*****.*** / 757-***-****

SUMMARY

Detail-oriented IT Risk Analyst with 5+ years of expertise in Information Technology and Cybersecurity. Proven track record in identifying, assessing, and mitigating IT-related risks. Proven track record of developing and implementing effective risk management strategies to safeguard organizational assets and ensure regulatory compliance. Seeking to leverage analytical skills and expertise in risk assessment to contribute to the success of a dynamic organization.. Skilled in Security Operations Center (SOC) management, Risk Assessment, System Development Life Cycle (SDLC), Cyber Threat Intelligence (CTI), Cyber Threat Research, Network Operation Center (NOC), and System Administration Support. Demonstrates proficiency in applying security processes and standards such as SDLC, Cyber Kill Chain, Tactics Techniques and Procedures (TTP), FedRAMP, FISMA, ISO, and NIST.

SKILLS

Encryption

Network security and Data Security control

DevOps/ Kubernetes

NIST/FISMA

Incident Response/ Continuous Monitoring

STIGs/SCAPS/ACAS Scan

RMF/eMass

Controls and frameworks/ POA&Ms

Assessment/Authorization

Intrusion Detection/ Risk Management

Forensics

Identity and Access Management (IAM)

Microsoft Azure/ Cloud Infrastructure

Management/Leadership

IT Risk Analyst Coinbase 06/2021 – Present

Conduct comprehensive risk assessments to identify vulnerabilities, threats, and potential impacts on IT systems and infrastructure.

Develop risk mitigation strategies and recommend security controls to minimize exposure to cyber threats.

Collaborate with cross-functional teams to implement risk management frameworks, policies, and procedures aligned with NIST, CIS, and MITRE ATT&CK.

Monitor and evaluate compliance with regulatory requirements (e.g., ISO 27001, PCI-DSS, FedRAMP).

Investigate security incidents, implement remediation strategies, and enhance security monitoring capabilities using SIEM, EDR, and DLP solutions.

Provide strategic guidance on security best practices, risk mitigation techniques, and emerging threat trends.

Contribute to risk and control assessments for different Chief Information Office (CIO) departments, ensuring a high-security standard.

Security Control Assessor (SCA) Core Intel, LLC 10/2019 – 05/2021

Conducted security assessments in preparation for system Authorization to Operate (ATO).

Ensured compliance with information security (INFOSEC) standards by implementing risk management methodologies such as NIST RMF.

Developed and maintained System Security Plans (SSPs), FISMA reports, Contingency Plans, and Plan of Action & Milestones (POA&Ms).

Classified and categorized information systems using RMF processes to ensure Confidentiality, Integrity, and Availability (CIA).

Assessed security controls and assisted in implementing remediation plans to address vulnerabilities.

Conducted security reviews and collaborated with agencies and ISSOs to prepare for independent audits and ensure compliance with federal security regulations.

Provided technical expertise on security frameworks, including NIST 800-53, ISO 27001, and FedRAMP.

SOC Analyst / Citi Bank 11/2017 - 05/2019

Devised disaster recovery plans and developed contingency measures for security breaches.

Provided management with impact assessments of breaches of confidentiality, integrity, availability, and service delivery.

Driven process improvement, documentation, and best practices within the SOC.

Maintained and updated global inventory of controls and lead audits for compliance, including PCI.

Analyzed and correlated threat intelligence from multiple sources, such as SIEM, IDS, and system logs.

Conducted proactive investigations of security alerts and collaborated with cross-functional teams for risk mitigation.

Information Security Analyst / Heritage Bank Plc 02/2014 - 09/2017

Evaluated and analyzed on-premises and cloud technology solutions, including network, infrastructure, and applications.

Worked with the security team to perform tests and uncovered network vulnerabilities.

Safeguarded system security and improved overall server and network efficiency by training users and promoting security awareness.

Built firewalls and encrypted data to secure confidential information.

Reviewed IS controls accessibility, applicability, and Gaps / Risks for the platforms and end-user modules built on Robotics / Low code No code platforms.

Assisted in developing and communicating our overall ITGRC framework, especially for IT Risk management activities such as risk scenarios assessments, risk control assessments, technology reviews, security reviews, and third-party reviews.

EDUCATION AND TRAINING

Bachelor of Science: Cybersecurity Technology and Digital Forensics

University Of Maryland Global Campus

Bachelor of Science: Computer Science

River State University of Science and Technology

Associate of Science: Cybersecurity and Computer Networking

Prince George's Community College

ACTIVITIES AND HONORS

National Society of Leadership and Success (NSLS)

Phi Theta Kappa (PTK)/All USA Team Silver Medallion

President Hackers Space Club PGCC chapter

CERTIFICATIONS

CompTIA Security+

CompTIA Linux

Contact this candidate