Post Job Free
Sign in

Information Security Engineer RMF/NIST Compliance Expert

Location:
Lanham, MD
Posted:
February 20, 2026

Contact this candidate

Resume:

*

Ignatius Nwaiwu, CISSP

**** **** *****

Lanham Maryland 20706

Cell: 301-***-****

*******@*****.***

TECHNICAL SKILLS SUMMARY:

• NIST Special Publications and Guides, OMB circulars, FISMA Act 2002, and FIPS

• Security Assessment & Authorization (SA&A) (NIST 800-37 RMF)

• FISMA Complaint Tools: XACTA AE,360, XACTA i.0 & Continuum (DHS IACS), Archer GRC, TAF, CSAM, JCAM &ASSERT

• Vulnerability Scanning Assessment

• FedRAMP Cloud system management

• Ca PAM

• IT Risk Assessment, Incident Management, Continuous System Monitoring

• Vulnerability Assessment Tools -. Tenable Nessus, Nessus Security, Assured Compliance Assessment Solution (ACAS),Eeye Retina, MBSA, Web Inspect, DB Protect, HP Fortify, Qualys, Firewall, NMAP, Carbon Black, eMcAfee AV ePO. EMPLOYMENT EXPERIENCE:

ManTech International, INC. - Information System Security Engineer (ISSM Support), Wash. DC, -April. 2024 to May 2025 (Top Secret/SCI Poly) (Federal Bureau of Investigation (FBI))

• Reviewed and assessed security authorization activities in compliance with the Information System Assessment & Authorization (SAA) Process of the NIST Risk Management Framework (RMF).

• Collaboratively worked with the ISSO to ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS

• Perform assessment of ISs, based upon the risk Management Framework (RMF) methodology in accordance with the FBINet Classified, FBI Security Compartmented Information (SCI), and FBI Unet Unclassified systems Implementation Guide

• Reviewed and ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle.

• Reviewed and ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis

2

• Reviewed and ensure IS vulnerability scans are performed according to risk assessment parameters

• Managed the risks to ISs and other FBI assets by coordinating appropriate correction or mitigation actions, and oversee and track the timely completion of (POAMs)

• Ensured that security controls are monitored for FBI ISs to maintain security Authorized to Operate (ATO) and security control evidence are uploaded to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase

• Ensured that changes to an FBI IS, its environment, and/or operational needs that may affect the authorization status are reported and documented Silosmashers, INC. - Information System Security Officer, Wash. DC, -May. 2020 to March 2024 (Top Secret) (Department of Homeland Security (DHS))

• Utilize Tenable Nessus scan tool to Perform compliance scanning, analyze configuration

& facilitate implementation of config. hardening settings on networks, operating systems, and web applications.

• Ensure controls are Implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the

• Design, develop, and implement specific cybersecurity countermeasures for the IS and Network Environment

• Ensure compliance with protection requirements, control procedures, incident management reporting, remote access requirements, and system management for all systems under the scope.

• Ensure compliance with data and application security policies and relevant legal and regulatory requirements and applicable Risk Management Framework (RMF) requirements.

• Ensure appropriate changes and improvement actions are implemented as required. Maintain current knowledge of authenticator management for unclassified systems.

• Integrate and/or implement security with Cross Domain Solutions (CDS) for use within an IS.

• Ensure compliance with protection requirements, control procedures, incident management reporting, remote access requirements, and system management for all systems under the scope.

• Design, develop, and implement network security measures that provide confidentiality, integrity, and availability of the information systems

• Monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, network, databases, and Web-based security. 3

TISTA SCIENCE& TECHNOLOGY, INC. - Information System Security Officer, Wash. DC, -April. 2019 to February 2020 (Public Trust) (Supporting Library of Congress (LOC))

• Integrate and/or implement security with Cross Domain Solutions (CDS) for use within an IS.

• Advise the information System Owner (ISO), Chief Information Security Officer (CISO), Information Systeme Security Manager (ISSM), and the Delegated and and/or Authorizing Officer (DAO/AO) on any assessment and authorization issues.

• Create, review and update Plans of Action and Milestones (POA&Ms)

• Monitor and analyze Intrusion Detection System (IDS) to identify security issues for remediation.

• Ensure security assessment completed, and results are documented and prepare the security Assessment report (SAR) for Authorization boundary.

• Ensure the updates and the implementation of the security policies and procedures.

• Work closely with third-party vendors to ensure appropriate security support is provided for hosted application.

• Utilize Qualys & Tenable Nessus scan tools to Perform compliance scanning, analyze configuration & facilitate implementation of config. hardening settings on networks, operating systems, web applications, databases.

• Initiate a Plan of Action Milestones (POA&M) with identified weaknesses for each.

• Conduct research and providing review recommendations on software and technologies to address vulnerabilities

• Design, develop, and implement specific cybersecurity countermeasures for the IS and Network Environment

• Conduct security assessment interviews, tests and evaluation to determine the Security posture of the System and to develop a Security Assessment Report (SAR) using NIST SP 800-53A required to maintain Authorization to Operate (ATO), Risk Assessment, System Security Plans, and System Categorization

ADMINISTRATION OF CHILDREN AND FAMILIES- Federal Cyber Security Manager, Washington DC-June 2018 to Jan.2019 (Public Trust) (Supported ACF)

• Develop procedures, awareness programs and supporting templates for ACF SA&A.

• Supported the CIO in making Authorization decisions with documented system compliances

• Oversight of quality assurance (QA) and its on-going maintenance of quality assurance program

• Ensure a weekly security status meeting by the contract support staff of the DFS 4

• Ensure a weekly Validation and Testing of Data status meeting by the contract support staff of the IV&V Team

• Attend all Lines of Business (LOB) meetings including Advisory and PMOs

• Track & monitor tasks assigned to staff to ensure they are on schedule

• Provide Oversight to Support Personnel who perform DFS cyber security assessment of Risk Management Framework, Security Testing, IV &V testing & Continuums Monitoring program

SCIENTIFIC APPLICATION INTERNATIONAL CORPORATION- Information Security Project Manager, Mclean VA Oct. 2017 to Mar. 2018 (Public Trust) (PBGC)

• Review all work from quality assurance perspective

• Ensure non-Occurrence of service deficiencies

• Develop and maintain security artifacts including SSP, FIPS 199, PTA/PIA and ISCM Plan

• Track & monitor tasks assigned to staff to ensure they are on schedule

• Develop, Coordinate, Support & Implement IT Security Training

• Plan, Schedule, Coordinate, Prepare, Execute, and/or document the results of test plans and scripts for IT Security User Acceptance Testing (UAT) for development,

• Review work instructions and operational procedures for compliance with security requirements and policy

• Prepare, Review, Update and Maintain SSP and associated documents, Implement and Support Continuous Monitoring

STRATEGIC ENTERPRISE SOLUTIONS. - Information System Security Officer, Wash. DC, -Oct. 2016 to Oct. 2017 (Public Trust) (Supported DHS/ICE)

• Maintain an asset inventory of hardware and software within the program/development offices or field site facility

• Participate in DevOps Sec (security integrated into Agile processes) requirements for assigned systems

• Monitor and respond to Information Security Vulnerability Management (ISVM) Patch Management

• Conduct an annual assessment in accordance with guidance in the DHS Information Security Performance Plan

• Ensure that requests for Security Assessment & Authorization (SA&A), or Certification and Accreditation(C&A) of assigned major application or general support system is completed in accordance with the DHS 4300A Handbook Policy and procedure

• Maintain and update Authorization Packages security documentation including Privacy Impact Analysis, Privacy Threshold Analysis, System Security Plan and System Assessment Report using RSA Archer

• Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit) 5

• Support the creation, monitoring, and updating the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates

• Ensure the implementation of cloud Security & maintenance of the security controls to the assigned DHS system in AWS (FedRAMP).

• Utilize NMAP scan tool to Perform compliance scanning, analyze Ports, protocols, and services configurations.

CGH TECHNOLOGIES- Information Security Analyst, Wash. DC, SW-May 2014 to Sept, 2016 (Public Trust) (Supported OPM)

• Develop & assemble Security Assessment and Authorization (SA&A) HCDW system using NIST 800-special publications

• Participating in DevOps Sec (security integrated into Agile processes) requirements for assigned systems

• Design, develop, and implement specific cybersecurity countermeasures for the IS and Network Environment

• Utilize NMAP scan tool to Perform compliance scanning, analyze Ports, protocols, and services configurations.

• Site / Physical facility assessment and survey

• Review and validation of systems security assessment & authorization (SA&A) artifacts using FISMA compliant Trusted Agent

• Develop a Continuous Monitoring Plan for information systems, IT security controls for systems at the program or system level

• Ensure systems compliance of periodic Continuous monitoring process, Contingency Plan & test of artifacts using Trusted Agent a FISMA compliant tool

• Review and analyze POA&M items for closures with Weaknesses Completion Plans

(WCP) and make recommendations for corrective actions SCIENTIFIC RESEARCH ANDAPPLICATION INTERNATIONAL, INC.- Information Assurance Analyst, Fair Oak, Virginia-Jan,2010 to April,2014 (Public Trust) (Supported OPM)

• Develop & assemble Security Assessment and Authorization (SA&A) artifacts using NIST 800-special publications (NIST 800- 53 Rev 4, 800-53 A rev 1, 800-37 rev 1, FIPS-199)

• Review risk assessment reports for consistency following NIST 800-30 and agency’s Information Security Policy

• Create Review and Update Information security policies and procedures for Agency system compliance use

• Conduct Security Assessments (Security Testing and Evaluations) in support of security authorizations (accreditation), documenting and presenting test results and mitigation strategies

6

• Review and analyze POA&M items for closures with Weaknesses Completion Plans

(WCP) and make recommendations for corrective actions

• Review & analyze Notice of Findings & Recommendations (NFRs) from FISMA Audit and provide recommendations for corrective actions TECHGUARD SECURITY, INC. - Information Security Engineer, Baltimore, MD – Aug. 2004 to Dec 2009 (Public Trust) (Supported PBGC)

• Perform systems certifications and accreditations in accordance with FISMA regulations and OMB requirements

• Develop security documentation to ensure the Confidentiality, Integrity & Availability of the assigned systems

• Tasked with the responsibility of researching, developing and maintaining the agency’s policies, procedures, and guidelines (Information Assurance handbook (IAH)

• Develop and maintain security artifacts including SSP, FIPS 199, PTA/PIA and ISCM Plan

• Perform security tests and evaluations (ST&Es)

• Monitor system operations for compliance with security policy and accepted best security practices

• Perform Vulnerability scan and analysis of open ports and Services utilizing NMAP tool scanner in PBGC systems

• Create Systems Plan of Action &Milestone (POA&M)

• Supervision of employees and taking lead in the general tasking activities supporting the clients

EDUCATION:

Masters Business Administration – Marketing, University of the District of Columbia Bachelor of Science - Business Administration, Johnson C Smith University CERTIFICATIONS:

• CISSP (Certified Information System Security Professional) (ISC)2 certified)

• AWS CCP (AWS Cloud Certified Practitioner}

• CNA (Certified Netware Administrator)

• MCP (Microsoft Certified Professional)

CLEARANCE:

Top Secret/SCI Poly (Active)

Secret (Active)

PROFESSIONAL DEVELOPMNET/TRAINING:

• Cloud Security Administrator-Akamai University

7

• AWS cloud practitioner Training

• Business Case Development Training

• Information Security seminars and webcasts

• International Information system Security Certification Consortium (ISC)2

• Peer Review Training

• Project management Training

• MCSE Training

• Productivity and Management Professional Development

• LAN configuration and maintenance Training

REFERENCES AVAILABLE UPON REQUEST



Contact this candidate