Experienced Information Security Analyst skilled in assembling security authorization package
using National Institutes of Standards and Technology (NIST) Special Publications; 800 -53,
800-53A, 800-60, 800-30, 800-37 Rev-1, 800-18, 800-137, 800-70, FIPS 199, and FIPS 200.
*Proficient in the preparation and updating of System Security Plan (SSP), Security Assessment
Security Tools: Tenable Nessus, Burp Suite
Operating System: Windows OS, Mac OS Microsoft Project, Office suite
Information System Security AnalystSoliel - DOL - DC
Maintain and review information security documentation for customer's major applications in accordance with Federal Departmental and Agency guidelines, including but not limited to: System Security Plans, Security Risk Assessments, Plans of Action and Milestones (POAM), System Categorization Worksheets, Privacy Impact Assessments, Contingency Plans, Business
Maintain security compliance descriptions within the Cyber Security Assessment Management (CSAM) C&A web tool for all NIST 800-53 controls for each major application and GSS, update Computer Security Program Calendar, update Computer Security Handbook, and prepare weekly audit report.
Examine and review DOL Enterprise security documents in CSAM to ensure compliance with DOL standards.
Conduct continuous monitoring and review of DOL Enterprise POA&M and ATO package, providing recommendation, and ensuring document updates in CSAM.
Conduct security assessment on DOL Agency's Information System using CSAM, to ensure compliance with DOL standards and communicate result of findings to DOL Agency's POC based on the review of the Agency's Information systems security documents in CSAM.
Update DOL security controls policy and procedures, DOL Enterprise security control plan templates including but not limited to; Incident Response Plan, Contingency Plan.
Conduct Assessment and Authorization on Major application and General Support Systems.
Has knowledge of Federal Risk and Authorization Management Process (FEDRAMP) in securing federal Information systems in cloud environment and ensuring FISMA compliance.
03/2013 to 08/2016
Information System Security OfficerSmart Think Inc
Maintaining, reviewing and updating Information Security System documentations, includes but not limited to System Security Plan (SSP), Plan of Action & Milestone (POA&M).
Conduct IT controls risk assessment to identify system threats, vulnerabilities and risk, and generate reports.
Develop and conduct Security Test and Evaluation (ST&E) according to NIST SP 800-53A.
Develop System Security Plan (SSP) to provide an overview of the system security requirements and the needed security controls.
Develop Security Assessment Report (SAR) detailing the results of the security controls assessment along with Plan of Action& Milestones (POAM).
Conduct a security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented.
Develop Security Assessment Report (SAR) detailing the results of the security control assessment along with plan of action and milestones (POA&M) to the Designated Approving Authorization Official (AO) to obtain the Authority to Operate (ATO).
Assist in the development of an Information Security Continuous Monitoring strategy to help DOL in maintaining an ongoing awareness of information security (Ensure effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions.
Assist in the development of Information system categorization using appropriate standards and NIST guidance.
Developed and updated system security plan (SSP) to provide an overview of federal information systems security requirements and implementation of security controls.
Perform Assessment and Authorization in compliance with FISMA/NIST Standards.
Conducts kick-off meetings with the IT client team to gather evidence, developed test plans, testing procedures and documented test results.
Perform IT operating effectiveness tests in the areas of security, operations, and change management.
Has knowledge of regulatory and statutory security requirements like NIST, FISMA, HIPAA, and PCI DSS in securing financial data, health information, and federal information systems.
08/2012 to 03/2013
Information Security Compliance AnalystSibley Consulting － Virginia
Conducted security controls assessment to ensure implemented controls comply with standards.
Involved in security incident management in order to mitigate or resolve events that have the potential impact to the confidentiality, availability, or integrity of information technology resources.
Developed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, and organizational polices and safeguards in order to maintain FISMA and OMB compliance.
Perform Assessment and Authorization (A&A) on general support system and major application using the NIST Risk Management Framework (RMF) to ensure compliance with the Federal Information Security Management Act (FISMA).
Developed and maintained System Security Plan (SSP), Security Assessment Report (SAR), and POA&M to obtain the authority to operate (ATO).
Conducted periodic IT risk assessment and reviewed IA controls for any deficiencies.
08/2010 to 07/2012
Help Desk SupportZenith Consulting - MD
Assigned issues to appropriate support group for thorough support and prompt resolution.
Responsible for identifying, troubleshooting, researching, supporting and researching customer IT issues, Provided first point of contact for support issues.
Researched and resolved technical issues maintain technical aptitude and support corporate initiatives and team department goals according to direction of management.
Interacted with users to provide and process information in response to problems, inquiries, concerns and/or requests, collaborate with customers to resolve application, phone, printer, or computer problems in real time.
Worked closely with clients and staffs to ensure smooth, uninterrupted operation of network client workstations, servers, and perform other assigned duties.
01/2006 to 07/2010
Accountant / P.A (CEO)Rosemash Limited - Lagos
Prepared meeting materials and participate in the annual board of directors' meeting and other client meetings.
Prepared financial statements, bank deposits and cash disbursements.
Supported the monthly and quarterly closing process to meet the corporate timing requirements.
Processed accounts payable, maintain vendor, and supplier relationships.
Coordinated the financial planning and budget process and analyze correct estimates.
Notify management concerning trends that are critical to the Organization financial performance.
Coordinated and executed company's project, developed media strategies and public relations activities.
Education and Training
M.Sc: Cyber SecurityUniversity of Maryland University CollegeCyber Security