- Information Systems Security Analyst (ISSO), with experience in information Assurance, Risk Advisory, FEDRAMP, FISMA, NIST 800 - 37 Risk Management Framework (RMF) NIST SP 800-53/53A Rev 4 requirements., Assessment and Authorization, and POA&M management.
- FISMA Reporting/C&A
- RSA Archer
- Wireless Network
- MS project
Confidential, Washington DC
INFORMATION SYSTEMS SECURITY OFFICER
- Perform updates to System Security Plans (SSP) Using NIST 800-18 as a guide to develop SSP, Risk Assessments, and Incident Response Plans, create Change Control procedures, and draft, review, update Plans of Action and Milestones (POAMs).
- Serve as the organization's Information Systems Security Officer (ISSO) and subject matter expert for information security requirements.
- Use Risk Management Framework (RMF), and NIST 800-37 as a guide, performed assessments and Continuous Monitoring: including initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment
- Maintain a continuous monitoring approach on affiliated networks and system security controls including system audit logs, ACLs, vulnerability scanning, updated software/hardware inventory, OS and software patching, Encryption standards.
- Evaluate threats and vulnerabilities of each system and ensure proper safeguards are in place to protect information systems.
- Provide guidance and support to ITSPM, System Owners, and ISSOs on meeting IT security compliance in accordance to the Library of Congress (LC) Directive 01, FISMA, and (NIST) guidelines.
- Responsible for maintaining the documentation of the certification and accreditation activities and direct technical and coordination activities to prepare the system Security Plans and update the Plan of Actions and Milestones (POA&M).
- Provide artifacts to support the Risk Management process.
- Ensure that all the certification and accreditation procedures have been fulfilled and maintained by adhering to LC information assurance certification and accreditation process.
- Collaborate with ISSO during the design and development process to suggest best practices for implementing security requirements and controls.
- Establish and maintains standard operating procedures (SOPs)
- Establish and maintain review logs for each system
- Document scan results and maintain Plan of Actions and Milestones (POAM) to closure
INFORMATION SECURITY ANALYST
- Reviewed and updated System Security Plan (SSP) based on findings from assessed controls using NIST SP 800-18 rev1, NIST SP 800-53a rev4 and NIST SP 800-53.
- Performed walk-through and detailed testing of controls to determine if controls are properly designed and operating effectively.
- Review system cyber security plans, cyber security assessment reports and POA&M of cloud service providers
- Review and interpret FedRAMP authorization packages, develop and maintain security control implementation statements
- Developed and updated security authorization packages for information systems and cloud systems in accordance with the directive, and compliance with FISMA and FedRAMP
- Conducted client interview to determine the Security posture of the System and to assist in the completion of the Security Assessment Plan using NIST SP 800-53A test required to maintain organization's Authorization to Operate (ATO).
- Reviewed and updated the Contingency Plan (CP) annually as part of the system security documents following NIST-800-34
- Enforced IT processes to ensure consistent, well-integrated application structures in full compliance with Sarbanes Oxley (SOX) and Payment Card Industry - Data Security Standards (PCI DSS) regulations
- Updated SSP with the Information System owner when necessary.
- Contributed to initiating FISMA metrics such as Annual Testing, POA&M Management, and Program Management
- Conducted risk assessments regularly; ensured measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37
- Created Security Assessment Plans to initiate Information security Assessment
- Performed specific quality control for packages validation on the SP, RA, RTM, PIA, SORN, E-authentication assessment and FIPS-199 categorization
- Performed continuous monitoring on Information systems using NIST SP 800-137
- Documented security compliance using Governance, Risk & Compliance (GRC) tool
- Generated Security Assessment Reports (SAR).
- Conducted vulnerability assessment using Nessus tool
- Ability to translate business requirements into control objectives
- Maintained inventory of all Information Security system assigned
- Planned, assigned and performed security validation review for C&A documentation, and supervise team members
- Knowledge of compliance standards such as PCI DSS, FISMA, SSAE16, SOX, COBIT, ISO 27001/27002 and HIPAA.
CYBER SECURITY/THREAT ANALYST
- Dedicated security monitoring and analysis of cyber security events (Triage) of tracking phishing URLs, emails, and smishing and assigning it to other analysts for takedown.
- Coordinated with hosting providers and registrars to remove malicious websites from the internet.
- Advised clients on security best practices and policy
- Reviewed threats and provided analysis that met clients' expectations
- Assisted Global Intelligence team in enhancing intelligence products
- Monitored over 3,000 threats daily from social media and other sources reported through the company's web crawlers
- Coordinated response activities with various stakeholders for confirmed incidents and recommending mitigation strategies
- Evaluated changes in attack tactics, techniques and targets to enhance threat scenarios cases and made recommendations to ensure that the technology strategy maintains pace with the changing insider threat landscape
- Gathered and compiled internal/external intelligence data
- Performed duties involving investigation and verification of activities damaging to our clients and performed takedowns of damaging websites, social media accounts, etc.
- Performed scripting and Linux commands such as dig, traceroute, and host -t mx commands to determine the status of a website if it's taken down.
- Familiar with some error codes in HTTP and SMTP when determining the status of a phishing site or phishing email address
INFORMATION SYSTEMS AUDITOR
- Identified risks and test controls associated with systems and data integrity
- Advised IT and business stakeholders on control best practices within their processes to reduce risks and improve efficiency and financial profitability
- Performed internal IT risk assessments, and provided recommendations on remediation.
- Provided data and records for external auditors, Central Bank of Nigeria, (CBN) and other regulators during external audits, thereby facilitating early completion of statutory audits.
- Conducted vulnerability assessment using Nessus tool
- Assessed existing company policies and procedures to determine compliance with industry best practices.
- Investigated and reported Systems related frauds e.g. ATM frauds, Application frauds and other E-Channel fraud.
- Maintained follow up system that monitored actions taken by management to implement recommendations and report on the status of implementation to the audit committee
- IT Operational Audit- Evaluated the design and tested the operating effectiveness of controls around IT operations (support and delivery structure).
- Assisted in defining, refining, implementing and maintaining the Company’s audit process, including department standards operating procedures (SOP).
IT DESKTOP SUPPORT
- Monitored and maintained VM Ware hardware and software windows 2008 & 2012 server, creating and maintaining Users account on AD.
- Created/managed tickets in Remedy for secondary issues described by customer
- Provided support to customers, team members, IT Service Desk staff, and other members of a company
- Applied diagnostic techniques to identify problems, investigate root cause analyses, and recommend solutions using Remedy IT Service Management Suite
- Installed, configured and maintained Windows Operating System including patches, updates, and performance monitoring.
- Used Microsoft Active Directory for group policy management and other tasks
- Oversaw security of all systems, especially the internet, and installing antivirus protection
- Provided systems administration support for Windows systems including server and workstation upgrades, backup and disaster recovery monitoring, user account setup and security administration.
- Managed and maintained an IT asset inventory.