- Information Systems and Assurance specialist with 5 years of Information Systems Assessment and Authorization experience with great passion and talent for aligning security architecture, plans, controls, processes, policies and procedures with security standards and organization operational goals.
- Experience in handling various aspects of Information Systems Security Authorization and Continuous Monitoring process based on the Special Publications by NIST ( 800 - 60 & FIPS 199, OMB circular A130 App III, 800-53 Rev 4 & FIPS 200, 800-53a Rev.4, 800-137, 800-37 Rev 1, 800-30)
- Proficient in developing and working with System Security Plan (SSP), Plan of Action & Milestone (POAM), Security Assessment Plan (SAP), Security Testing & Evaluation (ST& E), Security Assessment Report (SAR)
- Experience with vital security artifacts like Contingency plans, Configuration management plans, Incident response plan and Risk Assessments.
- Assessment of Security Controls, continuous monitoring of controls and security Infrastructures.
- Providing support for organization’s Risk Management Framework.
- Proficient in the use of Vulnerability Scanning tools such as Tenable Nessus Pro and Security Center; as well as analysis of security scan reports for necessary action.
- Make entries in the Cyber Security Assessment and Management (CSAM) tool.
- Proficient in the use of Web Application Pen Testing tools like Burb Suite and SQLMap
- Familiarity with Red Hat Enterprise Linux and CentOS platforms.
- Excellent report writing and documentation skills, great team play and comfortable under pressure.
Confidential, Wheaton, MD
Security Control Assessor /TesterResponsibilities:
- Conducted security control assessments using interviews, examination and testing in accordance with NIST 800-53a rev 4
- Scheduled and coordinated assessment kick-offs and exit briefings with all relevant stakeholders
- Developed Security Assessment Plans and Security Assessment reports
- Conducted Web Application security testing for clients using pen testing tools like Burp Suite and SQLMap
- Make entries of all Assessment activities in the Cyber Security Assessment and Management (CSAM) tool.
Confidential, Wheaton, MD
Information System Security OfficerResponsibilities:
- Update IT security policies, procedures, standards and guidelines based on the department and federal requirements.
- Develop, review and keep undated different security artifacts such as Contingency plans, Incident response plan, configuration management plan and vulnerability reports.
- Maintain, update and monitor Information system security documents, the System Security Plan, Plan of Action & Milestone, as stipulated by NIST guidelines (NIST 800-18 etc).
- Work with the Application Development teams and Project managers to mitigate system vulnerabilities discovered in the various Java based and .Net Applications and ensure compliance with security processes and procedures.
- Perform security control assessment using NIST SP 800-53a Rev4 methods to examine, interview and test in order to determine the security posture of the systems.
- Prepare and maintain the Authorization package (SSP, SAR & POAM) necessary for the issuance of the Authorization to Operate (ATO).
- Perform Monthly Vulnerability Scans on the information system infrastructure using Nessus Security Center based on organizations policy. And generate scan reports for review and further action.
- Ensure that the different controls required in securing the information systems are in place and follow up on remediation activities.
- Assisted with security assessment, reports and documents with regards to the organizations cloud based systems.
- Attend Security Training, seminars and workshops as organized by the organization.
- Monitor organization’s security infrastructure for any policy violation and working with SOC to investigate and report security events.
- Assisted with information security risk assessments and internal audit of information security processes. Assessed vulnerabilities, threats probability and risk from emerging security matters and identified various mitigation requirements.
Junior Linux System AdministratorResponsibilities:
- Built and installed multiple physical and virtual Red Hat Enterprise Linux machines.
- Set up and administered user and group accounts, setting file and directory permissions.
- Carried out patch management tasks.
- Troubleshooting Local Area Networks using tools like ifconfig, PING, netcat, tcpdump, etc
- Administered local and remote servers using SSH utility on a daily basis.
- Liaison with branch offices to service their computer hardware and network devices.
- Installed and configuration of devices, printers and other peripherals on LAN.
Legal/Regulatory Compliance OfficerResponsibilities:
- Prepare and ensure delivery of monthly, quarterly and bi-annual compliance reports to regulatory bodies in the Financial Sector such as Central Bank of Nigeria (CBN).
- Liaison with External Solicitors to ensure proper procedures are followed to secure the filing of legal documents with Corporate Affairs Commission (CAC).
- Review documents relating to the Bank’s investors and ensuring adequate compliance with the Security and Exchange Commission (SEC) rules.
- Oversee the safe keep of all security related documents for the Board of Directors, Investors, Customers and Staff.
- Training staff on corporate security and compliance matters.