Candidate Information Title Information System Risk Management Target Location US-MD-Columbia Email Available with paid plan Phone Available with paid plan	20,000+ Fresh Resumes Monthly     View Phone Numbers     Receive Resume E-mail Alerts     Post Jobs Free     Link your Free Jobs Page     ... and much more Register on Jobvertise Free
Search 2 million Resumes Keywords: City or Zip:	Related Resumes Information Security Risk Management Silver Spring, MD Information Systems System Beltsville, MD Risk Management Information Security Washington, DC Security Officer Information System Hyattsville, MD Information Systems System Security Bethesda, MD Information Security System Washington, DC Information Security Risk Management Damascus, MD

Sylvester Popoola CISSP, CISM, CISA, ITILv3, CFE, Security+Ellicott City MD 21043 PHONE NUMBER AVAILABLE EMAIL AVAILABLE Information system technology professional with experience in cyber security processes, Risk Management Frameworks (RMF), Security Control Assessment (SCA), Federal Risk Management Program (FedRamp), Information Technology and General Control Auditor (ITGC), System development Life Cycle (SDLC), and compliance standards (SOX, SOC2, HIPAA & PCI DSS). Technical skills include Workiva, SharePoint, Nessus, Wireshark, and LinuxStatus: US Citizen with Secret ClearancePROFESSIONAL EXPERIENCEQUASARS INC  WASHINTON DCInformation System Security Officer (ISSO  TSA -DHS). Feb 2023  Present Serves as the principal advisor on all matters involving the security of an information system. Develops and maintains comprehensive system security authorization documentation (SSP, PTA, PIA etc.) Develops procedure documents for all control families. Documents external connections (ISAs, MOUMOA). Supports the Assessor with all Ongoing Authorization (OA) and Security Control Assessment (SCA) activities. Manages the system Plan of Action and Milestones (POA&Ms). Provides Change Management support for assigned systems. Ensures that Public Key Infrastructure (PKI) certificates for assigned FISMA systems are renewed when due and revocations are completed and processed prior to expiration. COALFIRE FEDERAL  RESTON VASenior Consultant (CAC - FedRAMP Lead) March 2022  Feb 2023 Developed Assessment & Authorization (A&A) testing methodologies, Security Test Plans, and provide all documentations necessary for performing Security Control Assessment Assisted in RMF Authorization and Monitoring an ongoing assessment effort (Steps 5&6) Worked with FedRAMP PMO on Readiness Assessment, Full Security Assessment and Authorization Process that include Cloud Computing Security Requirement Guidelines (CCSG) Developed System Security Plans, Configuration Management Plan, IT Contingency Plan, and Incident Response Plans in accordance with NIST requirements. Prepared, reviewed, and/or updated, and maintained IT security supporting artifacts. Conducted Assessment and Authorization (A&A) across DOD and civilian agencies for classified and unclassified systems on prem and in cloud environment accordance with FISMA, NIST and FedRAMP Provided IT security guidance to information system owners. Identified information security problems and challenges, researching and developing technical solution to Work closely with technical teams in system and network vulnerability scanning and analysis using both automated tools and manual techniques.Sylvester Popoola {443}720-8729Iron Vine Security LLC, Washinton DCInformation System Security Analyst (SCA-Lead)  Department of States (DOS) May 2021  March 2022 Developed Assessment & Authorization (A&A) testing methodologies, Security Test Plans, and provide all documentations necessary for performing Security Control Assessment Performed RMF Security Assessment on classified and unclassified systems. Assisted in RMF Authorization and Monitoring an ongoing assessment effort (Steps 5&6) Provided direct support in development of other A&A related systems bodies of evidence in accordance with current NIST Guidance using government provide A&A tool (XACTA, cmLite and iMatrix and other GRC tools) Tested, Analyzed, and interpreted A&A testing results for systems such as Linux, Virtual Machines, Networking, Database and Cloud Technology to identify security issues based on analysis of vulnerabilities and configuration data. Ascertained information systems security posture utilizing Self-Assessment, Security Test Plan control validation activities and other coordinated security testing. Performed SCA Leadership Role, attending and presenting projects status reports at management meetings, scheduling at PMO meetings, involved in technical meetings, and mentoring junior Assessors. INVICTUS INTERNATIONAL CONSULTING LLC, ALEXANDRA VA Senior Cyber Security Compliance Analyst (DOD) - April 2020  April 2021 Conducted information categorization of assigned systems by applying NIST FIPS199/NIST SP 800-60 to assess the Confidentiality, integrity, and Availability (CIA) and determine the impact and system rating using eMASS tool. Provided Information Systems Security Authorization support to DHS/USCG facilities. Performed System Security Authorization and related IA Continuous Monitoring tasks across multiple customer- owned and managed systems. Worked closely with internal and external cyber security stakeholders within CGCYBERCOM, USCGHQ and DHS in maintaining continued FISMA compliance, sustained ATO and effective system security posture. Conducted security evaluation and assessment, analyze IAVA bulletins and Cyber Security TASKORDs Performed documentation support services, tracking weakness mitigation/patch status. Collaborated with stakeholders in the creation and management of mitigation Plan of Action and Milestones and Privacy Impact Analysis (PIA) Performed Cyber Security operations support services to the Command, Control & Communications Engineering CenterHERTZ GLOBAL, DES PLAINES ILSnr IT Security Auditor May 2016  Mar 2020 Performed ITGC testing of design and operating effectiveness of controls involving program changes, logical security, and IT operations for SOX Compliance Reviewed third party SOC reports with focus on identifying both qualified and unqualified opinions, control deficiencies and how they are addressed.Sylvester Popoola {443}720-8729 Assessed security and operational controls on various operating system environments such as Windows servers, *NIX (Linux and Unix), Mainframe zOS, and AS400 iSeries. Performed walkthroughs of various applications with IT Internal and External Auditors to provide technical understanding of the applications in preparation for SOX and other IT security audits. Carried out Identity Access Management (IAM) review on various applications for privilege and non-privilege access. Worked closely with Internal Auditors on IT process improvement on enterprise systems. NESTLE DREYER ICE CREAM  LAUREL MARYLANDProduction Compliance Analyst April 2013  April 2016 Carried out production internal quality control audit. Analyzed various product quality in production floor. Assisted in stock taking of inventory for month-end reporting for account close-off. Compiled and maintained records of quantity, value of materials, equipment, merchandise, and supplies and input in SAP inventory management module. Issued materials requisitioned to production staff and update records in SAP Inventory Module. Carried out production internal quality control audit. Analyzed various product quality in production floor. Assisted in stock taking of inventory for month-end reporting for account close-off. Compiled and maintained records of quantity, value of materials, equipment, merchandise, and supplies and input in SAP inventory management module. Issued materials requisitioned to production staff and update records in SAP Inventory Module. Worked with the Factory Cost Accountant in gathering data and information to carry out various cost accounting functions.NATIONAL PIKE HEALTH CENTER, BALTIMORE MDCompliance Analyst Nov 2012  March 2013 Managed IT department to ensure necessary IT policies and procedures are in place to identify security vulnerabilities and control weaknesses; provided enhancement and Safeguards. Served as a point of contact for IT teams to address control questions from government agencies on audit and achieved continuous accreditation of the organization. Facilitated and coordinated with business owners to remediate identified issues. EDUCATIONBS, Economics - Lagos State UniversityMasters in information systems management - University of Phoenix Masters in Cyber Security  University of PhoenixSylvester Popoola {443}720-8729CERTIFICATIONSCertified Information System Security Professional (CISSP), Certified Information Security Manager (CISM) Certified Information System Auditors (CISA), CompTIA Security+, Information Technology Infrastructure Library (ITILv3), Certified Fraud Examiner (CFE), Chartered Accountant (ACA) ACHIEVEMENTSMember: The National Society of Leadership and Success  University of Phoenix Chapter Member: Epsilon Pi Tau (EPT)  University of Phoenix Honor Society  Delta Sigma Member: Order of the Sword & Shield  University of Phoenix Honor Society  Omicron Sigma Sigma.