| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Smithsburg, MD PHONE NUMBER AVAILABLE EMAIL AVAILABLESUMMARYUS Army: Maryland National Guard, Rank, E4An Information System Security Officer and NIST 800-53 Control assessor with enormous years of combined experience in the Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standards and Technology (NIST), Risk Management Framework (RMF) processes, Risk Assessment (RA), System Development Life Cycle (SDLC), as well as Contingency planning.Through understanding of NIST 800-53 Rev 4 and 5 security controls. Audit projects including Security Audit, RMF, COBIT, PCI DSS, HIPAA, SAS 70 SSAE 16/SOC and SSAE18. Good working experience with GRC tools like ServiceNow, and Archer and Knowledge of the process of obtaining a system ATO and the requirements to maintain the ATO.An IT Professional with experience in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, as well as risk assessment.Understanding of information technology concepts, and cloud computing models (PaaS, SaaS, IaaS).EDUCATION1.Capitol University (USA-Maryland) Phd in Cybersecurity Leadership (2022-2025)2.The University of Texas McComb (USA-Texas) Post Graduate in Cybersecurity (2021-2022)3.Bachelor Degree (Cameroon) in Law 20064.University of Yaound II (Cameroon) PhD in Law (2015)CERTIFICATIONSCISM (Cybersecurity Information System Manager)CompTIA Security+ CE (Exp. Date : 04/06/2024)AWS Solutions ArchitectOracle OCPSECURITY CLEARANCEActive SecretPROFESSIONAL EXPERIENCEDISA, Fort Meade Laurel, MD ( COMPQSOFT)DATE : May 2023 to PresentInformation System Security Officer (ISSO)Assisting, supporting the for the Reauthorization for the Legacy systemUsing, eMass to assess, monitor security controls and update the leadershipUsing Stig Viewer to generate checklist for system and reporting to the Datacenter and Sys Admin for patching and remediationAssisting ongoing RMF IATT/ATO for the New System projects in support of client security systems using NIST SP 800- 37 Rev 1 as a guide.Assisting with RMF process, Categorization of the Information System, RMF documentations, CONOPS, BIA, ISCP, SSP, SPP, Drafting and updating Cybersecurity Policies.US Navy, Walter Reed National Military MedicalCommand (WRNMMC), Bethesda, MD (DSG-IT)DATE: 01/2023-06 2023Information System Security Officer (ISSO and ISSE)POC for SSP, IPP, CP and All the RMF tools and accreditation processScanning WRNMMC workstations, servers and IT InfrastructurePOC for the WRNMMC validation process.Preparing documents and artefacts for the IV&V team (system architecture diagram, SPP, ATO package and any other relevant documents for the Validation TeamPreparing effort request in the CSTAR tool in order to prepare for the IV&V teamPreparing Software and Hardware Inventory for the Cost estimate and validation of the WRNMMC IT infrastructure processAssisting the IV&V Team with documents and different assesses for the Validation process of the WRNMCC IT processRegistration of New system in eMass, uploading of artifacts in eMassUploading of SSP, SAR, IPP and other relevant RMF documents into eMassCreation, extension of new POA&M and Milestone into eMassUsing HBSS system (Mc Afee Agent to generate Audit Log report for workstations and IT infrastructure of WRNMMC LanUsing ePo Orchestrator (Mac Afee Console) to generate scans and Audit Log for WRNCMMC IT infrastructureParticipating in Incident Response Team and effort to remediate WRNMMC incidents and Data breachesUnited States Army, MRDC HQ Fort Detrick, MD (Free Alliance) DATE: 11/2021 2022Information System Security Officer (ISSO)Scanning MRDC LAN SYSTEM VIA ACAS to generate weekly reportsuploading reports for MRDC LAN for 6 Systems weeklyCollaborating with TECHS, WEB, DBA, and subject matter experts for remediation of vulnerabilities identified by ACAS ScanningDevelop solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP).Perform assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.Maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, SAR, and other relevant security documentation for the system.Perform risk assessments, develops, and recommend mitigating controls, and remain abreast of advancements that address emerging business and environmental factors impacting assurance levels.Work with IT Controls Manager to improve the efficiency and effectiveness of IT audit testing procedures, processes, and attributes.Develop Plan of Action & Milestones (POA&M) to remediate actions resulting from security control assessments; monitored and tracked remediation progress using GRC tools like eMass, ServiceNow and Archer.Provide security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis analyzing current threats to information security and systems.Resolve A&A ServiceNow incident tickets for change management.Execute day-to-day deliverables that support the ongoing compliance needs related to, PCI, IT policy, compliance, and risk, as well as any new regulatory requirements.Develop/Review deliverables associated with a FedRAMP security authorization package including, but not limited to System Security Plan, Information System Contingency Plan, Security Assessment Plan, and Security Assessment Report.Review for accuracy of Security Control Assessment (SCA) documentation, including but not limited to the Security Assessment Report (SAR).Perform ongoing RMF/A&A/ATO projects in support of client security systems using NIST SP 800-37 Rev 1 as a guide.Experience with e-GRC tools such as Archer, Service Now and prevalent to ensure secured and prompt communication of findings and deployments of questionnaires to the vendor and to track vendor progress on remediation.Ensure compliance with data security policies and relevant legal and regulatory requirements following agency directives and applicable Risk Management Framework (RMF) requirements.Review Nessus and Nexpose scan reports for deficiencies and remediation of findings.Participates in the System Assessment and Authorization process by working with the key stakeholders to ensure complete and accurate ATO packages.Validated system requirements, security policies and procedures, contingency plans, incident response plans, personnel security, access control mechanisms and identification and authentication mechanisms.United States Army (Trutek LLC) Alexandria, VAInformation System Security Engineer ( ISSE)DATE: 12/2018 10/2021Performed System Security Categorizations using FIPS 199 and the NIST 800-60 Vol.11 Rev1 guidelines and templates to select provisional impact levels assigned to the Confidentiality, Integrity, and Availability (CIA) based on the information type.Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), and System Security Test and Evaluation (ST&E).Developed and tracked Plans of Action and Milestones (POA&Ms) to ensure remediation closure.Performed security risk assessment and analysis of resources, controls, vulnerabilities, asset decommissioning, and information security threats to the organizations objective.Performed assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.Ensured that plans of action and milestones or remediation plans are in place for vulnerabilities identified during risk assessments.A better understanding of NIST 800-53 security controls and documentation for assessment results.Ensured all supporting artefacts and results will be documented appropriately and timely manner.Adhered to the NIST Risk Management Framework (RMF) to support the A&A process, including analyzing the development of supporting policies, procedures, and plans, designing, and implementing security controls, testing, and validating security controls, and analyzing and tracking corrective action plans.Performed ongoing continuous monitoring (ISCM) using NIST 800-137 Rev 1 as a guide.Provided security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis analyzing current threats to information security and systemsDocumented observations for existing IT control processes and identify issues in assessment questionnaires during disaster recovery planning exercisesConducted assessment of the security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary.Incident response management by processing computer affected for reimagingprocessing cybersecurity incidents that occurred within Network in collaboration with the 2RCC or NIWC CSSP Help Desk for analysis/ processingProviding updates if necessary to the 2RCC or NIWC CSSP Help DeskADRPA LLCDATE : 12/2017 10/2018IT Specialist ( Cybersecurity and Help Desk Support)Ticketing system via ServiceNowCreating users using internal and external Domain users using Active DirectoryCreating groups, roles and responsibilities using Azure ActiveTracking and following up RBACMX Tools.box.com to check on the validity and authenticity of emails Using Super Tools or Mxloopup, DMarclookup,Performs a lead role in the promotion of security awareness programs, assessing gaps and implementing solutions.Responsible for the end-to-end completion of security requests.Provisions user security roles and manages security groups across systems, platforms, databases, applications, servers, directors and folders.Analyzes existing role structures to improve and streamline structures, security administration and improve end-user experience.Responsible for highly sensitive security access for outsourced vendors and ensuring compliance with policy, regulations and contractual requirements.Accountable for highly sensitive emergency processes.Creates or maintains application scripts and uses application-specific tools to create or manage application security.Tracks and documents security issues and requests and actively monitors the work queue.1Plans, coordinates, communicates, tests and implements audits ensuring that access entitlements are appropriate for job requirements.Creates and coordinates completion of detailed security reports to fulfil audit, management or businessowner requirements.Accountable for follow-up of all security work requests including collaborating with other IT areas to ensure timely completion/resolution and obtainment of appropriate approval levels.Interfaces with users to understand new capabilities, implement procedures, ensure security procedures have been communicated properly and are being adhered to provide input to drive process improvementsWorks closely with business areas and IT partners on troubleshooting, pre-implementation activities and assessing application security.TECHNICAL SKILLSNIST Guidelines Publications Certification and Accreditation (C&A) Assessment and Authorization (A&A) HIPAA & PRIVACY ACT Training IT Security Compliance Vulnerability Assessment Network Vulnerability Scanning Information Assurance System Risk Assessment System Development Life Cycle Nessus Vulnerability Scanner ACAS HBSS SCAP Splunk SharePoint LAN WAN NIST SP 800-53 SP 800-53A SP 800-37 NIST SP 800-171 FIPS FISMA FedRAMP Risk ManagementFramework (RMF) FIPS-199 PTA PIA SSP CP SAR POA&M ATO ISA, MOU/A IDS IPS WindowsGRC ServiceNow Linux Microsoft Office NISPOM BelarcQualities :Fast Learner and Hard worker, good team player, humble and always motivated to go for new professional and career challenges. Ability to adapt, Critical Thinking, integrity, multi- tasking, strong organizational skills, time management and organizational skills, Interpersonal skills, Strong problem-solving, decision- making, reporting, communication, and management skills. |
