Summary
Overview
Work History
Education
Skills
Certification
Security Clearance
Technicalskills
References
Timeline
Generic

Chukwuka Alex Nweze

Houston,TX

Summary

Dynamic Security Control Assessor with over 8 years of expertise in federal IT security, specializing in evaluating and implementing security controls to ensure compliance with federal regulations and standards. Proficient in conducting risk assessments, identifying vulnerabilities, and enhancing security frameworks to protect critical information systems. Strong background in federal compliance, including NIST and FISMA, with a proven ability to safeguard IT environments effectively.

Overview

8
8
years of professional experience
1
1
Certification

Work History

SECURITY CONTROL ASSESSOR

DAIKING GLOBAL INC
12.2022 - Current
  • Conduct detailed assessments of security controls to ensure compliance with federal regulations, industry standards, and organizational policies
  • Evaluate the effectiveness of existing security measures and identify potential vulnerabilities
  • Assist in the design and implementation of security controls across IT systems, ensuring alignment with best practices and regulatory requirements
  • Identify, assess, and prioritize risks associated with information systems; recommend and implement risk mitigation strategies
  • Establish and maintain continuous monitoring programs to ensure ongoing effectiveness of security controls
  • Monitor and analyze security alerts and incidents, providing recommendations for corrective actions
  • Support internal and external audits by providing necessary documentation, evidence, and reports on security controls
  • Ensure compliance with federal standards such as NIST SP 800-53, FISMA, and other relevant regulations
  • Prepare detailed security assessment reports, including findings, recommendations, and risk levels
  • Maintain up-to-date documentation of security controls, procedures, and compliance artifacts
  • Assist in the development and execution of incident response plans and procedures; participate in post-incident analysis
  • Collaborate with IT, security, and business teams to align security controls with organizational goals
  • Conduct security training and awareness sessions for employees on security policies and procedures
  • Manage and coordinate security assessment projects, ensuring timely completion and effective communication of progress and findings to stakeholders
  • Schedule kickoff meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment
  • Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide
  • Develop Security Assessment Plans (SAPs) and conduct assessments of security control selections on various Moderate impact level systems to ensure compliance with NIST SP 800-53A
  • Conduct security control interview meetings and artifacts gathering meetings with various stakeholders using assessment methods & objects of examination, interview, and test
  • Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities
  • Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT)
  • Perform vulnerability assessments of information systems to detect deficiencies and validate compliance using POA&M tracking tool
  • (CSAM) Request scans and later review the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations
  • Conduct independent comprehensive assessments of operational and technical security controls and control enhancements utilized within the system to determine the overall effectiveness of the controls as defined in NIST 800-37
  • Verified all security control assessments for information systems and ensured that all assets are working as intended and these controls protect the confidentiality of the IT resources
  • Developed the system security Plan (SSPs), Plan of Action and Milestones (POA&M)/Corrective Action Plan (CAP), and other system documentations
  • Ensured that documentation of services and procedures are properly developed, accessible and maintained

IT SECURITY CONTROL COMPLIANCE

BPL PLASMA CONSULTING LLC
01.2020 - 11.2022
  • Tasked with evaluating, monitoring, and reporting performance against plans to ensure guidelines met appropriate procedures and policies
  • Contributed actively in meetings with the IT Division team to gather evidence
  • Tracked waivers to ensure that the proper controls have been documented and signed by the appropriate authorities
  • Charged with reviewing and ascertaining a Privacy Impact Assessment (PIA) document after a positive PTA
  • Aided in the development and review of remediation plans or POA&M for each testing area using CSAM
  • I fulfilled the review of documents such as ISA/MOU, SAR (Security Assessment Report), SAP (Security Assessment Plan), Scans, Waivers, and SSP (System Security Plan)
  • Confirmed the integrity and confidentiality of sensitive data
  • Finalized requirements to assist system owners in achieving ATOs
  • Produce weekly, monthly, and quarterly assessment metrics and reports for senior management
  • Collaborated with internal teams to remediate and mitigate third-party security audit findings
  • Provided recommendations for security flaws identified during vulnerability scanning and assessments for remediation and mitigation purposes
  • Demonstrated capacity to implement innovative security programs that drive awareness, decrease vulnerability, and strengthen organization
  • Assessed and validated identified vulnerabilities and tracked remediation efforts to completion
  • Established Standard Operation Procedures (SOP) for security tools and vulnerability management processes
  • Outstanding leadership abilities; able to coordinate and direct all phases of project-based efforts while supporting and motivating team members
  • Assist with governance and compliance initiatives for Information Security risk processes
  • Extensive knowledge and experience with NIST Risk Management Framework (RMF) and System Authorization processes and procedures
  • Created and updated Authorization to Operate (ATO) packages, Drafted, finalized, and submitted Privacy Threshold Assessments (PTAs), Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs) for annual review and re certification
  • Continuously monitored security controls effectiveness using NIST SP 800-137 as a guide

IT SECURITY COMPLIANCE

FEDERAL CONSULTING LLC
01.2017 - 11.2019
  • Prepared and presented detailed technical reports and executive summaries for senior management, highlighting key findings, risks, and recommendations from security assessments and audits
  • Schedule meetings with system owners to help identify assessment scope, system boundary, the information systems category and attain any artifacts needed in conducting the assessment
  • Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide
  • Develop Security Assessment Plans (SAP) and conduct assessment of security control selections on various moderate impacts level systems to ensure compliance with the NIST SP 800-53A Rev 4
  • Conduct security control interview meetings and Artifact gathering meeting with stakeholders using assessment methods of interview
  • Document findings in a security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities
  • Review A&A package items using NIST guidance for FISMA compliance such as the system FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency plan (CP) and Contingency Plan Test (CPT)
  • Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool
  • (CASM) Request scans and review the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations

Education

BACHELOR OF SCIENCE -

UNIVERSITY OF NIGERIA NSUKKA

Skills

  • Analysis and Reporting
  • Authorization Decision
  • Continuous Monitoring
  • Support for Authorization
  • In-depth knowledge of federal security standards and guidelines
  • Technical expertise
  • Analytical skills
  • Communication skills

Certification

  • CompTIA CASP+
  • Project Management Professional (PMP), PMI
  • Certified Information Systems Manager (In Progress)

Security Clearance

Ability to obtain any level of clearance

Technicalskills

Analyze the data collected during the assessment. Prepare and submit the Security Assessment Report (SAR) to the Authorizing Official., Support the Authorizing Official (AO) in making an informed decision regarding the system's authorization to operate (ATO). Provide input for the Plan of Action and Milestones (POA&M) if deficiencies are found., Engage in continuous monitoring activities, including periodic reassessments and real-time monitoring of security controls., Provides critical information that supports the Authorizing Official (AO) in making informed decisions about the system's operation and its security status.

References

Available upon request

Timeline

SECURITY CONTROL ASSESSOR

DAIKING GLOBAL INC
12.2022 - Current

IT SECURITY CONTROL COMPLIANCE

BPL PLASMA CONSULTING LLC
01.2020 - 11.2022

IT SECURITY COMPLIANCE

FEDERAL CONSULTING LLC
01.2017 - 11.2019

BACHELOR OF SCIENCE -

UNIVERSITY OF NIGERIA NSUKKA

Similar Profiles

  • Azzoubair Elmejjati

    Azzoubair ElmejjatiAzzoubair Elmejjati

    Professional Chauffeur at Blacklane Global Chauffeuring, TBR Global Chauffeur, United Private Cars, Boston Limousine, Uber BlackProfessional Chauffeur at Blacklane Global Chauffeuring, TBR Global Chauffeur, United Private Cars, Boston Limousine, Uber Black

    View Profile
  • Larry Arries

    Larry ArriesLarry Arries

    Group Financial Manager at Global Outdoor Systems/Provantage Global (Pty) LtdGroup Financial Manager at Global Outdoor Systems/Provantage Global (Pty) Ltd

    View Profile
  • MADHAVI CHENGATU

    MADHAVI CHENGATUMADHAVI CHENGATU

    Business Analyst at Carelon Global Solutions: Summitworks Technologies and UST GLOBALBusiness Analyst at Carelon Global Solutions: Summitworks Technologies and UST GLOBAL

    View Profile
Chukwuka Alex Nweze