FEMI OTUYELU
Silver Spring,MD
Overview
12
12
years of professional experience
1
1
Certification
Work History
Information System Security Officer (ISSO)
Pension Benefit Guaranty Corporation (PBGC)
02.2022 - Current
- Proactively create, monitor, and update the status of POA&Ms to ensure weaknesses are resolved in accordance with their scheduled completion dates
- Create Waivers or Risk Acceptance Memos to assist in the effective management of system risks
- Conduct annual assessments in accordance with the guidance in the Enterprise Information Security Performance Plan
- Review and update security authorization documents as needed, or at least annually
- Conduct Contingency Plan tests and update the Contingency Plan document as needed or at least annually
- Perform system self-assessments as part of the customer's Ongoing Authorization program
- Coordinate with customer divisions regarding compliance documentation and other requirements
- Monitor and respond to Information Security Vulnerability Management (ISVM)/Patch Management
- Provide audit support for assigned systems, throughout the audit (Pre and Post Assessment)
- Maintain knowledge of inventory in accreditation boundary
- Use DHS and mandated enterprise Information Assurance Compliance Tools
- Respond to emerging requirements or policies as set by legislation, regulation or policy
- Participate in DevOps Sec (security integrated into Agile processes) requirements for assigned systems
- Support the review and updates of security authorization documents as needed, or at least annually
- Help coordinate with Privacy, Records, and Information Governance Divisions in relation to compliance documentation and other requirements
- Proactively ensure security requirements are included in development cycle (Waterfall, Agile, SecDevOPs)
- Ensure Configuration Management processes are followed to ensure that any changes do not introduce new security risks
- Support the management system Information Security Vulnerability Management (ISVM) Compliance
- Train and manage ISSOs on the day to day processes needed to complete their tasks.
Information Security Consultant
Securicon, LLC
09.2019 - 03.2020
- Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security Test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)
- Conducted audit kickoff meetings with senior management and fellow auditors to gather information, identify scope and align resources for testing
- Conducted interviews with selected personnel, documented and evaluated business processes, and executed audit test programs which determined the adequacy and effectiveness of internal controls and compliance with regulations
- Assisted System Owners and ISSO in preparing C&A package for companies’ IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4
- Designated systems and categorized its Confidentiality, Integrity and Availability (C.I.A) using FIPS 199 and NIST SP 800-60
- Coordinated and performed various walk-throughs with the client's leadership to better understand and document the client's Financial Reporting processes
- Evaluated the effectiveness of internal control systems and identified areas of improvement, best practices, and lessons learned
- Developed and documented findings/results in written reports and presentations
- Directed and educated junior team members on auditing techniques and software
- Conducted Self-Annual Assessment based on NIST SP 800-53A
- Performed Vulnerability Assessments and identified corrective actions to mitigate known vulnerabilities
- Made sure that risks are assessed, evaluated and required action taken to limit their impact on the Information and Information Systems
- Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
- Coordinated with stakeholders to gather contingency plan information and develop system (ISCP) and business (BCP) focused contingency plans
- Responsible for writing Standard Operating Procedures to standardize work processes.
Information Security Analyst
Optimum, LLC
06.2012 - 09.2019
- Reviewed and Tested IT General Controls (ITGC) of various applications, databases and Operating Systems using various audit Frameworks- SOX, NIST and ISO
- Developed audit plans and programs, following NIST and ISO frameworks
- Performed assessment of IT internal controls as part of financial statement audit, Internal and operational audits, attestation engagement, and audit readiness
- Conducted testing of internal audit - Sarbanes-Oxley 404 compliance in public companies (SOX)
- Prepared audit plans and scope, detailed audit program, risk assessment control matrices, report findings, and present recommendations for improving data integrity and internal controls over financial reporting
- Oversee audits from planning, fieldwork (walkthroughs and detailed testing), reporting and follow up phases
- Performed IT general and application control reviews and monitor segregation of duties and other key management controls, review audit activities, including IT risk controls, internal control strengths and weaknesses
- Set up control matrix based on specific client application needs during planning phase of audits
- Participated in integrated audits – carrying out ITGC testing in support of financial statements audits.
Education
Bachelor in Business Administration -
University of Lagos
Lagos, NigeriaSkills
- IT Security
- FISMA and FedRamp Compliance
- Detailed knowledge of information system security, technologies, and best practices with an emphasis on FISMA/NIST and FedRamp
- Experience in system security auditing, monitoring, evaluation, and Assessment and Accreditation (A&A) of GSS (General Support Systems), MA (Major Applications) and Cloud Systems (FedRamp)
- SOFTWARE, PLATFORMS, ARTIFACTS
- FIPS 199, E-Authentication, Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Risk Assessment (RA), SSP, ISCP, SAR, Plans of Action and Milestones (POA&M), Authorization to Operate (ATO) Letter, Nessus, Pre & Post Assessment Package Reviews, Vulnerability Scanning Tool, Big Fix Compliance, Archer, CSAM
Certification
- CompTIA Security+ - Certified
- CompTIA CySA+ Certified
- CompTIA Security Analytics Professional CSAP
- AWS Solutions Architect – Associate (SAA-C03)
- Project Management (PMP)
- ISACA Certified Data Privacy Solution Engineer
- Scrum Master Certified
Timeline
Information System Security Officer (ISSO)
Pension Benefit Guaranty Corporation (PBGC)
02.2022 - Current
Information Security Consultant
Securicon, LLC
09.2019 - 03.2020
Information Security Analyst
Optimum, LLC
06.2012 - 09.2019
Bachelor in Business Administration -
University of Lagos
Similar Profiles
Nidhi VijNidhi Vij
IT Infrastructure Project Management Manager at Science Applications International Corporation (SAIC) under contract to Pension Benefit Guaranty Corporation (PBGC)IT Infrastructure Project Management Manager at Science Applications International Corporation (SAIC) under contract to Pension Benefit Guaranty Corporation (PBGC)
Jasmine HicksJasmine Hicks
Leasing Consultant at Pension Benefit Guaranty Corporation (PBGC) Via- Hana Engineers & ConsultantLeasing Consultant at Pension Benefit Guaranty Corporation (PBGC) Via- Hana Engineers & Consultant
ERIC DONNELL BRYANTERIC DONNELL BRYANT
Financial & Performance Management Supervisor at Pension Benefit Guaranty CorporationFinancial & Performance Management Supervisor at Pension Benefit Guaranty Corporation
Tracie L HonemondTracie L Honemond
Senior Sales Manager at Brookdale Senior Living FacilitySenior Sales Manager at Brookdale Senior Living Facility
Josue EnamoradoJosue Enamorado
Clinical Technician at SpecialtyCareClinical Technician at SpecialtyCare