Guillaum Ebage
Euless,USA
Summary
Dynamic cybersecurity professional with over five years of experience in Information Security, IT, Software Development, Vendor Risk Assessment, and Governance Risk & Compliance. Proficient in navigating complex regulatory landscapes, including FISMA and FedRAMP Compliance, Vendor Risk Management, Vulnerability Management, and Security Control Assessment. Expertise in control testing, documentation, and providing strategic compliance advisory services to public and private sector clients. Committed to delivering exceptional client service and driving successful FedRAMP outcomes through meticulous adherence to standards and guidelines.
Overview
5
5
years of professional experience
1
1
Certification
Work History
Senior Information Assurance Analyst
Kforce – HITS
11.2023 - Current
- Maintain and track Assessment and Authorization (A&A) process for multiple systems and achieve ATOs for those systems.
- Provide guidance to senior leadership on the Authorization to Operate (ATO) process.
- Maintain systems and ensure records stay up to date using eMASS GRC tool.
- Develop implementation narratives/statements for controls following NIST guidelines.
- Ensure security controls continues to stay compliance and address non-compliance controls.
- Create and manage ongoing POA&Ms and ensure POA&Ms are remediated within the Scheduled Completion Date (SCD) or seek extension to avoid expired POA&Ms.
- Maintains system Hardware and Software inventory in eMASS and performs monthly validations.
- Maintains ATO Package security documents and initiate renewal at least annually (SSP, ISCP, CMP, IRP, BIA, PTA, PIA, and MOU/ISA.
- Provide system Audit Support by responding to PBCs and working on evidence gathering.
- Initiate and manage system workflow within eMASS to include RMF Steps 1-6, POA&M Quarterly Review, POA&M Approval, and Risk Acceptance Approval.
- Review and analyze vulnerability scans for Operating System (OS) and Database (DB) and initiate remediation effort for weaknesses discovered on the systems.
- Responsible for managing Data Calls and responding before the due date.
- Facilitate meetings with key stakeholders to provide updates on system ATO status.
ISSO/RMF Support Analyst
TruTek Solutions, LLC
11.2020 - 11.2023
- Provided Authorization to Operate (ATO) support for private cloud deployment model system following NIST, and FISMA guidelines.
- Documented security control implementation statement to meet NIST and FedRAMP control requirements.
- Worked with security control owners, engineers, GRC compliance team on their assigned controls to determine evidence that should be provided to support control implementation.
- Worked with the business to identify information security issues, control gaps or deviations in private cloud environments and assist in developing appropriate mitigating strategies.
- Supported the creation/development of key security documentations for FedRAMP private cloud deployment model system such as (SSP and SSP attachments, and other Policies, and Procedures) and Artifacts for systems undergoing the A&A process utilizing organizational templates.
- Reviewed security artifacts such as System Security Plan (SSP), Contingency Plan (CP), Configuration Management Plan (CMP), Incidence Response Plan (IRP), Hardware/Software inventories, and screenshot of system configurations, policies and procedures, Standard Operation Procedures (SOP) to support assessment and validate that control requirement are being met.
- Compiled together system ATO package prior to independent assessment and created a file and evidence naming convention/structure for security document and artifacts.
- Assisted in creation of the monthly Plan of Actions and Milestones (POA&M) report and coordinate related activities with various partners within the security and business organizations.
- Developed and updated A&A documentation post assessment to include SSP, SAR, POA&M, and ATO Letter as well as assisted in remediation of finding from assessment.
- Attended daily standup to provide updates on currently assigned tasks.
Education
MSc. - Cybersecurity Management and Policy
University of Maryland Global Campus
Adelphi, MarylandLL.B - Law
University of Buea
07.2015
Skills
- Software: MS Office 365, SharePoint, Google Workspace, Jira & Confluence, DB Protect, Tenable SC, STIGs/SCCD Compliance, eMASS
- NIST and FISMA compliance expertise
- Experience with Azure and AWS cloud solutions
Certification
- CompTIA Security+ CE
- Certified Information Security Auditor (CISA) – In Progress
Timeline
Senior Information Assurance Analyst
Kforce – HITS
11.2023 - Current
ISSO/RMF Support Analyst
TruTek Solutions, LLC
11.2020 - 11.2023
LL.B - Law
University of Buea
MSc. - Cybersecurity Management and Policy
University of Maryland Global Campus
Similar Profiles
Derek DalgleishDerek Dalgleish
End User Computing Spec Assoc at Michigan Medicine - Health Information Technology Services (HITS) Service DeskEnd User Computing Spec Assoc at Michigan Medicine - Health Information Technology Services (HITS) Service Desk
Brandon SuarezBrandon Suarez
PLAY BY PLAY ANNOUNCER & SWITCH BOARD OPERATOR at 102.3 F.M. THE COYOTE & 93.5 F.M. SUPER HITSPLAY BY PLAY ANNOUNCER & SWITCH BOARD OPERATOR at 102.3 F.M. THE COYOTE & 93.5 F.M. SUPER HITS
Heather SanoHeather Sano
HORSE SHOW SECRETARY/STABLING COORDINATOR at HITS, INCHORSE SHOW SECRETARY/STABLING COORDINATOR at HITS, INC
Connor KroutilConnor Kroutil
Account Management-Ocean Import Operations at MAINFREIGHTAccount Management-Ocean Import Operations at MAINFREIGHT