Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Ikhuoria Otoide

Bel air,Maryland

Summary

Cybersecurity and Risk Management professional with over five years of experience supporting federal information systems in FISMA-regulated environments. Extensive experience with Risk Management Framework (RMF), Security Control Assessments (SCA), Authority to Operate (ATO) package development, and continuous monitoring aligned with NIST SP 800-37, 800-53 Rev. 5, 800-53A, FIPS 199, and FIPS 200. Proven ability to manage POA&M lifecycles, conduct vulnerability and risk assessments, and support Authorizing Officials with risk-based decisions.

Overview

8
8
years of professional experience
1
1
Certification

Work History

Security Control Assessor / Vulnerability Management Lead

Customer Value Partner - United States Department of Agriculture (USDA)
Washington, DC
06.2024 - Current
  • Monitoring the system and environment of operation to include developing and updating the system security plan (SSP)
  • Perform enterprise vulnerability management activities including identification, analysis, prioritization, remediation tracking, evidence validation, and closure of system and application vulnerabilities.
  • Support full RMF lifecycle activities including control implementation, documentation, continuous monitoring, and preparation for initial and ongoing Authorizations to Operate (ATOs).
  • Develop, review, and maintain RMF artifacts including System Security Plans, Security Assessment Plans, Security Assessment Reports, POA&Ms, Continuous Monitoring Plans, Business Impact Analyses, Privacy documentation, and Contingency Plans.
  • Manage the POA&M lifecycle by coordinating remediation efforts with system owners, ISSOs, and technical teams using risk-based prioritization.
  • Conduct FISMA-compliant Security Control Assessments using NIST SP 800-53A and perform risk assessments aligned with NIST SP 800-30.
  • Support Security Control Assessment activities and provide recommendations to support Authorizing Official risk-based authorization decisions.
  • Monitor security events and ticketing queues, triage incidents, and support incident response activities including investigation, containment, remediation, and recovery.
  • Develop SOPs, workflows, KPIs, and security metrics to report system security posture and risk trends to leadership.

Cybersecurity Analyst

Customer Value Partner - Centers for Medicare &Medicaid Services (CMS)
Washington, DC
12.2021 - 06.2024
  • Supported ATO package development by capturing, reviewing, and validating RMF artifacts for independent assessment activities.
  • Presented RMF status updates and system security posture to government stakeholders during program and governance meetings.
  • Supported POA&M remediation efforts by tracking corrective actions and validating evidence using CSAM.
  • Reviewed authorization documentation to ensure accuracy, completeness, and compliance with FISMA and NIST standards.
  • Ensured cybersecurity policies reflected current NIST and FISMA requirements.
  • Validated System Security Plans to confirm accurate implementation of security controls.
  • Categorized information systems in accordance with FIPS 199 and NIST SP 800-60.
  • Conducted continuous monitoring activities to maintain ongoing compliance.
  • Ensured sensitive information was properly marked and handled in accordance with federal security requirements.

Cybersecurity Analyst

Edify Technology
Naperville, IL
01.2022 - 05.2022
  • Ensured FISMA-compliant security control assessments for commercial and federal information systems.
  • Assisted in developing risk assessment reports for submission to designated accrediting and authorizing officials.
  • Prioritized findings based on risk impact and documented corrective actions and remediation plans.
  • Reviewed RMF artifacts including System Security Plans, system inventories, technical screenshots, scan results, Requirement Traceability Matrices, control allocation tables, and Security Assessment Reports.
  • Provided client outreach and education on cybersecurity and compliance requirements through written and oral communication.
  • Supported clients in identifying inherited controls and differentiating responsibilities between cloud service providers, hosting environments, and system owners using NIST guidance and organizational policies.

Security Control Assessor

Atlas Research - Centers for Medicare &Medicaid Services (CMS)
Washington, DC
08.2020 - 12.2021
  • Conducted FISMA-compliant security control assessments for federal and commercial information systems.
  • Assisted in preparing risk assessment reports for submission to accrediting officials.
  • Prioritized findings based on risk severity and documented POA&M remediation actions.
  • Reviewed RMF artifacts including System Security Plans, inventories, scan data, Requirement Traceability Matrices, control allocation tables, and Security Assessment Reports.
  • Supported client education efforts related to cybersecurity compliance requirements.
  • Assisted in identifying and validating inherited controls across hosting facilities and cloud service provider environments.

Communications Tech 3 - (Shadowed ISSO)

Comcast Corporation
Philadelphia, PA
12.2017 - 08.2020
  • Installed and evaluated secure video, data, and voice services to ensure network security and integrity.
  • Conducted maintenance and testing for secure network connectivity.
  • Volunteered in Security Control Assessment activities using NIST SP 800-53A.
  • Shadowed ISSO and NOC teams in developing RMF documentation including Security Assessment Plans and Requirement Traceability Matrices.

Education

Master's degree - Telecommunication technology

University of Maryland Global Campus
01.2019

Bachelor’s degree - computer information system

Babcock University
01.2013

Skills

  • Cloud/SaaS and On-Premise Environments
  • GRC (Governance, Risk & Compliance)
  • Enterprise Monitoring & Analytics
  • RMF & FISMA Frameworks
  • FedRAMP
  • FIPS 199 / FIPS 200
  • NIST 800-37 / NIST 800-53A / 800-53 Rev5
  • Security Assessment & Authorization (A&A)
  • SSP, SAP, RTM, SAR, POA&M Development
  • Vendor & Change Management
  • POA&M Remediation
  • Microsoft Office Suite (Word, Excel, SharePoint, PowerPoint)
  • Splunk Integrations
  • CSAM
  • EMASS
  • ServiceNow
  • Nessus
  • Jira
  • Confluence
  • Incident response management
  • Disaster recovery strategies
  • Vulnerability assessment

Certification

  • Certified Information Security Manager (CISM)
  • CompTIA Security+
  • Microsoft Certified Azure Fundamentals (AZ-900)

Timeline

Security Control Assessor / Vulnerability Management Lead

Customer Value Partner - United States Department of Agriculture (USDA)
06.2024 - Current

Cybersecurity Analyst

Edify Technology
01.2022 - 05.2022

Cybersecurity Analyst

Customer Value Partner - Centers for Medicare &Medicaid Services (CMS)
12.2021 - 06.2024

Security Control Assessor

Atlas Research - Centers for Medicare &Medicaid Services (CMS)
08.2020 - 12.2021

Communications Tech 3 - (Shadowed ISSO)

Comcast Corporation
12.2017 - 08.2020

Master's degree - Telecommunication technology

University of Maryland Global Campus

Bachelor’s degree - computer information system

Babcock University
Ikhuoria Otoide