Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Muyiwa Brown

Prosper,TX

Summary

Results-driven cybersecurity leader with over a decade of experience in driving security initiatives. Successfully reduced security incidents by 20% at a major financial organization. Proven expertise in implementing and managing several NIST security frameworks and FedRAMP. Skilled in fostering collaboration across diverse teams to enhance security controls and ensure continuous compliance monitoring. A detail-oriented leader with effective communication skills, adept at managing multiple projects and maturing GRC programs.

Overview

17
17
years of professional experience
1
1
Certification

Work History

Information System Security Officer (ISSO)

Decisionpoint Inc
08.2023 - Current
  • Contributing towards reducing overall enterprise risk by consistently analyzing and refining organization's risk appetite and tolerance levels.
  • Established effective communication channels between cross-functional departments and Business Owners to facilitate prompt exchange of relevant cybersecurity information and fostering collaboration.
  • Acting as primary ISSO for diverse portfolio of financial and non-financial information systems. Leveraging effective communication and negotiation skills to translate complex security and business requirements into clear, understandable terms for stakeholders,
  • Championed development and maintenance of robust library of security documentation, including comprehensive System Security Plans (SSPs), PTA, PIA, and System Security and Privacy Plans (SSPPs). My meticulous attention to detail ensured these plans aligned with industry best practices and regulatory requirements, promoting strong security posture.
  • Leading the management and oversight of Assessments &Authorization (A&A) processes. This includes meticulously reviewing A&A packages for accuracy, completeness, and alignment with evolving security requirements. My expertise in NIST 800-53 standards, FISMA, FedRAMP, and organizational policies ensured ongoing security compliance.
  • Leveraging strong analytical and problem-solving skills to effectively lead the continuous monitoring activities to include POA&M managements. This proactive approach ensures efficiency of security processes and continuous compliance with evolving system security requirements.
  • Leveraged expertise in vulnerability management to analyze threats and vulnerabilities discovered during Nessus scans. Worked collaboratively with security team to prioritize remediation efforts based on risk and exploitability. This ensured prompt resolution of security issues and strengthened security posture.
  • Leading a weekly SIEM dashboard review to identify and report anomalous activities, ensuring timely response to potential threats. Facilitate collaboration with business owners by distributing monthly health reports, promoting security awareness, and fostering a proactive security culture.
  • Performing internal audit readiness activities for all assigned systems before official OIG-Audits. Documenting identified gaps, along with recommendations on how to improve the system security posture.
  • Acting as liaison between stakeholders and external auditors, ensuring adequate communication and interpreting the security requirements to various levels of stakeholders.
  • Conducting annual control assessments of all assigned information systems following the NIST Risk Management Framework (RMF) and FedRAMP requirements, to ensure that the security controls are implemented correctly, working as intended, and producing the desired outcomes.

Manager, Cyber Security-Strategy and Governance

KPMG US
07.2021 - 08.2023
  • Contributed to revenue growth by identifying new market opportunities based on thorough industry research and analysis.
  • Led development and implementation of security risk management program for multinational telecommunications company, driving process improvement and offering expert guidance on security projects.
  • Developed over 300 Unified Control Matrix with corresponding test procedures, ensuring compliance with various frameworks (ISO 27001, ISO 27002, NIST CSF, PCI DSS, FedRAMP, GDPR, CSA CCM, COBIT5, and CIS Critical Controls). This comprehensive control set helped global client streamline internal global audits, reducing personnel workload from multiple audits annually.
  • Leveraged strong stakeholder relationships to drive process improvements and SLA alignment. Developed and documented clear policies and procedures, resulting in 20% reduction in program execution time and successful program delivery.
  • Led client’s comprehensive Unified Control Program, performing thorough assessment of over 1,300 controls across diverse frameworks (NY DFS, NSA, PCI, CMMC, HIPAA, etc.) to ensure compliance with stringent security regulations.
  • Kept senior leadership proactively informed by facilitating and presenting detailed weekly progress and risk reports. These reports provided clear updates, potential risks, and proposed solutions for ongoing tasks. Additionally, developed clear and concise weekly reports for company owners and bi-weekly reports for VPs, ensuring program transparency and timely communication of actionable goals to all relevant stakeholders.
  • Leveraged security expertise to guide stakeholders in developing robust System Security Plans (SSPs) and achievable Plans of Action & Milestones (POA&Ms). Offered security compliance guidance for product integration, ensuring seamless integration while maintaining strong security posture.
  • Led multiple client engagements conducting NIST Cybersecurity Framework assessments. By leveraging Capability Maturity Model integration (CMMI) scoring approach, provided clients with clear picture of their security maturity level and prioritized recommendations for improvement.
  • Effectively translated complex financial risks and technical challenges into clear, actionable information for non-technical client personnel in the financial services industry. This facilitated informed decision-making, managed client expectations, and ensured well-coordinated team effort.

CMMC Issue Manager (Contract)

KPMG US
06.2020 - 07.2021
  • Established strong relationships with clients by maintaining clear communication channels and consistently exceeding expectations.
  • Successfully drove remediation of 118 critical/high-risk security findings within five months, significantly reducing organization’s attack surface. Additionally, operationalized long-term reporting process for developed Plans of Action & Milestones (POA&Ms) in RSA Archer, promoting efficient tracking and timely remediation of future vulnerabilities.
  • Leveraged deep understanding of CMMC requirements to serve as firm’s subject-matter expert. Partnered with senior management to analyze control gaps identified by C3PAO and develop effective remediation strategies. This collaborative approach ensured comprehensive understanding of CMMC requirements and roadmap for successful implementation.
  • Utilized strong analytical skills to identify security findings and translate them into actionable policies and procedures documented within ServiceNow.
  • Reviewed and evaluated security control evidence submitted by stakeholders, ensuring adherence to security policies and compliance requirements. Effectively closed out security findings in ServiceNow upon confirmation that remediation criteria were met. This streamlined workflow ensured timely resolution of security issues and improved overall security posture.
  • Leveraged strong analytical and communication skills to document and present comprehensive weekly progress and risk reports for CMMC Working Group Meetings. These reports effectively communicated complex CMMC compliance information, ensuring stakeholder alignment and informed decision-making throughout the process.
  • Successfully educated and mentored two team members on intricacies of CMMC compliance and KPMG operations. This knowledge transfer empowered them to contribute effectively to CMMC working groups. Their contributions significantly aided in the success of CMMC program.
  • Developed comprehensive implementation statements for two applications within client’s security plan, documenting over 60 CMMC controls. This ensured thorough and compliant security posture for a successful audit.

Security Consultant

Coalfire Team
01.2019 - 06.2020
  • Successfully translated and documented over 100 complex FedRAMP control requirements into clear and actionable steps for business unit of Fortune 500 company. This user-friendly format ensured comprehensive understanding of compliance requirements. Additionally, provided control automation recommendations for 65 controls, resulting in increased efficiency and reduced manual effort.
  • Performed gap analysis of 18 client’s system, evaluating their compliance with federal regulatory standards including FedRAMP and DoD Cloud Computing SRG. Identified critical security gaps and provided actionable recommendations that empowered clients to address security weaknesses. This resulted in increased preparedness for successful FedRAMP authorization and improved alignment with DoD security requirements.
  • Leveraged strong technical writing and information security expertise to develop exceptional system security documentation for three different client’s authorization packages, meticulously crafted comprehensive SSP, clear and concise policies and procedures, and detailed contingency, incident response, and configuration management plans. This ensured all documentation adhered to FedRAMP/DoD CC SRG standards, resulting in successful authorization for all clients.
  • Guided five clients through FedRAMP readiness assessments, leveraging my expertise in security controls to identify and address security gaps. This proactive approach prepared them for successful FedRAMP authorization.

Cyber Security Analyst

Douala IT
01.2015 - 01.2019
  • Analyzed security incidents post-resolution, identifying areas for improvement in both technical controls and incident response processes.
  • Supported implementation of robust identity and access management system, enhancing overall security posture by limiting unauthorized access to critical systems and data.
  • Spearheaded implementation of various security standards (NIST 800-53, FedRAMP, PCI) for multiple client environments, ensuring alignment with regulatory requirements and organizational security objectives.
  • Successfully led high-performing cybersecurity team of 5, leveraging strong communication and delegation skills to ensure successful completion of multiple security workstreams that led to achieving Authorization to Operate (ATO) for 14 critical system.
  • Maintained clear and efficient communication with over 20 stakeholders at all levels (engineers to partners and executive directors) by fostering collaborative environment and providing regular progress updates. This ensured transparency and alignment throughout ATO process.
  • I spearheaded key security workstreams, such as access control implementation and vulnerability remediation, while fostering collaborative environment.
  • Followed established procedures to promptly communicate security incidents and potential information system changes to Information System Security Manager (ISSM). This proactive approach ensured timely risk assessments and mitigation strategies were implemented to minimize impact on system authorization (ATO).

IT - GRC Analyst

Si-Gnostics
06.2011 - 01.2015
  • Led development and implementation of multifaceted security awareness campaign, including engaging training workshops, informative newsletters, and gamified phishing simulations. This campaign successfully increased the organization’s awareness of security compliance in respect to Cyber Security, Risks, IT Governance, and Quality Assurance by 60%. As result, observed 20% decrease in reported security incidents, demonstrating more security-conscious workforce.
  • Leveraged strong project management and communication skills to spearhead implementation of ISO 27001 requirements across all operational tasks, IT governance processes, and project delivery efforts. This ensured seamless integration of security controls and concepts, fostering a more secure environment.
  • Leveraged strong analytical and problem-solving skills to conduct extensive risk assessments, identifying and prioritizing potential threats and vulnerabilities across organization. This comprehensive evaluation facilitated the development of preventative and corrective actions, mitigating risks and strengthening overall security posture.
  • Successfully implemented standardized vulnerability management SOP, ensuring systematic approach to identifying, prioritizing, and remediating security vulnerabilities across organization’s IT infrastructure.

IT Project Manager

CNEEC
03.2008 - 02.2011
  • Developed detailed project plans, outlining clear objectives, timelines, and deliverables for IT projects.
  • Led system integration efforts, working closely with vendors and internal teams to ensure seamless transitions.
  • Ensured smooth adoption of new technology systems through comprehensive employee training programs tailored to individual learning styles.
  • Negotiated contracts with vendors that led to cost savings while maintaining a high level of service quality.
  • Managed budgets for multiple projects concurrently, tracking expenses and reallocating resources as needed to stay within budget constraints.
  • Implemented risk mitigation strategies to minimize potential issues impacting project deadlines or budgets.
  • Coordinated material procurement and required services for projects within budget requirements.
  • Led cross-functional teams of 8 to successfully complete IT projects.

Education

Bachelor of Science - Physics

Olabisi Onabanjo University
Ogun States, Nigeria

Diploma - Data Processing

University Consult

Skills

  • Project Management / Leadership
  • Risk assessment and mitigation
  • IT security audit
  • Security assessment and authorization
  • Security documentation management
  • Ongoing performance tracking
  • Data privacy management
  • Cloud security management

Certification

  • Certified Information Security Manager (CISM)
  • Certified Scrum Master (SCM)
  • Certificate of Cloud Security Knowledge V4 (CCSK)
  • AWS Certified Cloud Practitioner
  • FedRAMP 100A – 300G
  • CompTIA Security+
  • Associate - Certified Chief Information Security Officer – A|C|CISO
  • Professional Development
  • Business Management Courses

Timeline

Information System Security Officer (ISSO)

Decisionpoint Inc
08.2023 - Current

Manager, Cyber Security-Strategy and Governance

KPMG US
07.2021 - 08.2023

CMMC Issue Manager (Contract)

KPMG US
06.2020 - 07.2021

Security Consultant

Coalfire Team
01.2019 - 06.2020

Cyber Security Analyst

Douala IT
01.2015 - 01.2019

IT - GRC Analyst

Si-Gnostics
06.2011 - 01.2015

IT Project Manager

CNEEC
03.2008 - 02.2011

Diploma - Data Processing

University Consult

Bachelor of Science - Physics

Olabisi Onabanjo University

Similar Profiles

  • Tiffany Chang

    Tiffany ChangTiffany Chang

    Account Manager/Senior Accountant at DecisionPoint TechnologiesAccount Manager/Senior Accountant at DecisionPoint Technologies

  • Julie Wyman

    Julie WymanJulie Wyman

    Paramedic at Cooke County EMSParamedic at Cooke County EMS

  • Aja Brewer

    Aja BrewerAja Brewer

    AVP, Property Operations at Hudson HomesAVP, Property Operations at Hudson Homes

  • Isaac Adair

    Isaac AdairIsaac Adair

    Business Development Manager at Dusty G. GalleryBusiness Development Manager at Dusty G. Gallery

  • ACHE FORSAB

    ACHE FORSABACHE FORSAB

    Information System Security Officer (ISSO) at PeratonInformation System Security Officer (ISSO) at Peraton

CREATE PROFILE
Muyiwa Brown