Summary
Overview
Work History
Education
Skills
Certification
Timeline
Hi, I’m

Muyiwa Brown

Information Security Analyst
Prosper,TX

Summary

Results-driven cybersecurity professional with over 10 years of experience in planning, analyzing, and implementing security initiatives that reduced security incidents by 20% for a leading healthcare organization. Proven expertise in developing, testing, and implementing security frameworks like NIST CSF and FedRAMP, ensuring compliance for government and commercial clients. Detail-oriented leader with strong communication and collaboration skills, adept at managing multiple projects and fostering a collaborative team environment.

Overview

16
years of professional experience
1
Certification

Work History

Spry Methods

Information System Security Officer
10.2023 - Current

Job overview

  • Contributing towards reducing overall enterprise risk by consistently analyzing and refining the organization''s risk appetite and tolerance levels.
  • Established effective communication channels between cross-functional departments to facilitate prompt exchange of relevant cybersecurity information.
  • Acting as the primary ISSO for a diverse portfolio of financial and non-financial information systems. Leveraging strong communication and negotiation skills to translate complex security and business requirements into clear, understandable terms for stakeholders, fostering collaboration and ensuring alignment with organizational objectives.
  • Championed the development and maintenance of a robust library of security documentation, including comprehensive System Security Plans (SSPs) and System Security and Privacy Plans (SSPPs). My meticulous attention to detail ensured these plans aligned with industry best practices and regulatory requirements, promoting a strong security posture.
  • Leading the management and oversight of A&A processes. This includes meticulously reviewing A&A packages for accuracy, completeness, and alignment with evolving security requirements. My expertise in NIST 800-53 standards, FISMA, and organizational policies ensured ongoing security compliance.
  • Leveraged strong analytical and problem-solving skills to effectively monitor post-authorization/certification activities. This proactive approach ensured the efficiency of security processes and continuous compliance with evolving system security requirements.
  • Leveraged expertise in vulnerability management to analyze threats and vulnerabilities discovered during Nessus scans. Worked collaboratively with the security team to prioritize remediation efforts based on risk and exploitability. This ensured timely resolution of security issues and a strengthened security posture.

KPMG US

Senior Analyst, Cyber Security-Strategy and Govern
08.2021 - 10.2023

Job overview

  • Contributed to revenue growth by identifying new market opportunities based on thorough industry research and analysis.
  • Led the development and implementation of a security risk management program for a multinational telecommunications company, driving process improvement and providing expert guidance on security projects.
  • Developed over 300 Unified Control Matrix with corresponding test procedures, ensuring compliance with various frameworks (ISO 27001, ISO 27002, NIST CSF, PCI DSS, GDPR, CSA CCM, COBIT5). This comprehensive control set helped a global client streamline internal global audits, reducing personnel workload from multiple audits annually.
  • Leveraged strong stakeholder relationships to drive process improvements and SLA alignment. Developed and documented clear policies and procedures, resulting in 20% reduction in program execution time and successful program delivery.
  • Led a client's comprehensive Unified Control Program, performing a thorough assessment of over 1,300 controls across diverse frameworks (NY DFS, NSA, PCI, CMMC, HIPAA, etc.) to ensure compliance with stringent security regulations.
  • Kept senior leadership proactively informed by facilitating and presenting detailed weekly progress and risk reports. These reports provided clear updates, potential risks, and proposed solutions for ongoing tasks. Additionally, I developed clear and concise weekly reports for application owners and bi-weekly reports for VPs, ensuring program transparency and timely communication of identified gaps to all relevant stakeholders.
  • Leveraged security expertise to guide stakeholders in developing robust System Security Plans (SSPs) and achievable Plans of Action & Milestones (POA&Ms). Provided security compliance guidance for product integration, ensuring seamless integration while maintaining a strong security posture.
  • Led multiple client engagements conducting NIST Cybersecurity Framework assessments. By leveraging the Capability Maturity Model integration (CMMI) scoring approach, I provided clients with a clear picture of their security maturity level and prioritized recommendations for improvement.
  • Effectively translated complex financial risks and technical challenges into clear, actionable information for non-technical client personnel in the financial services industry. This facilitated informed decision-making, managed client expectations, and ensured a well-coordinated team effort.

KPMG US

CMMC Security Consultant (Contract)
12.2020 - 08.2021

Job overview

  • Established strong relationships with clients by maintaining clear communication channels and consistently exceeding expectations.
  • Successfully drove the remediation of 118 critical/high-risk security findings within five months, significantly reducing the organization's attack surface. Additionally, operationalized a long-term, repeatable reporting process for developed Plans of Action & Milestones (POA&Ms) in RSA Archer, promoting efficient tracking and timely remediation of future vulnerabilities.
  • Leveraged deep understanding of CMMC requirements to serve as the Firm's subject matter expert. Partnered with senior management to analyze control gaps identified by the C3PAO and develop effective remediation strategies. This collaborative approach ensured a comprehensive understanding of CMMC requirements and a roadmap for successful implementation.
  • Utilized strong analytical skills to identify security findings and translate them into actionable policies and procedures documented within ServiceNow.
  • Reviewed and evaluated security control evidence submitted by stakeholders, ensuring adherence to security policies and compliance requirements. Effectively closed out security findings in ServiceNow upon confirmation that remediation criteria were met. This streamlined workflow ensured timely resolution of security issues and improved overall security posture.
  • Leveraged strong analytical and communication skills to document and present comprehensive weekly progress and risk reports for CMMC Working Group Meetings. These reports effectively communicated complex CMMC compliance information, ensuring stakeholder alignment and informed decision-making throughout the process.
  • Successfully educated and mentored two team members on the intricacies of CMMC compliance and KPMG operations. This knowledge transfer empowered them to contribute effectively to CMMC working groups. Their contributions significantly aided in the success of the CMMC program.
  • Developed comprehensive implementation statements for two applications within the system security plan, documenting over 60 CMMC controls. This ensured a thorough and compliant security posture for a successful audit.

Coalfire System

Security Consultant
08.2019 - 12.2020

Job overview

  • Successfully translated and documented over 100 complex FedRAMP control requirements into clear and actionable steps for the business unit of a Fortune 500 company. This user-friendly format ensured a comprehensive understanding of compliance requirements. Additionally, I provided control automation recommendations for 65 controls, resulting in increased efficiency and reduced manual effort.
  • Performed gap analysis of 18 client's system, evaluating their compliance with federal regulatory standards including FedRAMP and DoD Cloud Computing SRG. My assessment identified critical security gaps and provided actionable recommendations that empowered clients to address security weaknesses. This resulted in increased preparedness for successful FedRAMP authorization and improved alignment with DoD security requirements.
  • Leveraged strong technical writing and information security expertise to develop exceptional system security documentation for three different client's authorization packages. I meticulously crafted a comprehensive SSP, clear and concise policies and procedures, and detailed contingency, incident response, and configuration management plans. This ensured all documentation adhered to FedRAMP/DoD CC SRG standards, resulting in a successful authorization for all the clients.
  • Guided five clients through FedRAMP readiness assessments, leveraging my expertise in security controls to identify and address security gaps. This proactive approach prepared them for successful FedRAMP authorization.

Douala IT

Cyber Security Analyst
07.2016 - 03.2019

Job overview

  • Analyzed security incidents post-resolution, identifying areas for improvement in both technical controls and incident response processes.
  • Supported the implementation of a robust identity and access management system, enhancing overall security posture by limiting unauthorized access to critical systems and data.
  • Spearheaded the implementation of various security standards (NIST 800-53, FedRAMP, PCI) for multiple client environments, ensuring alignment with regulatory requirements and organizational security objectives.
  • Successfully led a high-performing cybersecurity team of 5, leveraging strong communication and delegation skills to ensure successful completion of multiple security workstreams that led to achieving Authorization to Operate (ATO) for 14 critical systems.
  • Maintained clear and efficient communication with over 20 stakeholders at all levels (engineers to partners and executive directors) by fostering a collaborative environment and providing regular progress updates. This ensured transparency and alignment throughout the ATO process.
  • I spearheaded key security workstreams, such as access control implementation and vulnerability remediation, while fostering a collaborative environment.
  • Followed established procedures to promptly communicate security incidents and potential information system changes to the Information System Security Manager (ISSM). This proactive approach ensured timely risk assessments and mitigation strategies were implemented to minimize the impact on system authorization (ATO).

Si-Gnostics

IT - GRC Analyst
06.2011 - 02.2016

Job overview

  • Led the development and implementation of a multifaceted security awareness campaign, including engaging training workshops, informative newsletters, and gamified phishing simulations. This campaign successfully increased the organization's awareness of security compliance in respect to Cyber Security, Risks, IT Governance, and Quality Assurance by 60%. As a result, we observed a 20% decrease in reported security incidents, demonstrating a more security-conscious workforce.
  • Leveraged strong project management and communication skills to spearhead the implementation of ISO 27001 requirements across all operational tasks, IT governance processes, and project delivery efforts. This ensured seamless integration of security controls and concepts, fostering a more secure environment.
  • Leveraged strong analytical and problem-solving skills to conduct extensive risk assessments, identifying and prioritizing potential threats and vulnerabilities across the organization. This comprehensive evaluation facilitated the development of preventative and corrective actions, mitigating risks and strengthening our overall security posture.
  • Successfully implemented a standardized vulnerability management SOP, ensuring a systematic approach to identifying, prioritizing, and remediating security vulnerabilities across the organization's IT infrastructure.

CNEEC

IT Project Manager
03.2008 - 12.2010

Job overview

  • Developed detailed project plans, outlining clear objectives, timelines, and deliverables for IT projects.
  • Led system integration efforts, working closely with vendors and internal teams to ensure seamless transitions.
  • Ensured smooth adoption of new technology systems through comprehensive employee training programs tailored to individual learning styles.
  • Negotiated contracts with vendors that led to cost savings while maintaining a high level of service quality.
  • Managed budgets for multiple projects concurrently, tracking expenses and reallocating resources as needed to stay within budget constraints.
  • Implemented risk mitigation strategies to minimize potential issues impacting project deadlines or budgets.
  • Coordinated material procurement and required services for projects within budget requirements.
  • Led cross-functional teams to successfully complete IT projects.

Education

Olabisi Onabanjo University
Ogun State Nigeria

Bachelor of Science from Physics

University Consult
University Of Ibadan, Nigeria

from Diploma in Data Processing

Skills

  • Project Management / Leadership
  • Vulnerability Management
  • Threat, Risk Assessment & Mitigation
  • IT / Security Control Audit
  • Assessment & Authorization
  • IT Governance & Compliance
  • System Security Documentation
  • Process Optimization
  • Continuous Monitoring Process
  • Risk Management
  • Regulatory Compliance
  • Cloud Computing Security
  • Network Security
  • Log Analysis
  • Social Engineering Prevention
  • Identity and Access Control Management
  • User Awareness Training
  • Information Governance and protection
  • Continuous Improvement
  • Interpersonal Skills
  • Task Prioritization
  • Decision-Making
  • Time management
  • Information Protection
  • Teamwork and Collaboration
  • Problem-Solving
  • Relationship Building
  • Analytical Skills
  • Organizational Skills
  • Interpersonal Communication
  • Excellent Communication
  • Analytical Thinking

Certification

  • Certified Information Security Manager (CISM)
  • Certified Scrum Master (SCM)
  • Certificate of Cloud Security Knowledge V4 (CCSK)
  • AWS Certified Cloud Practitioner
  • FedRAMP 100A – 300G
  • CompTIA Security+


Professional Development

  • Business Management Courses
  • Project Management Training
  • Understanding Risk Management Framework


Cloud Platform

  • Microsoft Azure Cloud Platform
  • Google Cloud Platform
  • Amazon Web Services
  • Gov Clouds


Compliance Standards and Frameworks

CMMC, FISMA, FedRAMP, FIPS 199/200, NIST 800 SPs (i.e., 800-171, 800-37 rev1/2, 800-39, 800-60, 800-53A/53 rev4/5), NIST CSF, ISO 27001, 27002, COBIT5, NY DFS, DoD CC SRG, GDPR, HIPAA, and PCI DSS.

Timeline

Information System Security Officer

Spry Methods
10.2023 - Current

Senior Analyst, Cyber Security-Strategy and Govern

KPMG US
08.2021 - 10.2023

CMMC Security Consultant (Contract)

KPMG US
12.2020 - 08.2021

Security Consultant

Coalfire System
08.2019 - 12.2020

Cyber Security Analyst

Douala IT
07.2016 - 03.2019

IT - GRC Analyst

Si-Gnostics
06.2011 - 02.2016

IT Project Manager

CNEEC
03.2008 - 12.2010

Olabisi Onabanjo University

Bachelor of Science from Physics

University Consult

from Diploma in Data Processing

Similar Profiles

CREATE PROFILE
Muyiwa BrownInformation Security Analyst