VICTOR OKOFU
Upper Marlboro,MD
Summary
Risk management subject matter expert with over 7 years of experience serving both Federal government and Fortune 500 companies. My experience spans supporting the implementation and assessment of the NIST Risk Management Framework and related information system and security regulations of the US Federal Government as well as hands on technical experience as an Information Systems Security Engineer and Security Control Assessor.
Overview
11
11
years of professional experience
1
1
Certification
Work History
Cybersecurity Compliance Manager
Zendesk
11.2016 - Current
- Perform routine vulnerability scans using Tenable Nessus, Nexpose, Qualys, CrowdStrike, and Fortify to detect anomalies within agency computing devices and software
- Conduct privacy impact assessments (PIA) to evaluate data handling practices and identify privacy risks and compliance gaps
- Develop and deliver privacy and security training programs to educate employees on best practices and regulatory requirements
- Conducts in-depth technical review of Assessment and Authorization (A&A) documentation from systems seeking accreditation by the Authorization Official/ Control Assessor in accordance with appropriate policies and procedures
- Such documentation includes form FIPS 199, SSP, SAP, SAR, PIA, ATO, POA&M, test reports as required by the Control Assessor
- Perform periodic Operating System configuration scans on 1000 + servers using CSAT and develop remediation plan (POA&M) for the misconfigurations
- Coordinate vulnerability management related activities with infrastructure, NOC, SOC, CTI and PMO
- Meet with stakeholders and government officials at least weekly to brief them on the status of major system's ATO report card
- Develop and continuously updating security policies, including Access controls policy, Configuration Management plan, Disaster recovery Plan, Contingency plan, Incident response plan and Information integrity plan
- Established key metrics to gauge performance of risk responses and prioritized based on current and forecasted threats
- Continuously assesses various security controls based on pre-defined assessment frequency in CSAM and Archer
- Work closely with Vulnerability Management team, Network engineers, DNS administrator and Server administrators to remediate discovered vulnerability or document risk acceptance waiver/exception as required
- Uses Splunk to analyze systems logs and gather evidence to meet control requirements
- Performs yearly contingency plan test and tabletop exercise with system stakeholders and relevant IT operation team
- Maintain awareness and knowledge of evolving security risk and apply relevant changes to existing processes.
Information System Security Officer (ISSO) - Lead
Surescripts
09.2014 - 11.2016
- Interpreted Information Assurance requirements into technical solutions and analyzed system configurations to maintain and improve security posture
- Performed Risk Based Security testing, planning, Security Certification and Accreditations (C&A), Security Test and Evaluation, Risk Management, and technology assessments in areas of communications, networking, operating systems, and applications, following NIST SP800-53 Rev III
- Developed security categorization (FIPS 199), authorization of boundary definition documents, System Security Plans (SSP), Contingency Plans (CP), Business Impact Assessments (BIA), Security Assessment Reports (SAR), Risk Assessments Reports (RAR), Vulnerability Assessments Reports (VAR), Security Controls Assessment (SCA) using NIST SP 800-53 Rev 5
- Worked in concert with developers, engineers and system owners to eliminate or reduce security vulnerabilities during and post development in AWS cloud and on-premises environment.
- Mitigated potential risks by proactively identifying potential issues and implementing appropriate countermeasures or contingency plans as needed.
IT Security Analyst / IS Auditor / IT Risk & Compliance Analyst
American Psychiatric Association
04.2013 - 09.2014
- Assessed security controls using NIST 800-53A to identify deficiency and provide recommended corrective actions to reduce risk associated with the system
- Maintained degree of independence as required by the Authorizing Official and provided an unbiased and independent assessment of the system to ensure security controls meet standards
- Conducted security assessment interviews and ensured safeguard measures are working as described in the SSP
- Developed assessment documents including Security Assessment Report (SAR), Security Assessment Plan (SAP), Plan of Action and Milestone (POA&M) and control checklist.
Education
Master of Science - Information Technology
Western Governors University
Salt Lake City, UT05.2024
Bachelor of Science in Computer Science -
Crawford University
06.2014
Skills
- Experienced in Risk management tools such as CSAM, RSA Archer, Atlassian Jira, ServiceNow, Qualys vulnerability management, Nexpose, Splunk, Burp Suite, Tenable Nessus Security Center and Splunk
- Managed and performed NIST Special Publication 800-171 based assessments for clients conducting business with US Federal Government Agencies per FISMA requirement
- Experienced with Security Authorization and Continuous Monitoring process using NIST SP 800-30, 800-37, 800-60, 800-53A, 800-53 Rev 4 & 5, FIPS 199, FIPS 200, OMB A-130 App III
- Experienced in Assessment & Authorization (A&A) processes
- Security Risk Assessment, Incident Response and Awareness Training
- Experienced in Application development support/applying RMF to the SDLC
- Implementation of security Controls, Security Infrastructures, and the entire Risk Management Framework
- Operating Systems: Windows, Linux, MacOS, VMWare and Microsoft Virtual Server
- Experienced with Cloud-based FedRAMP system authorization
- AWS: S3, EC2, CloudWatch, VPC, SQL Server RDS
- Experienced in Microsoft Office 365 (M365) environment
Certification
CompTIA Security +
AWS Solution Architect
AWS Certified Security Specialty
Certified in Government, Risk and Compliance (CGRC)/CAP
CISM – Certified Information Security Manager( In view)
Azure Administrator
Timeline
Cybersecurity Compliance Manager
Zendesk
11.2016 - Current
Information System Security Officer (ISSO) - Lead
Surescripts
09.2014 - 11.2016
IT Security Analyst / IS Auditor / IT Risk & Compliance Analyst
American Psychiatric Association
04.2013 - 09.2014
Master of Science - Information Technology
Western Governors University
Bachelor of Science in Computer Science -
Crawford University
Similar Profiles
Kristal DonahueKristal Donahue
Benefits Program Manager at ZendeskBenefits Program Manager at Zendesk
Melveena JollyMelveena Jolly
Software Engineer II (Android) at ZendeskSoftware Engineer II (Android) at Zendesk
María Alejandra QuijadaMaría Alejandra Quijada
Engagement Manager at ZendeskEngagement Manager at Zendesk
Ante IlicAnte Ilic
Software Developer at ZendeskSoftware Developer at Zendesk
Laconya ReedLaconya Reed
CEO at CHOICES InternationalCEO at CHOICES International