Profiles search
Lekan Fatogun Bsc
Information Security Analyst
Ft. Washington, MD, United States
Details
Experience:
● Work face-to-face with multiple stakeholders interviewing, planning, or participating in a team effort to bring multiple complex projects to fruition in a highly motivated, fast paced environment.
● Conduct in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.
SailPoint IIQ and CyberArk skills.
● Prepare and present authorization to operate (ATO) documents (SSP, SAR and POA&M)
● Interact with Security, Operations, and Application support teams to educate and measure security policy compliance.
● Provide ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.
● Develop and maintain a Standard Operating Procedures (SOP) to create or improve SA&A processes.
● Develop risk management guidelines associated with the SA&A process and recommend improvements to authorization processes.
● Create and manage POA&Ms and provide a quarterly POA&M status.
● Initiate and verify the completeness of authorization or re-authorization of all systems.
2019 : Present
Compass In Healthcare
Information Security Analyst
● Created Security Assessment Plans (SAP) to initiate Information Security Assessment.
● Conducted assessments of security controls on Information Systems by interviewing, examining and testing methods using NIST SP 800-53a rev4 as a guide and documented control findings and status from Risk assessment and recommend solutions with detailed action plans in Security Testing and Evaluation (ST&E) worksheet.
● Reviewed and updated System Security Plan (SSP) based on findings from Assessing security controls using NIST SP 800-18 rev1, NIST SP 800-53a rev4 and NIST SP 800-53.
● Entered control findings and status from Risk Assessment in Security Testing and Evaluation (ST&E) and developed Plan of Actions and Milestones (POA&M) for security controls that should be put in place to remediate vulnerabilities.
● Generated Security Assessment Reports (SAR).
● Developed Contingency plans, Disaster Recovery Plans and Incident Response plans for Information Systems using NIST SP 800 – 34.
● Facilitated Kick off meetings and follow-up meeting with Management during projects.
● Developed policy and procedural controls relating to Management, Operational and Technical Controls for the Organization.
2019 : 2020
Tech Data IBM
Security Analyst
● Developed plan of action and Milestone (POAM) through establishment of schedules and deadlines
● Conducted Vulnerability assessment of all network applications and operating system and recommend corrective actions.
● Applied appropriate information security controls for Federal Information System based on ISO 27001
● Conducted vulnerability and baseline scan using various scanning tools.
● Extensive experience in system Development Life Cycle (SDLC) and Vulnerability Management.
● Consistently achieve optimal utilization of developing, delivering and management operations through process improvement planning and program coordination on complex IT projects.
● Performed Risk Assessment (RA), System Security Test Evaluation (ST&E) and track remediation activities via Plan of Actions Milestones (POAM).
● Held kick-off meetings with the Chief Information Security Officer (CISO), and system owners prior to assessment engagements.
2018 : 2018
SYNERGIES TECHNOLOGY
Junior Security Analyst
● Conduct in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.
SailPoint IIQ and CyberArk skills.
● Prepare and present authorization to operate (ATO) documents (SSP, SAR and POA&M)
● Interact with Security, Operations, and Application support teams to educate and measure security policy compliance.
● Provide ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.
● Develop and maintain a Standard Operating Procedures (SOP) to create or improve SA&A processes.
● Develop risk management guidelines associated with the SA&A process and recommend improvements to authorization processes.
● Create and manage POA&Ms and provide a quarterly POA&M status.
● Initiate and verify the completeness of authorization or re-authorization of all systems.
2019 : Present
Compass In Healthcare
Information Security Analyst
● Created Security Assessment Plans (SAP) to initiate Information Security Assessment.
● Conducted assessments of security controls on Information Systems by interviewing, examining and testing methods using NIST SP 800-53a rev4 as a guide and documented control findings and status from Risk assessment and recommend solutions with detailed action plans in Security Testing and Evaluation (ST&E) worksheet.
● Reviewed and updated System Security Plan (SSP) based on findings from Assessing security controls using NIST SP 800-18 rev1, NIST SP 800-53a rev4 and NIST SP 800-53.
● Entered control findings and status from Risk Assessment in Security Testing and Evaluation (ST&E) and developed Plan of Actions and Milestones (POA&M) for security controls that should be put in place to remediate vulnerabilities.
● Generated Security Assessment Reports (SAR).
● Developed Contingency plans, Disaster Recovery Plans and Incident Response plans for Information Systems using NIST SP 800 – 34.
● Facilitated Kick off meetings and follow-up meeting with Management during projects.
● Developed policy and procedural controls relating to Management, Operational and Technical Controls for the Organization.
2019 : 2020
Tech Data IBM
Security Analyst
● Developed plan of action and Milestone (POAM) through establishment of schedules and deadlines
● Conducted Vulnerability assessment of all network applications and operating system and recommend corrective actions.
● Applied appropriate information security controls for Federal Information System based on ISO 27001
● Conducted vulnerability and baseline scan using various scanning tools.
● Extensive experience in system Development Life Cycle (SDLC) and Vulnerability Management.
● Consistently achieve optimal utilization of developing, delivering and management operations through process improvement planning and program coordination on complex IT projects.
● Performed Risk Assessment (RA), System Security Test Evaluation (ST&E) and track remediation activities via Plan of Actions Milestones (POAM).
● Held kick-off meetings with the Chief Information Security Officer (CISO), and system owners prior to assessment engagements.
2018 : 2018
SYNERGIES TECHNOLOGY
Junior Security Analyst
Company:
Compass In Healthcare
About
Experienced Counselor with a demonstrated history of working in the mental health field. Skilled in Analytical Skills, Customer Service, Communication, Strategy, and Training. Strong community and social services professional with a Bachelor of Science - BS focused in Accounting from Purdue University Global.
Profile Photo
