Profiles search
SEYIVE BONOU
information security analyst
Gaithersburg, MD, United States
Details
Experience:
Provide recommendations on deliverables such as Security Assessment Reports, System Security Plans (SSP), and Plan of Action & Milestone (POA&M)
Conduct meetings to review privacy and risk assessment reports as it relates to impacts on CIA
Review security control accessor (SCA) findings with risk assessment documentation and creates POA&Ms to address failed security checks
Conduct privacy impact assessment (PIA) to help assess and mitigate risk related to processing personal data
Review Contingency Plans (CP) by leveraging 800-34
Conduct vendor risk assessment using Standardized information Gathering Questionnaire (SIG Core/SIG-Lite) to assess service providers during onsite or virtual assessment
Provide technical writing support and guidance to System Owners by updating SSPs, CMP and POA&Ms
Track and monitor POA&Ms to ensure that weaknesses are addressed and planned for remediation
Collaborate with key personnel to obtain artifacts needed to resolve POA&M findings
Review artifacts needed to close aged POA&Ms and provided recommendations to System Owners by leveraging 800-53A
Identify and prioritize RA-5 POA&Ms by leveraging Nessus to determine POA&M CVE Baseline Scores
Proficiency in reviewing and updating the various steps of the RMF
Manage and coordinate audit-related activities with internal stakeholders and external auditors and validating contractual obligations to ensure compliance
2018 : Present
sikalinks inc
Information Security Analyst
2016 :
United States Army Reserve
supply cleck
Conducted assessment on Management, operational and technical Security Controls
Determined security categorization using FIPS 199 and NIST 800-60 as information guide
Selected security controls using NIST 800-53 Rev 4 as guidance base on system security categorization
Prepared Security Assessment Reports (SAR) in which all the weaknesses are reported
Created (RTM) Risk Traceable Matrixes in which Pass/fail assessment results were documented
Worked with Security assessment team to Access Security Controls selected
Reviewed Privacy Impact Assessments (PIA) and System of Record Notice (SORN)
Provided audit briefings to agency and Information Systems Security Officer and ensured all findings are documented in the POA&M within XACTA
Applied Risk Assessment to system security and likelihood of risk occurrence using NIST 800-30
2015 : 2018
Sikalinks Consulting
Security Control Assessor
Conduct meetings to review privacy and risk assessment reports as it relates to impacts on CIA
Review security control accessor (SCA) findings with risk assessment documentation and creates POA&Ms to address failed security checks
Conduct privacy impact assessment (PIA) to help assess and mitigate risk related to processing personal data
Review Contingency Plans (CP) by leveraging 800-34
Conduct vendor risk assessment using Standardized information Gathering Questionnaire (SIG Core/SIG-Lite) to assess service providers during onsite or virtual assessment
Provide technical writing support and guidance to System Owners by updating SSPs, CMP and POA&Ms
Track and monitor POA&Ms to ensure that weaknesses are addressed and planned for remediation
Collaborate with key personnel to obtain artifacts needed to resolve POA&M findings
Review artifacts needed to close aged POA&Ms and provided recommendations to System Owners by leveraging 800-53A
Identify and prioritize RA-5 POA&Ms by leveraging Nessus to determine POA&M CVE Baseline Scores
Proficiency in reviewing and updating the various steps of the RMF
Manage and coordinate audit-related activities with internal stakeholders and external auditors and validating contractual obligations to ensure compliance
2018 : Present
sikalinks inc
Information Security Analyst
2016 :
United States Army Reserve
supply cleck
Conducted assessment on Management, operational and technical Security Controls
Determined security categorization using FIPS 199 and NIST 800-60 as information guide
Selected security controls using NIST 800-53 Rev 4 as guidance base on system security categorization
Prepared Security Assessment Reports (SAR) in which all the weaknesses are reported
Created (RTM) Risk Traceable Matrixes in which Pass/fail assessment results were documented
Worked with Security assessment team to Access Security Controls selected
Reviewed Privacy Impact Assessments (PIA) and System of Record Notice (SORN)
Provided audit briefings to agency and Information Systems Security Officer and ensured all findings are documented in the POA&M within XACTA
Applied Risk Assessment to system security and likelihood of risk occurrence using NIST 800-30
2015 : 2018
Sikalinks Consulting
Security Control Assessor
Company:
sikalinks inc
Spoken Language:
English, French
Profile Photo
