Summary
Overview
Work History
Education
Skills
Timeline
Generic

VICTOR REIDER

Greenbelt,MD

Summary

Information Technology Security Auditor

Professional Profile Summary

As an Information Technology Security Auditor specializing in auditing Security Assessment and Authorization (A&A) of information and information systems, with working knowledge and experience in the implementation of the Risk Management Framework (RMF) and Office of Management and Budget (OMB) Circular A- 130 for traditional information systems, Department of Defense RMF (DOD RMF) systems, and FEDRAMP cloud-based systems. Thorough knowledge and working experience with FISMA and NIST compliance requirements and standards, including but not limited to NIST SP 800-37 R1/2, 800-60 vol 2, R1, 800-53 R4/5, 800-53A R4/5, FIPS 199 and 200. Profound knowledge in the initiation and development of Security Artifacts including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plans of Action, and Milestones (POA&Ms) PTAs, PIAs, SORNs, ROBs, E- Authentications, CPs, and others. A good team player with a strong sense of responsibility and customer service sensitivity. Possess practical knowledge and experience in reviewing and updating system documentation including but not limited to SSPs, SARs, POA&Ms, PTAs, PIAs, SORNs, IRPs, SAPs, and CPs toward Authorization to Operate (ATO) and reassessment of traditional systems and JAB/PATO for cloud-based systems. Have in-depth knowledge and experience in Identity and Access Management (IAM) to protect and safeguard information and information systems through Role-based access and multi-factor identification, authentication, and authorization among other tools. Other areas of expertise include knowledge and experience in Security Assessments and Authorization (A&A) processes through RMF/FEDRAMP steps to obtain ATO. Experience in processing information and information systems through SDLCs to RMF/FEDRAMP, in compliance with FISMA and NIST regulations and standards.

Overview

13
13
years of professional experience

Work History

Information Technology Security Auditor

Douala IT Services
01.2018 - Current
  • Currently supporting a Major Information system through the auditing of the security assessment and authorization (A&A) process for ATO status after successfully audited to obtain ATOs for two General Support systems at the start of the year
  • Responsible for auditing ATO packages/security (artifacts) documentation such as the SSPs, SARs, POA&Ms, SAPs, CPs, IRPs
  • ROBs, and E-authentications
  • Support Privacy Officers to audit privacy compliance documentation such as the PTAs, PIAs, and SORNs to protect/safeguard PII as defined by
  • OMB circular A-130
  • Audit risk assessments, accreditation, data calls, vulnerability assessments, and information assurance per legal and regulatory industry requirements including but not limited to HIPAA, SOX, GBLA, GDPR
  • PCI-DSS, and ISO
  • Extract security controls with vulnerabilities/ weaknesses reported in
  • SARs after security control assessments (SCAs), system scans, and audit reports, to be mitigated in Plans of Action and Milestones (POA&Ms)
  • Support the continuous monitoring of information systems (ISCM) during step 7 of the RMF as per NIST SP 800-137 R1
  • Review and update System Security Plans (SSPs) as and when needed, which may be due to changes in the systems security architecture/environment
  • Aid with initial systems’ categorizations and assess and/or reassess 1/3 of systems’ security controls as per FISMA annual requirement.
  • Recommend improvements in security systems and procedures.
  • Conducted security audits to identify vulnerabilities.
  • Performed risk analyses to identify appropriate security countermeasures.
  • Reviewed violations of computer security procedures and developed mitigation plans.

Cyber Security - Assurance/Security Assessor

IT Solution LLC
05.2015 - 12.2017
  • Performed information systems categorization using FIPS 199, in compliance with NIST SP 800-37 R1 standard, and supported in selecting security controls processes as per NIST SP 800-53 R 4 through RMF step And supported security controls implementation and documentation into SSPs
  • Supported security controls assessments to ascertain those controls were correctly implemented, operated as intended, and had the expected outcomes in compliance with NIST SP 800
  • 53A R4
  • Documented and developed security artifacts including SSPs, SARs
  • POA&Ms, PTAs, PIAs, SORNs, E-authentications, and ROBs to obtain
  • ATOs.
  • Assisted in the development of SAPs following Kick-off meetings with system owners and stakeholders, and SARs after information security controls assessment step 4 per NIST SP 800-53A R4
  • Aided with the review of policies, security alerts, guidance, regulations, and technical advances in IT security management
  • Developed the SAR, tracking vulnerabilities/weaknesses to be addressed in the POA&Ms.
  • Performed risk and vulnerability assessments and provided results and recommendations to senior management.
  • Developed, implemented and documented security programs and policies and monitored compliance across departments.
  • Validated and verified system security requirements definitions and analyzed system security designs.
  • Counseled senior-level management on current privacy and security trends and recommendations to mitigate risk.
  • Performed and reviewed technical security assessments to identify points of vulnerability and non-compliance with established information security standards and recommend mitigation strategies.

Information Assurance Analyst

Innovate Inc
01.2011 - 05.2015
  • Supported Security Assessments and Authorizations (A&A) processes through the Certification and Accreditation (C&A) process
  • Developed SSPs, SAPs, SARs, and POA&Ms and monitored each for review and update as and when due
  • Monitored information systems (ISCM) post-ATOs through regular audits, scanning, and System Requirement Traceability Matrix (SRTM) according to the agency’s handbook
  • Supported system owners and other stakeholders to review privacy security artifacts in compliance with OMB A-130 and FISMA regulations and standards
  • Supported across the systems engineering lifecycles (SDLC) to assess and prioritize the mitigation of vulnerabilities/weaknesses
  • Assisted in control assessments and evaluations (RMF Step 4) per NIST53A R4
  • Scanned information systems regularly per the agency’s security requirements.
  • Investigated and resolved incidents of unauthorized access to sensitive information.
  • Implemented security measures to reduce threats and damage related to cyber attacks.
  • Developed, tested and implemented security policies, plans and procedures for organizational protection.
  • Executed penetration testing to identify security weaknesses and develop disaster recovery plans.
  • Recommend improvements in security systems and procedures.
  • Proven ability to learn quickly and adapt to new situations.

Education

M.A - International Relations

American Public University System
Charles Town, WV
10.2017

B.S - Information Technology

Western Governors University
Salt Lake City, UT
09.2015

Technical Certifications CompTIA Security + CompTIA A + CompTIA Network + CompTIA Project Management + Microsoft Certified Professional (MCP) CGRC exam in view - Information Technology

Western Governors University
Salt Lake City, UT

Skills

  • Risk assessment and management
  • Development of ATO packages
  • System security documentation
  • Vulnerabilities detection and POA&M management
  • GRC Integration and Risk Management solutions and processes
  • Productivity Tools
  • MS Word
  • MS Excel
  • MS PowerPoint
  • Security Software
  • Nessus
  • Encryption
  • Nmap
  • Task Prioritization
  • Active Listening

Timeline

Information Technology Security Auditor

Douala IT Services
01.2018 - Current

Cyber Security - Assurance/Security Assessor

IT Solution LLC
05.2015 - 12.2017

Information Assurance Analyst

Innovate Inc
01.2011 - 05.2015

M.A - International Relations

American Public University System

B.S - Information Technology

Western Governors University

Technical Certifications CompTIA Security + CompTIA A + CompTIA Network + CompTIA Project Management + Microsoft Certified Professional (MCP) CGRC exam in view - Information Technology

Western Governors University

Similar Profiles

  • Israel Olaopa

    Israel OlaopaIsrael Olaopa

    IT Help Desk Support Specialist at Douala IT ServicesIT Help Desk Support Specialist at Douala IT Services

    View Profile
  • Nduma Patience Njiteh Epse Zuo

    Nduma Patience Njiteh Epse ZuoNduma Patience Njiteh Epse Zuo

    PCA at Bingo Annex DoualaPCA at Bingo Annex Douala

    View Profile
  • EUGENE IMATA NANJE

    EUGENE IMATA NANJEEUGENE IMATA NANJE

    Lifeguard and Teacher at LE PETIT ROUSSEAU DOUALA, CAMEROONLifeguard and Teacher at LE PETIT ROUSSEAU DOUALA, CAMEROON

    View Profile
VICTOR REIDER