MO Melvin Odoh Information System Security Officer · RMF · A&A · Security Compliance

Experience Highlights Credentials Skills Contact

ISSO · RMF · NIST · FISMA · Vulnerability Management · Public Trust

Melvin
Odoh

// Information System Security Officer · CISA · Security Compliance · Continuous Monitoring

Accomplished Information Security Analyst and ISSO with 10+ years of experience supporting government and commercial environments across Risk Management Framework, Assessment and Authorization, continuous monitoring, vulnerability management, audit readiness, and regulatory compliance. Melvin brings hands-on expertise in POA&M management, NIST and FISMA alignment, security documentation, technical writing, stakeholder coordination, and enterprise security operations, with experience spanning DHS, FINRA, Deloitte, and federal-facing cybersecurity programs.

10+ Years Security Experience CISA Certified Public Trust Clearance RMF / A&A / NIST Nessus / JIRA / ServiceNow

View Experience LinkedIn

10+ Years of specialized experience across RMF, A&A, vulnerability management, audit support, and continuous monitoring

5 State cloud-based health information exchange environments supported through compliance leadership and audit coordination

24×7 Security operations oversight coordinated across shared services, monitoring, and compliance-driven delivery environments

100% Focused on audit-ready documentation, POA&M tracking, control validation, and regulatory compliance execution

// 01

By the Numbers

10+

Years in Security & Compliance

Career experience spans ISSO support, A&A, RMF, vulnerability management, security documentation, and project coordination across regulated environments.

State HIE Programs Supported

Led and maintained security compliance deliverables for five cloud-based state health information exchange projects while supporting audits and control mapping.

Major Sectors Served

Delivered security and compliance support across federal government, financial regulatory, and healthcare technology environments.

24×7

Security Operations Coordination

Supported shared services planning and oversight across secure code review, vulnerability scanning, IAM administration, regulatory compliance, and SOC monitoring.

// 02

Operational Highlights

ISSO Leadership · DHS · Continuous Monitoring

Supports Security Authorization at DHS / ICE

Manages POA&Ms, annual assessments, contingency plan testing, ongoing authorization activities, and compliance documentation while supporting vulnerability response, audit readiness, and NIST 800-53A control alignment.

DHS / ICE POA&M Management Audit Support NIST 800-53A

Compliance Operations · RegSCI · SEC Alignment

Drove RegSCI Compliance at FINRA

Prepared executive materials, maintained compliance tools and trackers, updated JIRA records, coordinated system classification, and developed quarterly reporting to support SEC and RegSCI requirements.

FINRA RegSCI SEC Reporting Executive Presentations

Cloud Compliance · SOC 2 · Healthcare Systems

Led Security Compliance Across 5 State Solutions

Created and maintained compliance deliverables for five cloud-based Medicaid and health information exchange initiatives, supported disaster recovery testing, third-party assessments, control mapping, PIAs, and SOC 2 reviews.

5 States SOC 2 PIA / POA&M Disaster Recovery

A&A · Vulnerability Management · Technical Writing

Built Full Security Packages End-to-End

Developed and maintained comprehensive A&A packages including SSP, SAR, POA&Ms, BIA, PTA, PIA, and related artifacts while validating controls, managing Nessus findings, and supporting seamless assessments.

SSP / SAR Nessus Artifact Collection Continuous Compliance

// 03

Experience

Dec 2023 — Present

ISSO · DHS Security Authorization

Information System Security Officer (ISSO)

Steampunk · Supporting DHS / ICE · Washington, DC

Supports creation, monitoring, and status updates of POA&Ms to ensure weaknesses are resolved according to scheduled completion dates.
Develops waivers and risk acceptance memos to support effective system risk management.
Supports annual assessments, self-assessments, contingency plan testing, and ongoing authorization activities under DHS guidance.
Coordinates with Privacy, Records, and Information Governance teams on compliance documentation and related requirements.
Supports vulnerability management, patch management, incident reporting, audit readiness, and configuration management activities.
Conducts and evaluates findings from Nessus, DBProtect, and WebInspect while ensuring NIST 800-53A controls remain in place and functioning properly.

Feb 2023 — Dec 2023

Technology Compliance · Regulatory Security

Senior IT Security Analyst

FINRA · Technology Compliance Office

Prepared materials and presentations for monthly working group and executive committee meetings.
Worked with internal stakeholders to ensure timely classification of RegSCI systems on a triennial basis and before deployment.
Maintained and updated FINRA tools such as POMS and AOPAIR to keep compliance information accurate and current.
Reviewed and updated JIRA tickets to ensure alignment with SEC standards.
Prepared quarterly reports for RegSCI systems and submitted them for SEC review and approval.
Tracked employee and contractor training completion and maintained enterprise system classification records for ongoing compliance.

Apr 2021 — Feb 2023

Cyber & Strategic Risk · Program Leadership

Senior Solutions Consultant

Deloitte Consulting

Served as compliance lead for a cloud-based Medicaid Enterprise Solution, creating and maintaining security deliverables for five state health information exchange projects.
Scheduled and participated in disaster recovery testing, third-party assessments, and after-action reporting while updating POA&Ms.
Built and maintained governance, risk, and compliance processes to standardize requirements and maintain regulatory compliance.
Prepared control mapping and led SOC 2 Type 1 and Type 2 assessments while supporting audit activities.
Conducted privacy impact assessments and facilitated client walkthroughs of SOC reports across the supported environments.
Also served as Security Shared Services Maintenance and Operations Project Manager, managing timelines, scope, stakeholder communication, and weekly status reporting across security testing and operations streams.

May 2016 — Apr 2021

A&A · ISSO · Compliance Documentation

IT Security Analyst / Information System Security Officer (ISSO)

Xzentia IT & Cybersecurity Solutions

Provided security expertise and guidance in support of security assessments and A&A / C&A activities.
Reviewed authorization documentation for completeness, compliance, and control alignment.
Facilitated Security Control Assessments and continuous monitoring activities while validating NIST requirements.
Developed and reviewed A&A packages including SSP, SAR, FIPS 199, FIPS 200, POA&M, CPTPR, BIA, PTA, and PIA documentation.
Collected and maintained operations and maintenance artifacts in CSAM and related artifact repositories to support ongoing assessment readiness.
Managed vulnerabilities using Nessus and monitored post-authorization controls to ensure continuous compliance.

Jan 2015 — May 2016

Agile Delivery · Scrum Leadership

Scrum Master

PNC Bank

Coached teams on Agile and Scrum principles with emphasis on continuous improvement and self-organization.
Facilitated all major ceremonies including daily stand-ups, sprint planning, retrospectives, demos, and backlog refinement.
Supported Product Owners with prioritization and scope while improving transparency through dashboards, burndowns, velocity charts, and demos.
Delivered metric reports to support product roadmap planning and stronger stakeholder communication.

Jul 2013 — Dec 2014

Business Analysis · Process Modeling

Business Analyst

Guaranty Trust Bank PLC

Worked with vendors and business stakeholders to resolve issues, gather requirements, and improve existing business processes.
Updated and created process diagrams, defined project scope and vision, and developed business requirement documents and use cases.
Coordinated with change management, problem management, and development teams to assess impacts and prepare milestone plans.
Supported project management and requirements execution to improve system efficiency and delivery outcomes.

// 04

Credentials & Qualifications

Certification

Certified Information Systems Auditor (CISA)

Melvin’s CISA background reinforces strong capability in controls evaluation, compliance verification, audit readiness, and security governance execution.

Agile Leadership

SAFe Scrum Master (SSM)

Blends security and compliance rigor with structured Agile delivery practices, stakeholder coordination, and cross-functional team leadership.

Security Expertise

RMF, A&A, FISMA, NIST, Vulnerability Management

Hands-on experience across assessment and authorization, control validation, continuous monitoring, security compliance, patch and incident processes, and risk management documentation.

Tooling

Nessus, CSAM, ServiceNow, JIRA, Splunk, Remedy

Technical toolkit includes vulnerability scanners, collaboration platforms, compliance repositories, ticketing systems, virtualization tools, and enterprise productivity platforms.

// 05

Technical Skills

// Security Compliance

Governance & Authorization

Risk Management Framework (RMF)Core

Assessment & Authorization (A&A)Core

NIST / FISMA ComplianceAdvanced

POA&M ManagementAdvanced

// Vulnerability & Monitoring

Security Operations

Vulnerability AssessmentCore

Continuous MonitoringAdvanced

Nessus / DBProtect / WebInspectStrong

Incident & Patch ComplianceStrong

// Documentation & Delivery

Program Support

Technical WritingCore

Audit SupportAdvanced

Requirements GatheringStrong

Stakeholder FacilitationStrong

// Tools & Methods

Platforms and Workflow

JIRA / Confluence / ServiceNowAdvanced

CSAM / Remedy / SplunkStrong

Agile / Scrum / SAFeStrong

Process ModelingStrong

// 06

Let’s Put Melvin To Work

Best aligned for ISSO, security compliance, RMF, A&A, vulnerability management, governance, audit support, continuous monitoring, and cross-functional cybersecurity delivery roles across federal, regulated, and enterprise environments.

LinkedIn: linkedin.com/in/melvin-odoh

Location: Glen Burnie, Maryland

// 07

Education

Accumentum®

Certified Information Systems Auditor® (CISA®)

LinkedIn reflects CISA-related study through Accumentum®, strengthening Melvin’s audit, compliance, and security governance profile.

Covenant University

Bachelor of Science · Industrial Chemistry

Academic training supports the analytical discipline and structured problem-solving that Melvin applies across security assessments, compliance reviews, and risk analysis.

Professional Development

CISA, SAFe Scrum Master, Security Compliance Leadership

Professional growth blends formal security auditing credentials with Agile delivery practices, technical writing, and enterprise security operations support.

Technical Foundation

Security, Risk & Collaboration Tooling

Technical background includes Windows, Linux, VMware, Oracle VirtualBox, CSAM, ServiceNow, JIRA/Confluence, Trend Micro, Splunk, and related governance and support platforms.

AI Certification & Training Portfolio | Accumentum AI Programs

Accumentum® is the leading training provider for a vast array of technology vendors including AWS, Cisco, CompTIA, EC-Council, Fortinet, HRCI, Linux Foundation, Microsoft, Palo Alto, PMI, Salesforce, Scrum, ServiceNow, SHRM, VMWare, and more.

Accumentum® provides training and exam preparation for third-party certifications. Certification names are trademarks of their respective owners. Program availability, schedules, and offerings may vary.

MelvinOdoh