Maame Adwoa Bentum

Columbus OH.

Email: ad39em@r.postjobfree.com

Phone: 856-***-****

CYBERSECURITY PROFESSIONAL

Results-oriented Cyber Security Professional with experience in information technology, including data monitoring, threat detection and response, threat analysis, and security control implementation and assessment. Adept at working with system stakeholders in the development and implementation of information security strategies required to protect enterprise information systems, networks, data, and operational processes through the Security Assessment & Authorization (SA&A), using industry-based standards such as NIST, FISMA, OMB, RMF, and FedRAMP, process. Strong background in Governance, Risk Management, and Compliance requirements and well-versed in installing, configuring, and deploying next-generation Cyber Security tools.

Core Skills:

•Document control findings

•Provide FedRAMP Authorization to Operate (ATO) support for Workday public cloud deployment following FedRAMP and NIST guidelines.

•Liaise with external auditors and internal control owners to support various internal and external audits/assessments such as FedRAMP, ISO 27001

•Manage the creation and update of security documentation for FedRAMP Moderate environments such as (System Security Plan (SSP), SSP Attachments, Policies, and Procedures.

•Performed comprehensive assessments and wrote reviews of management, operational, and technical security controls for audited applications and information systems.

•Used checkpoint Firewall Analyzer to access predefined Checkpoint firewall reports that help analyze bandwidth usage and understand security and network activities.

•Analyze reports and archive logs from Check Point Firewalls.

•Excellent Microsoft applications, tableau, and Microsoft Teams skills, Technical writing skills.

•Presentation skills, attentive to details, written and oral communication.

CERTIFICATION

•CompTIA Advanced Security Practitioner (CASP) Able to obtain security clearance

•CISA

•CISM

EXPERIENCE

AGO WORLDWIDE CONSULTING, SEVERN, MD Security Control Assessor 11/2020- 10/2023

•Schedule kick-off meetings with system owners to help identify the assessment scope, system boundary, and the information system's category and attain any artifacts needed in conducting the assessment.

•Conduct security control interview meetings and Artifact gathering meetings with multiple stakeholders using assessment methods of interview, examination, and testing.

•Collect data and report on them using SLAs as a guide.

•Identify Internal Controls by outlining steps in the financial reporting process and noting the controls in place at each stage to investigate to find errors and put in preventative measures.

•Assess and identify risk by examining financial statements to determine any substantial misstatements.

•Design and test controls to ascertain their performance, execute tests, mitigate risk, and record results. Document and maintain the controls and testing processes and identify any weaknesses found.

•Assist in the execution of Enterprise risk management, maintain risk, and develop team knowledge.

•Create a Requirement Traceability Matrix (RTM) and document whether the controls being assessed passed or failed using NIST SP 800-53A as a guide.

•Evaluate controls and substantiate events to ensure the execution of risk activities. Ensure timely completion of controls testing.

•Develop Security Assessment Plans (SAPs) and Conduct an assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A Rev 4. Conduct security control interview meetings and Artifact gathering meetings with multiple stakeholders using assessment methods of interview, examination, and testing.

•Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for failed controls and vulnerabilities.

•Collaborates with Enterprise Architecture to enhance processes and technologies, implementing industry standards and recommending new infrastructure technologies.

•Review A&A package items using NIST guidance for FISMA compliance, such as the System FIPS 199 Categorization, eAuthentication Assessment, PIA, Contingency Plan (CP), and Contingency Plan Test (CPT). Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using the POA&M tracking tool.

•(CSAM) Request scans and later review the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.

•Develop documentation FIPs 199, FIPs 200, PTA, PIA, and e-authentication on new or existing systems. Provide system/equipment/specialized training and technical guidance. Escalate all issues to various departments.

•Serve as liaison with clients, participating in meetings to meet client needs.

•Independently research and collaborate with teams to develop knowledge regarding the environment.

•Comfortable assessing using vulnerability tools.

•Researches, evaluates and implements cybersecurity solutions to identify and protect against threats while responding to security violations.

•Information assurance and working in a cloud environment using AWS and Azure.

•Managing projects and teams of technical professionals in data privacy and security.

•Knowledge of business theory, business processes, management, budgeting, and business office operations.

•Conduct a Business Impact Analysis to identify the critical operations and systems essential to the business in the event of a disruption.

•Solid understanding of project management principles.

•Maintain disaster recovery run books for core business technologies and review or approve all application restoration procedures.

•Used SAFe Agile framework in Scrum and Kanban methodology to manage workloads.

•Quantify the impact of risks, prioritize, and drive resolutions.

GEEKVIEW TEK SOLUTIONS, FREDERICK, MD Information Systems Security Officer (ISSO) 04/2016 to 11/2020

•Ensured that Information Systems security architecture, designs, plans, controls, processes, policies, and procedures were aligned with client policies.

•Participated in the Risk Governance process to provide security risks, mitigations, and input on other technical risks.

•Ensured that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

•Assured successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.

•Defined and documented how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.

•Ensured that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.

•Supported necessary compliance activities (e.g., ensuring that system security configuration guidelines are followed and compliance monitoring occurs).

•Experienced in developing ongoing management of the formal Cybersecurity Governance, Risk, and Compliance (GRC) Program and also experienced in program and using product management tools.

•Developed, documented, and updated risk assessment and control evaluation.

•Acted as a subject matter expert and maintained up-to-date knowledge of IT compliance and regulatory requirements.

•Partnered with cross-functional departments in IT and organization to foster a culture of security and compliance.

•Prepared technical reports detailing risks associated with identified vulnerabilities and recommended corrective actions to mitigate system threats.

•Work with business partners, clients, customers, third parties, and independent security assessors to educate them about Third Party Security requirements and assist in interpreting and implementing them.

•Monitor compliance with federal, state, and other departments.

•Manage ongoing security data awareness training.

EDUCATION

PH.D. Cybersecurity – Governance, Risk & Compliance. Northcentral University 2022 till present.

MED. Foundations in Behavior Analysis University of Cincinnati - 2020-2021

BSc. Information Technology, Pentecost University College - 2009-2013

Diploma in Accounting and Numeracy – Institute of Commercial Management (ICM) - UK 2002

CERTIFICATIONS

REFERENCE Available upon request.

Contact this candidate