Information Security Risk Management
Resume:
Patrick Armah
White Plains MD
ad5p77@r.postjobfree.com
Active Secret Clearance
PROFESSIONAL SUMMARY
Patrick has extensive background and experience in Information Security Management, IT infrastructures and ensuring secure design, operations, and maintenance of large information systems, and enterprise networks. Work experience encompasses threat analysis, incident response, and network surveillance, Risk Management Framework (RMF), National Institute of Technology (NIST), FISMA (Federal Information System Management Act), NIST 800-53 Rev4, NIST 800-37, System Development Life Cycle (SDLC), Information security documents, developing and promulgating System Security Plans (SSP), Documentation and POAM.
EDUCATION & CERTIFICATION
University of Ghana – Bachelors Information Technology 2002/2006
CISA
CompTIA Security+
CORE SKILLS
NIST RISK Management Framework (RMF)
ISO 27001
FEDRAMP, FISMA
SOC-2
Control Assessment
Security Management
Risk Assessment
Governance Risk Compliance (GRC)
Vulnerability Management
PROFESSIONAL TRAINING
FISMA Authorization and Assessment Training
FedRAMP Authorization and Assessment Training
Governance, Risk and Compliance Training
ISO 27001 Training
CMMC Training
SOC Type 1&2 Training
Third Party Assessment Training
PROFESSIONAL EXPERIENCE
Mildeeng Systems, LLC September 2019 - Present
Information Security Analyst
Perform Security Assessments on assigned systems using the Risk Management Framework (RMF) guidelines.
Create technical documentation for working SOPs to help develop security solutions and
Requirements.
Ensure that plans of actions and milestones (POAMS) or remediation plans are in place for
vulnerabilities identified during risk assessments, audits, inspections, etc.
Scan, monitor and report vulnerabilities on the network to system administrators via ACAS
Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Support the implementation of the information technology (IT) security controls, security authorization documents, and participates in system audits.
Conduct IT risk assessment to identify system threats, vulnerabilities, and risk, and generate reports.
Maintain, review and update information security system documentations, including System Security Plan (SSP), Plan of Action & Milestone (POA&M), Risk Assessment (RA), policies and procedures, security control baselines in accordance with NIST guideline and security practices.
Apply appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53.
Support A&A activities (Categorize, Selection, Implement, Assessment, Authorize, Monitor) according to the A&A project plan.
Smartthink, LLC January 2017 – August 2019
Information Security Analyst
Performing security assessments and providing consulting support to assist clients in meeting FISMA and FedRAMP requirements. The ideal candidate will have a firm understanding of how to apply the principles of Information Security in a variety of circumstances and expertise translating the NIST 800-53 guidelines into common technical implementations.
Develop Security Authorization Packages that are compliant with FISMA/FedRAMP requirements. Package components include: System Security Plans, Contingency Plans, Configuration Management Plans, Incident Response Plans, Privacy Impact Assessments, and Plan of Action and Milestones (POA&M)
Assist in the review and analysis of Security Authorization Packages for completeness and compliance with FISMA/FedRAMP requirements
Demonstrate ability to lead compliance and assessments projects through the project lifecycle from initiation to project closure
Lead working sessions with client and audit team to ensure expectations and direction are aligned and timelines are being met
Collaborate across multiple internal teams to ensure successful delivery of artifacts and closure of audit field work
Provide review and analysis of vulnerability scan results from tools such as Nessus,
Build a customer-focused relationship with client(s)
Experience reviewing and updating policies, standards, and procedures to ensure they are up to date and reflect current practices.
Vital Click
Information Assurance Specialist December 2016- December 2017
Ensured compliance with NIST security requirements through continuous monitoring and conducting of annual Security Assessments and Security Impact Assessments.
Managed and oversaw the monthly patching schedule and ensure ISSOs are current on reporting all identified vulnerabilities.
Actively participated in working group meetings to identify, plan, and execute strategies in response to emerging cybersecurity Risk Management Framework (RMF) policies.
Maintained awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes.
Worked with Department of Energy IT Team to analyze scan reports using Reviewed Nessus scan reports and worked with the team to remediate identified vulnerabilities.
Utilized Archer GRC as a risk management tool to document, update, and track POAMs from start to completion Archer served as the artifact repository where all our documentation such
SSP and ATO documentations.
Performed SA&A for moderate and high systems compliant with FISMA/NIST Standards.
Led vulnerability management activities to identify, analyze and prioritize vulnerabilities, assess risk, report remediation activities and ensure the adequacy of existing information security controls.
Reviewed and conducted audits to ensure information systems maintained the compliance baseline. Review system-level documentation to ensure system security requirements, incorporating the RMF.
Participated in the development and/or review of SSP. Supervise and coordinate with appropriate personnel to run vulnerability scans on a regular basis and ensure timely remediation actions.
Facilitated requirement gathering sessions, document and validate requirements with stakeholders as they relate to current environments and future trends.
Reviewed, analyzed, and researched scan findings and coordinated remediation efforts in a timely fashion
Contact this candidate