KUSI KWADWO OPPONG

Information Security Analyst

Silver Spring, MD 20904

Email: adkttg@r.postjobfree.com

Mobile: 240-***-****

OBJECTIVE

Subject matter expert in Information Security Risk Management with focus on FISMA, System security evaluation, validation, monitoring, Risk assessments.

A self-motivated and passionate analytic person with excellent communication skills who combines professional and interpersonal skills to accomplish the mission, vision and the goal of organization.

I am seeking to apply my skills and expertise to help achieve Enterprise-wide information risk goals and objectives.

Proven ability to lead and direct, solve information security risks problems professionally, and make strategic decisions in fast paced environments.

SUMMARY OF QUALIFICATION

A dynamic and detail-oriented Security Assessment and Authorization professional with strong problem solving and project management skills knowledgeable in Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), Security Life Cycle and Vulnerability Management, using FISMA and applicable NIST standards. A great team player with the ability to work independently, under pressure and with little or no supervision.

Working knowledge in Risk Assessment, Risk Management Framework (RMF) which outlines the 6 Steps to Risk Management Process for Federal Information Systems in order to assist the business areas in completion of the Business Impact Analysis, and subsequent creation of Security Documentations like System Security Plan (SSP), Security Assessment Report (SAR) and Plans of Action and Milestones (POA&M)

Experience with NIST 800 SPs to include but not limited to NIST SPs 800-18, 800-30, 800-37, 800-53 & 53A, 800-60, FIPS (199 & 200), OMB, FISMA regulations

Experienced with Performing Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders

Experienced in Documenting and reviewing System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO)

Experienced with Performing Security Categorization (FIPS 199), reviewing and ensuring Privacy Impact Assessment (PIA) document after a positive PTA is created

Experienced in the Risk Management Framework and performing internal and external assessment

Experience with identifying and communicating security exposures and information security incidents

PROFESSIONAL EXPERIENCE

GS4 02/2019-Present

Information Assurance Analyst

Ensure implementation of appropriate security control for Information System based on NIST Special Publication 800-53 rev 4, FIPS 200, and System Categorization using NIST 800-60, and FIPS 199

Conduct CDM meeting to discuss vulnerabilities and potential remediation actions with system and application owners

Ensure identified weaknesses from vulnerabilities scans are remediated in accordance with defined time frames

Conduct access control verification and secure highly classified information

Verify and grant access of cleared individuals to sensitive compartmented information

Worked with Certification and Accreditation team to conduct risk assessment; updated System Security Plan (SSP), contingency plan (CP), Privacy Impact Assessment (PIA), and Plan of Actions and Milestones (POA&M)

Assist in developing NIST Compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses

Updated Plan of Action & Milestones (POA&M) and Risk Assessment based on findings assessed through monthly updates

Experience in developing test plan for assessment and documenting security controls across variety of systems

Involved in security awareness program to educate employees and managers on current threat and vulnerabilities

Conduct security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented

Develop Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action and Milestones (POA&M)

Conduct follow up meetings to assist information system owners to close/remediate POA&M items

Develop System Security Plans (SSP) to provide an overview of system security requirements and describe the controls in place or planned by information system owners to meet those requirements

Conduct IT risk assessment to identify system threats, vulnerabilities, and risks

Prepare recommendation reports that are made available to system owners to remediate identified vulnerabilities during the risk assessment process

Worked with system application team conducting interviews and collecting artifacts relevant to the assessment of security controls

Performed comprehensive Security Control Assessment and write reviews for management, operational and technical security controls for audited applications and information systems

Geekview Tek Solutions 03/2015-11/2018

FISMA/C&A Analyst

Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)

Assist System Owners and ISSO in preparing certification and Accreditation package for companies’ IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4

Designate systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60

Determined the overall effectiveness of the controls, based on criteria from NIST 800-53 security controls.

Conduct Self-Annual Assessment (NIST SP 800-53A)

Perform Vulnerability Assessment. Make sure that risks are assessed, evaluated and a proper action have been taken to limit their impact on the Information and Information Systems

Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages

Conducted I.T controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard

Conducted independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system.

Leveraged automated testing tools and manual test methodologies to identify system vulnerabilities, noncompliance and mitigation strategies.

Supported client’s Risk Management Framework (RMF) Security Assessment and Authorization (SAA) process through the validation of security configurations to ensure compliance.

Maintained a working knowledge of Government and Laboratory security policies and procedures and the requirements of the Federal Information Security Management Act (FISMA)

Responded to multiple, challenging, fast-paced tasks and prioritize to meet changing requirements

Globacom Ghana 06/2012 - 12/2014

Cyber Intelligence Analyst (Intern)

Provided system administration support for Windows systems including server, router, switches and workstation upgrades, backup and disaster recovery monitoring and security administration.

Performed daily, weekly, monthly maintenance, backups/restorative exercises, reviewing server logs for prospective issues, as well as ensuring that anti-virus software and security patches are routinely updated and functioning

Assisted in Architectural and implementing new Firewalls at different locations across the country for connectivity to replace aging current windows-based firewalls in the production environment.

Supervised the technical staff to troubleshoot complex issues faced by system users

Ensured daily activities are aligned with Network operations priorities and objectives

Prepared and delivered system performance statistics and reports weekly (disk usage, forefront reports)

Supported and maintained network hardware, network operating systems and system applications

Reviewed multiple computer systems capabilities, workflow and scheduling limitations in order to increase productivity

Conducted meetings with IT teams to gather documentation and evidence about their control environment

Documented test results, exception handling process and remediation plans

CERTIFICATION & Training

CompTIA A+

CompTIA Security +

CISA

Scrum Master

EDUCATION

University of Baltimore,

BSc, Information Systems and Technology Management Anticipated Graduation 12/2021

Contact this candidate