Sign in

information assurance analyst

Fredericksburg, Virginia, 22401, United States
August 29, 2017

Contact this candidate

Ebenezer Manu

571*******:cell Fredericksburg, VA 22406.IT Security Assessment and FISMA Compliance AnalystIT Security Professional with over 5 years of experience in System Security Monitoring,Auditing and Evaluation, Security Assessment & Authorization (SA&A), and Risk Assessment.Detailed knowledge of security tools, technologies and best practices with more emphasis onFISMA and NIST RMF. I am a fast learner, have the ability to multi-task, and can also workindependently and as a contributing team member. I have a strong verbal/written communicationskills and Technical Writing skills.Summary of Qualifications Perform Certification and Accreditation documentation in compliance with companystandards. Develop, review and evaluated System Security Plan based NIST Special Publications. Perform comprehensive assessments and write reviews of management, operational andtechnical security controls for audited applications and information systems. Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A. Ability to multi-task, work independently and as part of a team. Strong analytical and quantitative skills. Effective interpersonal and verbal/written communication skills. Risk Assessment, vulnerability scans, annual contingency plan testing, POA&Mmanagement.Professional ExperienceAmazon Contractor, April 2014 – PresentIT Security Analyst Conduct continuous monitoring and periodic self-inspections of facility and computersystems to ensure compliance with accreditation/certification documentation package forapproved systems and proactively report results to management; make recommendationsfor and implement improvements as needed. Ensure configuration management is appropriate for all Information Systems (IS)software and hardware, including that change control requirements are documented andtracked. Ensure security logs and audit trails are reviewed in accordance with establishedschedule.

P a g e 2 Assist System Owners and ISSOs in preparing Assessment and Authorization packagesfor client IT systems, making sure that management, operational and technical securitycontrols adhere to formal and well-established security requirements authorized by NISTSP 800-53 Rev 4. Initiate kick-off meetings to collect system information to assist in the categorizationphase using FIPS 199 and NIST SP 800-60. Review and update Contingency Plan (CP) using NIST SP 80-34 guidelines. Document and finalize the Security Assessment Report (SAR) based on the findings discovered from the Security test and Evaluation (ST&E). Prepare reports recommending remediation methods for identified vulnerabilities whileperforming system assessments and evaluations. Provide IT security consulting to system owners regarding security documents such assecurity incident reports, equipment/software inventories, operating instructions andcontingency plans. Coordinate with business, clinical, and compliance leaders to ensure security programsare in compliance with HIPAA Security Rule and other relevant laws, regulations andpolicies to minimize or eliminate risk and audit findings. Worked with system administrators, developers and users to ensure compliance with thegovernment policies. Demonstrated experiences in vulnerability scan and remediation. Reviewed and analyzed scanning results and provided recommendations concerningvulnerability mitigation efforts. Develops, reviews, and updates information security system policies, system securityplans (SSP) in accordance with NIST, FISMA and OMB CIRCULAR A-130. ActiveDirectory and Exchange user support. Applied appropriate information security controls for Federal Information Systems basedon NIST 800 Series, 800-37 REV.1 Applying the RMF Risk Management Framework,800-30, 800- 34, 800-80 SP 800-53 REV.4, FIPS 199 and FIPS 200. Performed risk management, maintained the risk register and worked with team todevelop mitigation and contingency plans. FDIC February 2010 – May 2014C&A FISMA Specialist Perform Certification and Accreditation (C&A) activities for Federal agencies Conducted kick off meetings with assessment stakeholders to discuss the assessmentscope, timelines as well as roles and responsibilities of involved parties. Undertook IT Control risk assessment to identify system threats, vulnerabilities and risk,and generate reports. Developed and conducted Security Test and Evaluations (ST&E) according to NIST SP800-53A. Used and applies knowledge of C&A policies, guidelines, and regulations in theassessment of IT systems and the documentation and preparation of related documents.

P a g e 3 Executed vulnerability assessment and vulnerability scanning tools such as Retina, on achallenging and complex systems-wide information assurance/ system securityenvironment requiring analysis of user, operational, policy, regulatory, and resourcedemands. Worked with C&A team members and senior representatives to establish and defineprograms, resources, schedules, and risks. Responsibilities include participation in site or application assessment tasks Created standard templates for required security assessment and authorizationdocuments; Risk Assessment (RA), System Security Plan (SSP), Contingency Plan (CP)and System Security Plan (SSP). Conducted periodic IT Risk Assessment and Reviewed AC controls for any deficienciesand reported to the ISSO for appropriate mitigation actions. Assisted in the development of an information security continuous monitoring strategy. Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security TestEvaluation (ST&E) and Plan of Actions Milestones (POA&M). Worked as part of a Security Control Assessment (SCA) team to assess informationsystems Performed vulnerability assessments of information systems in compliance with NIST800-53 and other client-specific standards. Software/Platform/ArtifactsMS Office Suite, Windows, FIPS 199, NIST SP 800-60, E-Authentication, Privacy ThresholdAnalysis, PIA, Risk Assessment Report, Risk Management (RMF) System Security Plan,Contingency Plan, ST&E, NIST SP 800-53A, Security Assessment Report, POA&M, ATO.EDUCATION University of Education (Ghana) Bachelors of Science Transcript Enterprise Certification & Accreditation Training Information Assurance Awareness training DIACAP Overview & Implementation trainingCETIFICATIONS CAP in progress C&A training Security Clearance Public Trust/Active Clearance

Contact this candidate