Information Security Analyst

MR. SAMUEL APPIAH

TELEPHONE: 614-***-****

EMAIL: *****@*******.**.***

OBJECTIVE

Seeking an Information System Security position in a dynamic organization which focuses primarily on the following: FISMA, Sarbanes-Oxley 404, System Security Monitoring and Auditing, Risk Assessments, Testing Information Technology Controls and Developing Security Policies, Procedures and Guidelines.

STANDARDS

COSO/COBIT Frameworks, Sarbanes-Oxley Act, ISO 27001, Privacy Act of 2002, Gramm–Leach–Bliley Act (GLB)/Financial Modernization Act of 1999, Certification and Accreditation, Project Management, Change Management, NIST Special Publication Series, FIPS, STIG, & FISMA.

SUMMARY OF QUALIFICATIONS

A demonstrated leader in Information Security and Risk Management with focus on FISMA, System Security evaluation, validation, monitoring, risk assessments and audit engagements. I am an accomplished analyst with over eight years of experience in assessing information security risks and coordinating remediation efforts. I have strong managerial skills and expertise in developing strategic partnerships. I am very flexible and easily adapt to new environments. I also have great analytical and organizational skills as well as familiarity with a wide variety of applications, operating systems, servers, and various network devices. Have experience in interfacing with system owners, system security personnel, and executive level management.

SECURITY CERTIFICATIONS

CompTIA Security+ CE

Certified Authorization Professional (CAP)—Candidate

C.I.S.S.P.--Candidate

EDUCATION

Associate of Science in Math & Computer Science

Bridgewater College, Bridgewater, VA

Master of Arts in Christian Apologetics

Newburgh Theological Seminary, Newburgh, IN

(CYBERSECURITY EXPERIENCE)

NetSage Corporation February 2014- present

IT Security Analyst

Conducts kick off meetings to categorize information and information systems using the approved IT security framework: FIPS 199/NIST 800-60

Conducts security control assessments to ascertain the adequacy of management, operational, and technical security controls implemented

Develop Security Assessment Report (SAR) detailing the results of the assessment along with the Plan of Action and Milestones (POA&M)

Assists in the development of an Information Security Continuous Monitoring Strategies to help the agency in maintaining an ongoing awareness of information security, vulnerabilities, and emerging threats to support organizational risk management decisions

Reviews Privacy Threshold Analysis (PTA) documents to verify if the Information System collects or stores Personally Identifiable Information (PII), and to identify what type of (PII) is collected and stored

Periodically updates System Security Plan (SSP) describing all new controls implemented and those planned by the agency to meet all Federal information system security requirements

Works with C&A team members and senior representatives to establish and define programs such as, Agile DevOps, resources, schedules, and risks

Requests and reviews documents/artifacts to verify that System Personnel have performed Contingency Plan Tests to ensure systems’ recoverability as defined in IT systems security requirements

Reviews Certification and Accreditation Packages for compliance with NIST SP 800-37

Secure Innovations, Inc February 2011- January 2014

Security Controls Assessor

Worked within the Assessment and Compliance teams in conducting assessments and ensuring compliance for the agency’s Insurance Centers, Data Centers and their Cloud Implementations (FedRAMP) for low, moderate and high impact systems, and validated their HIPAA compliance

Worked with the Plan of Action and Milestones (POA&M) teams to remediate vulnerabilities of various Insurance Centers, Data centers and their Cloud Service providers for moderate and high impact systems

Assessed security controls using Organization IT Security Policy Handbook and NIST Special Publications 800-53A to provide information necessary to determine their overall effectiveness and compliance

Led teams to work onsite with each facility’s technical team and leadership to ensure recommendations are maximized

Developed Plan of Action & Milestones (POAM) document to take corrective actions resulting from ST&E (System Test & Evaluation)

Conducted IT controls risk assessments that included reviewing organizational policies, standards and procedures, interviewed appropriate personnel, and provided recommendations on adequacy, accuracy and compliance with regulatory standards using NIST SP 800-53A

Worked effectively with all levels of management, staff and cross-functional security teams within the organization to identify and implement information assurance controls authorized by NIST SP 800-53

Earned recommendation for teamwork, flexibility and work excellence in providing IT support to students and faculty

REFERENCES

Professional references will be furnished upon request

Contact this candidate