Joseph Narh

405-***-**** ad0vdx@r.postjobfree.com union,new jersey

SUMMARY

An experienced analyst in information technology audits and information security. Highly motivated and detail-oriented IT Security Analyst with thorough knowledge and understanding of FISMA’s Risk Management Framework and backed by about 4 years of hands-on experience. My additional competencies include FISMA Audits, and Service Organization Audits. Looking for a challenging position with a progressive company for career development where my skills and experience can be further fully utilized in achieving the goals and objectives of the organization.

STANDARDS

NIST SP 800-53A, FIPS, FISMA, FEDRAMP COSO/COBIT, Sarbanes-Oxley Act, SAS-70, Access Control, Audit and Accountability, HIPAA ISO 27001/2, General Computer Controls, Application Control Testing, Compliance Testing, Risk Assessment, Vendor Risk/Third Party Risk Management, Change Management, Security Maintenance, Contingency Planning, PCI DSS.

EDUCATION/PROFESSIONAL CERTIFICATIONS

B.Sc. Computer Science

Garden City University, Kumasi Ghana

CompTIA Security+

EC-Council-CEH( in-view)

ISACA-CISM (in-view)

PROFESSIONAL EXPERIENCE

June 2020 - Present

GDIT (Contractor)

Information Security Control Analyst

Develops NIST / FISMA SA&A documentation for systems and networks undergoing certification and validate the quality of deliverables produced by the team

Assesses risks, identify mitigation requirements and develop accreditation recommendations; be responsible for tracking SA&A requirements for assigned systems within the agency and validate those tasks are on schedule, and ensure the delivery of quality documentation

Reviews and edits draft security artifacts as assigned to ensure compliance with SA&A, and FISMA

Assists in the creation of SA&A packages with the responsibility for gathering information from system owners, applying data to the appropriate templates, and attending meetings in support of the effort

Coordinates the quality-control activities required to ensure the accuracy and adequacy of each deliverable, including in-process and final reviews, editing for compliance with all applicable specifications and standards, validation, and change verification

Coordinates, develops, and evaluates security programs for an organization. Recommends information assurance/security solutions to support customers’ requirements

Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands using NIST 800-53 requirements

Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle

Assists in responding to requests for information from OMB A-123, FISMA, GAO, and external auditors.

Provides support for Agency’s audit related weaknesses to include reporting, tracking and oversight that is aligned with Federal, Department, and Agency policy.

Tracks and reports remedial actions (POA&Ms) on a quarterly basis.

July 2019 – June 2020

Leidos (Contractor)

Information Security Analyst

Conducted security control assessments that included validations documentation review, implementation statements, component implication of security controls, configurations (STIG, etc.) of General Support System, public-facing internet, employee intranet, and applications for tracking foreign travel, visa/passport usage, grants spending, and ad hoc administrative requests.

Conducted assessments and analysis against systems within Agile Framework, Cloud Service Provider (CSP), and Security Development Operations (SecDevOps) environments.

Assessed the cybersecurity risk within the overall Risk Management Framework (RMF) Assessment, NIST 800-30, and Agency SA&A process.

Created Security Assessment Plan(s) that addressed all systems using Agency-provided templates.

Scheduled and conducted security control assessment kickoff meetings with stakeholders.

Performed the Security Assessment by conducting interviews with appropriate personnel, requested for and examined documentation as needed, and documented all test procedures and results in client’s GRC tool (CSAM, Archer, etc.).

Supported source code reviews and determined valid findings through scan analysis utilizing a variety of automated and manual testing tools.

Created Security Assessment Report(s) (SARs) that addresses all systems using Agency-provided template.

Identified the residual risk of IT systems in support of security authorization.

Created draft Plan of Action and Milestone (POA&M) items for deficient controls as applicable and upload into client’s GRC tool (CSAM, Archer, etc.).

Assisted with resolving POA&Ms as needed.

Created Security Control Assessment packages upon completion of the security assessment.

January 2017 – July 2019

INOVA Health Systems (Contractor)

Risk and Compliance Analyst

Executed tasks associated with complex client inquiries, client security contracts/addendums, audits, and assessments as required for client contractual, regulatory and compliance obligations. Provides in-depth recommendations to resolve issues.

Liaison with external auditors and internal control owners to support various internal and external audits/assessments such as SSAE 18 SOC 1, SOC 2, ISO 27001, HIPPA, HITRUST, Cloud Security Alliance (CSA) and AUP

Provided approved responses to client inquiries and maintain library of records, documentation, and responses

Represented the Cyber Security, Risk & Compliance team on input to contract requirements relating to information technology and security controls

Assisted in determining the scope of onsite visits, audits, and assessments as defined by contracts and regulatory requirements

Recommended and helped develop appropriate information security policies, standards, procedures, checklists, and guidelines using generally recognized security concepts tailored to meet the requirements of the organization

Helped identify security risks in the hardware, software, and systems used by the organization

Conducted compliance improvement for medical standards and HIPPA laws and reports

Contact this candidate