SAMUEL AGYEMANG

Pensacola, FL

*****

508-***-****

ad10jk@r.postjobfree.com

PROFILE

Cybersecurity professional and risk assessment Analyst with years of experience in IT General controls ISO, NIST, Risk management framework, and third-party risk assessment. SOC 1/SOC 2 and IT control frameworks with an emphasis on delivering solutions to meet business objectives. I am well known for being a team player, having great communication skills, and analytical abilities, and exceeding expectations with a track record for displaying enthusiasm to succeed while maintaining trusting relationships with internal and external stakeholders.

SUMMARY OF QUALIFICATIONS

●Risk Management Documentation

●Security Auditing and Compliance. (RMF, NIST 800 Series, ISO 27001/27002, PCI DSS), OWASP etc.

●Security Assessment Methodology

●Security Policies Review and Remediation

●Vendor Risk Management

●Data Analysis and Reporting

●SSAE 18 SOC 1 / SOC 2 attestation standards.

PROFESSIONAL EXPERIENCE

SPHERION STAFFING SERVICES, PENSACOLA, FL

Vulnerability and Risk Analyst, November 2022 (CONTRACT) – Present

Utilize vulnerability scanning solutions such as CIS CAT and Nessus to identify system vulnerabilities on critical infrastructure as well as develop remediation plans to address risk.

Perform vulnerability assessment, assess the weaknesses identified and prioritize the remediation based on the CVSS, and track remediation with the relevant business unit and control owners.

Conduct IT controls risk assessments including reviewing organizational policies, standards, and procedures and providing advice on their adequacy, accuracy, and compliance with industry standards.

Make sure risks are assessed and proper actions taken to mitigate them.

Advise the business on how to strengthen and manage their control environment concerning oversight of procedures/processes, accurate regulatory reporting and filings, governance documentation, risk control self-assessments, and control design and new product controls.

Working knowledge of industry tools like Nessus, IDS/IPS, and Splunk.

CYBER WORKFORCE 365 LLC, RICHMOND, VA

Cyber Security Analyst, March 2022- November 2022

●Develop, review, and update information security system documentation, including System Security Plan (SSP), Plan of Action and milestone (POA&M), Risk Assessment (RA), disaster recovery, policies and procedures, security control baselines by NIST guidelines, and security practices.

●Apply appropriate information security control for the Federal Information System based on NIST 800-37 rev1, SP 800-53, FIPS 199, FIPS 200, and NIST SP 800-53A R4.

●Assess security controls and develop a security assessment report (SAR).

●Support A&A activities (Categorization, Selection, Implementation, Assessment, Authorization, and Continuous Monitoring) according to the A&A project plan.

●Evaluate security solutions and implementation strategies for IT systems and services and maintain the operational security posture of development, integration, and deployed capabilities.

●Execute, examine, interview, and test procedures by NIST SP 800-53A Revision 4.

●Reviewing and maintaining product documentation about upgrades, patches, and connectivity configurations.

●Assist team members with proper artifact collection and details to clients that will satisfy assessment requirements.

●Ensuring security processes and procedures align with information security policies and standards.

●Manage vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on single or multiple assets across the enterprise network.

CYBER GHANA, ACCRA, GH

Security Controls Assessor (Feb 2018 – Jan 2022)

Supported client’s Risk Management Framework (RMF) Security Assessment and Authorization (SAA) process through the validation of security configurations to ensure compliance.

●Performed Vendor/3rd Party Security Risk Assessment to assess vendor controls’ effectiveness against ISO 27001.

●Performed risk and control assessments for all high-risk third-party service providers to evaluate the effectiveness of control systems.

●Engaged with service providers to obtain due diligence reports and evidence of control operation.

●Monitored the risk and control environment to ensure that exposures are kept at acceptable levels and may consult on risk mitigation plans.

TRIEDY COMPANY, ACCRA, GH

Information Assurance Analyst Feb 2014 – Jan 2018

Guided System Owners and ISSOs through the Certification and Accreditation (C&A) process

Ensured that management, operational, and technical controls for securing either Sensitive Security Systems or IT Systems are in place and are adhered to by state guidelines.

Reassessing the controls and deficiencies and retesting all the identified key controls within SOX guidelines.

Participated in planning, training, and preparation for contingency and disaster recovery operations.

Ensured that appropriate steps were taken to implement information security requirements for IT systems.

Monitored controls post-authorization to ensure continuous compliance with the security requirements.

ELECTRICITY COMPANY OF GHANA

Materials/ Procurement Assistant, (national service) OCT 2011 – DEC 2013

Ensuring the proper receipt of all Local Purchases, nonstock items, and all return to stock, materials from Projects/jobs.

Liaising with the Supervisor to prepare reports on deliveries and outstanding orders

Notifying the Materials/Planning & Stock Control through the Supervisor of damages and discrepancies in quantity and physical fitness deliveries.

Preparing delivery reports and User Certificates and distributing these documents to all Stakeholders

Assisting the Supervisor in the preparation of weekly/monthly status reports and all the activities of the Receiving Bay

Ensuring the proper receipt of all Local Purchases, nonstock items, and all returns to stock, materials from Projects/jobs

Preparing reports on deliveries and outstanding orders

TECHNOLOGY SUMMARY

Security Technologies: Splunk, Service Now, Nessus, CIS CAT

KEY SKILLS

Network & System Security and FISMA Compliance

Risk Management, Authentication, and Access Control

Vulnerability Assessment, System Monitoring & Regulatory Compliance

EDUCATION

SOUTHERN NEW HAMPSHIRE UNIVERSITY

MS INFORMATION TECHNOLOGY (INFORMATION SECURITY) In Progress

METHODIST UNIVERSITY COLLEGE GHANA

B.Sc. PROCUREMENT AND SUPPLY CHAIN MANAGEMENT

ACCRA POLYTECHNIC

HND PURCHASING AND SUPPLY

CERTIFICATIONS

CompTIA Security +

Certified Information Security Manager (CISM).

Contact this candidate