SAMUEL AGYEMANG
Pensacola, FL
ad10jk@r.postjobfree.com
PROFILE
Cybersecurity professional and risk assessment Analyst with years of experience in IT General controls ISO, NIST, Risk management framework, and third-party risk assessment. SOC 1/SOC 2 and IT control frameworks with an emphasis on delivering solutions to meet business objectives. I am well known for being a team player, having great communication skills, and analytical abilities, and exceeding expectations with a track record for displaying enthusiasm to succeed while maintaining trusting relationships with internal and external stakeholders.
SUMMARY OF QUALIFICATIONS
●Risk Management Documentation
●Security Auditing and Compliance. (RMF, NIST 800 Series, ISO 27001/27002, PCI DSS), OWASP etc.
●Security Assessment Methodology
●Security Policies Review and Remediation
●Vendor Risk Management
●Data Analysis and Reporting
●SSAE 18 SOC 1 / SOC 2 attestation standards.
PROFESSIONAL EXPERIENCE
SPHERION STAFFING SERVICES, PENSACOLA, FL
Vulnerability and Risk Analyst, November 2022 (CONTRACT) – Present
Utilize vulnerability scanning solutions such as CIS CAT and Nessus to identify system vulnerabilities on critical infrastructure as well as develop remediation plans to address risk.
Perform vulnerability assessment, assess the weaknesses identified and prioritize the remediation based on the CVSS, and track remediation with the relevant business unit and control owners.
Conduct IT controls risk assessments including reviewing organizational policies, standards, and procedures and providing advice on their adequacy, accuracy, and compliance with industry standards.
Make sure risks are assessed and proper actions taken to mitigate them.
Advise the business on how to strengthen and manage their control environment concerning oversight of procedures/processes, accurate regulatory reporting and filings, governance documentation, risk control self-assessments, and control design and new product controls.
Working knowledge of industry tools like Nessus, IDS/IPS, and Splunk.
CYBER WORKFORCE 365 LLC, RICHMOND, VA
Cyber Security Analyst, March 2022- November 2022
●Develop, review, and update information security system documentation, including System Security Plan (SSP), Plan of Action and milestone (POA&M), Risk Assessment (RA), disaster recovery, policies and procedures, security control baselines by NIST guidelines, and security practices.
●Apply appropriate information security control for the Federal Information System based on NIST 800-37 rev1, SP 800-53, FIPS 199, FIPS 200, and NIST SP 800-53A R4.
●Assess security controls and develop a security assessment report (SAR).
●Support A&A activities (Categorization, Selection, Implementation, Assessment, Authorization, and Continuous Monitoring) according to the A&A project plan.
●Evaluate security solutions and implementation strategies for IT systems and services and maintain the operational security posture of development, integration, and deployed capabilities.
●Execute, examine, interview, and test procedures by NIST SP 800-53A Revision 4.
●Reviewing and maintaining product documentation about upgrades, patches, and connectivity configurations.
●Assist team members with proper artifact collection and details to clients that will satisfy assessment requirements.
●Ensuring security processes and procedures align with information security policies and standards.
●Manage vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on single or multiple assets across the enterprise network.
CYBER GHANA, ACCRA, GH
Security Controls Assessor (Feb 2018 – Jan 2022)
Supported client’s Risk Management Framework (RMF) Security Assessment and Authorization (SAA) process through the validation of security configurations to ensure compliance.
●Performed Vendor/3rd Party Security Risk Assessment to assess vendor controls’ effectiveness against ISO 27001.
●Performed risk and control assessments for all high-risk third-party service providers to evaluate the effectiveness of control systems.
●Engaged with service providers to obtain due diligence reports and evidence of control operation.
●Monitored the risk and control environment to ensure that exposures are kept at acceptable levels and may consult on risk mitigation plans.
TRIEDY COMPANY, ACCRA, GH
Information Assurance Analyst Feb 2014 – Jan 2018
Guided System Owners and ISSOs through the Certification and Accreditation (C&A) process
Ensured that management, operational, and technical controls for securing either Sensitive Security Systems or IT Systems are in place and are adhered to by state guidelines.
Reassessing the controls and deficiencies and retesting all the identified key controls within SOX guidelines.
Participated in planning, training, and preparation for contingency and disaster recovery operations.
Ensured that appropriate steps were taken to implement information security requirements for IT systems.
Monitored controls post-authorization to ensure continuous compliance with the security requirements.
ELECTRICITY COMPANY OF GHANA
Materials/ Procurement Assistant, (national service) OCT 2011 – DEC 2013
Ensuring the proper receipt of all Local Purchases, nonstock items, and all return to stock, materials from Projects/jobs.
Liaising with the Supervisor to prepare reports on deliveries and outstanding orders
Notifying the Materials/Planning & Stock Control through the Supervisor of damages and discrepancies in quantity and physical fitness deliveries.
Preparing delivery reports and User Certificates and distributing these documents to all Stakeholders
Assisting the Supervisor in the preparation of weekly/monthly status reports and all the activities of the Receiving Bay
Ensuring the proper receipt of all Local Purchases, nonstock items, and all returns to stock, materials from Projects/jobs
Preparing reports on deliveries and outstanding orders
TECHNOLOGY SUMMARY
Security Technologies: Splunk, Service Now, Nessus, CIS CAT
KEY SKILLS
Network & System Security and FISMA Compliance
Risk Management, Authentication, and Access Control
Vulnerability Assessment, System Monitoring & Regulatory Compliance
EDUCATION
SOUTHERN NEW HAMPSHIRE UNIVERSITY
MS INFORMATION TECHNOLOGY (INFORMATION SECURITY) In Progress
METHODIST UNIVERSITY COLLEGE GHANA
B.Sc. PROCUREMENT AND SUPPLY CHAIN MANAGEMENT
ACCRA POLYTECHNIC
HND PURCHASING AND SUPPLY
CERTIFICATIONS
CompTIA Security +
Certified Information Security Manager (CISM).