Francis Poku

Dumfries, VA ***** Cell 703-***-****

ad1kve@r.postjobfree.com

PROFILE

Subject matter expert in Information Security Risk Assessment with focus on PCI-DSS. IT audit and controls professional with experience in internal controls assessment, information security and risk management, NIST SP Series, FIPS, HIPAA, SOX, FISMA and Fed RAMP.

Demonstrated capacity to effectively assess new and emerging technologies and concepts.

Summary of qualifications

●Over 7 years’ experience assisting in the performance of comprehensive assessments and reviews of management, operational and technical security controls for audited applications and information systems.

●Working knowledge in PCI-DSS framework, from conducting vendor assessments to preparing a report on compliance (ROC)

●Highly knowledgeable in performing Security Control Assessments (SCAs), preparing report on management and operational and technical security controls for audited applications and information systems

●Experienced with Planning System Security Checklists and Privacy Impact Assessments

●Experienced with Performing Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders

●Experienced in Documenting and reviewing System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO)

●Experienced with Performing Security Categorization (FIPS 199), reviewing and ensuring Privacy Impact Assessment (PIA) document after a positive PTA is created

●Experienced with identifying and communicating security exposures and information security incidents

●Experienced with working face-to-face with multiple stakeholders, interviewing, planning, and participating in a team effort to bring multiple complex projects to execution in a highly motivated environment

●Have working knowledge of Windows OS, MS Office, Vulnerability Assessment tools (Nessus) McAfee VirusScan Enterprise, SharePoint, Excel, Nessus

Professional Experience

COALFIRE SYSTEMS, INC.

PCI Consultant, July 2021 –Present

●Autonomously leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements

●Assess security vulnerabilities against the appropriate security frameworks

●Draft audit programs that sufficiently address both the required objectives of the regulatory body and complexity of the client environment

●Work collaboratively with a team of assessors as a compliance specialist and assist with the planning of assessment for clients

●Collaborates and communicates successfully with project managers, quality management and/or other delivery team members to drive customer satisfaction and meet project deliverables

●Provides advice to customers on issues affecting the scope of work in a manner that provides additional value

●Execute, examine, interview and test procedures in accordance with the appropriate control

●Educate and interpret compliance activities for clients

●Assess client provided documentation for compliance with a variety of standards

●Interface with clients though entire engagements, interacting with all levels of client organization

●Assess internal threats, risks, and vulnerabilities from emerging security issues

●Serve as a lead assessor and assign tasks to the security assessment team; develop associated schedules and resource plans to complete the assessments.

PACIFIC CYBER SOLUTIONS – Alexandria, VA

System Security Analyst, January 2016-July 2021

● Scheduled kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.

●Devised solutions to operational problems within the capacity and operational limitations of installed equipment to ensure projects are in compliance with customer regulations, policies, directives, guides, and other information security related processes.

●Followed operational process and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents or issues.

●Protected the firm's business information and any client information within its custody by safeguarding its confidentiality, integrity and availability.

●Troubleshoot and resolve computer issues, software/hardware upgrades, and provide technical support as requested.

●Monitored the organization's IT system to look for threats to security, established protocols for identifying and neutralizing threats, and maintained updated anti-virus software to block threats

●Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)

●Conducted I.T controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard

●Conducted onsite security awareness training opportunities for staff and ensure all direct reporting staff complete required trainings

●Monitored and submitted internal progress reports to leadership & community partners

●Developed regular communication with contract managers for program

●Tested new software with various operating systems, performed applications installation, re-installation, and updated software for users as released by vendors

●Ensured daily activities are aligned with Network operations priorities and objectives

Technology summary

●Software: Microsoft Office Suite 2010 such as Excel, Outlook, Power Point, Project, Visio, Word

●Storage Tools: Splunk, Risk Vision and SharePoint, ServiceNow, JIRA

●Knowledgeable and Experience with: FIPS, HITRUST, ISO27001, NIST Standard, FISMA,

●System Security Monitoring, Risk Assessments, Audit Engagements, Testing Information

●Technology Controls, Developing Security Policy Procedures & Guidelines, HIPAA, SSP, ST&E and PCI-DSS

EDUCATION

VIRGINIA COMMONWEALTH UNIVERSITY, Richmond, VA

Masters in Accounting – Minor: Information Systems, (2012)

UNIVERSITY OF SCIENCE AND TECHNOLOGY, Ghana

Bachelor of Science, Information Technology Studies (2000)

certifications

●Qualified Security Assessor (QSA)

●Certified Information Systems Manager (CISM)

●Certified Information Systems Auditor (CISA)

●CompTIA – Security + CE

●Project Management Professional (PMP)

Contact this candidate