Risk Management System Security
Resume:
Benard Damptey
Burtonsville, MD *****
*************@*****.***
EXECUTIVE SUMMARY
Over 7 years of successful experience in cybersecurity industry and ability to work in a fast-paced enterprise environment and has an excellent grasp of cybersecurity within an enterprise government cloud environment, strong background in Cloud Computing and able to apply FedRAMP, and RMF security practice expertise across complex cloud architectures. Security Lead who provides regulatory, compliance, and cybersecurity guidance. Lead and manage NIST-based system security assessments, continuous monitoring, and/or other Assessment and Authorization (A&A) activities, Third Party Vendor Risk Management, Vulnerability Management, and DoD CMMC. Vast experience in regulatory framework includes NIST 800 Series, FedRAMP, CMMC, ISO 27001, HITRUST, and proficient in Microsoft office suite (Word, Excel, PowerPoint, Outlook).
TECHNICAL SKILLS :
RISK Management Framework (RMF)
NIST, ISO 27001, FEDRAMP, FISMA
Cyber Security Maturity Model Certification (CMMC)
NIST 800-171 CUI
Continuous Security Monitoring
Security Management
Risk Assessment
Governance Risk Compliance (GRC)
Vulnerability Management
Microsoft Suite
Documentation : Policies, Processes, SSP
PROFESSIONAL CERTIFICATIONS:
CISA
PROFESSIONAL TRAINING :
Information System Security Training
FISMA Compliance Training
Information Awareness Training
CMMC Training
ISO 27001 Training
Professional Experience:
Mildeeng Systems, LLC April 2019- Present
Information Security Analyst
Provide subject matter expertise in the provision of Information Assurance (IA) support for Certification and Accreditation (C&A), Authorization and Accreditation (A&A), and DIACAP or RMF accreditation packages, STIG, artifact generation, requirements analysis, Security Test and Evaluation (ST&E) plans and execution, risk assessments, systems analysis, and hardening, incident response and policy analysis, trusted product evaluations, IA program assessments, and security posture presentations.
Integrating FedRAMP requirements / documentation / artifacts into GRC solution (RSA Archer, Phalanx)
Review and evaluate internal controls and supporting documentation to determine if current client compliance meets requirements for CUI or CMMC
Demonstrate subject matter expertise in FedRAMP (Federal Risk Authorization Management Program), NIST SP 800-53 Rev 4, NIST SP 800-37, FISMA (Federal Information Systems Management Act), NIST RMF (Risk Management Framework) Supporting Systems Security Assessment and Authorization (SA&A;) for Federal Agencies.
Reviewing, analyzing and evaluating business systems and user needs in areas of Authorization and Accreditation (A&A) and Plans of Action and Milestones (POA&Ms) for a FedRAMP system
Document and upload deliverables and requirements in GRC tool.
Performing risk assessment and generate a report for mitigation
Ensure compliance with applicable privacy requirements; evaluate and monitor privacy policies, procedures and processes; and manage privacy risks
Support the implementation of the requirements of the Privacy Act and OMB Guidance
Develop Privacy Impact Assessment (PIA) and Coordinate with team to validate the appropriate SORN is linked to each PIA
Develop and maintain a review checklist for validating SORN compliance
Maintain the list of SORN System Owners
Review Privacy Compliance documentation, including Privacy Threshold Analysis (PTAs), System of Record Notices (SORNs), and Privacy Impact Assessments (PIAs).
Review and analyze operational and proposed Component systems to identify real/potential privacy risks and develop mitigation strategies.
Develop and maintain documentation to support the assessment process including the System Security Plan (SSP), Plan of Action & Milestone (POA&M), Risk Assessment (RA), policies and procedures, security control baselines following NIST guideline, and security practices.
Develop and promulgate Security Assessment Plans (SAP) and Security Assessment Reports (SARs)
Vital Click LLC Febuary 2016 – March 2019
Cybersecurity Analyst
Lead the development, assessment, and analyzing of cyber security documentation for internal and tenant service offerings information systems in accordance with FISMA, NIST RMF for government contact and private sectors.
Performs vulnerability/risk assessment analysis to support certification and accreditation. Provides configuration management (CM) for information system security software, hardware, and firmware. Manages changes to system and assesses the security impact of those changes.
Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Assessment & Authorization (A&A) packages, and System Controls Traceability Matrices (SCTMs). Supports security authorization activities in compliance with the NIST Risk Management Framework (RMF) and any clients tailored requirements
Help our customers to implement and enforce NIST 800-53, NIST 800-171, and CMMC requirements
Develop and maintain system security plans (SSP), contingency plans (CP), incident response plans (IRP), configuration management plans, security control requirements and assessments, Plan of Action and Milestones (POA&M), and training requirements.
Ensuring that existing business environments adhere to Federal Information Assurance policies and procedures to acquire and maintain an Information System's Authority to Operate (ATO) under the Federal Information Security Management Act (FISMA) and other client specified regulatory/Security standards
Coordinate with internal stakeholder engineering teams to demonstrate the implementation of security compliance control implementations for technical, management, and operational requirements
Audit security control to ensure compliance with cloud requirements and governance models
Support the development of technical material, operational processes, security policies, and other core documents
Define and maintain the security management program for the Cloud environment including its security policy, practices, standards, procedures, and processes, coordinate and support regular security audits as part of the comprehensive System Security Policy, standards, practices and procedures, in order to maintain security authority to operate.
Coordinate and support risk assessments and ensure corrective action on any identified security exposures.
Education:
2008-2012 Legon University Ghana
Information Technology
Contact this candidate