Augustine Baafi Bonsu

US Citizen – Secret Security Clearance

TEL: 571-***-****

ad29ct@r.postjobfree.com

EXECUTIVE SUMMARY

COMMITMENT LEADERSHIP INTEGRITY

Augustine has extensive background and experience in Federal Information Security Management, IT infrastructures, and ensuring secure design, operations, and maintenance of large information systems, enterprise networks, and data centers. He has experience specializing in risk assessment, system controls, auditing policies and procedures, change management, testing, and business process verification and validation. He also has hands-on experience in vulnerability assessment, implementation of the Plans of Actions and Milestones / Corrective Action Plans, as well as remediation of documented threats and vulnerabilities. A subject matter expert in the field of risk-based certification and accreditation using various flavors of the State, Federal, as well as International Cybersecurity frameworks (e.g., NIST RMF, FedRAMP, HIPAA, ISO 27001, etc.). Also proficient with common information security assessment tools (e.g., eMASS, CSAM, Nessus, Webs Inspect, Net Sparker, etc.) Knowledge of industry standards and proven track record of implementing the necessary controls to ensure compliance. Dedicated to maintaining a reputation built on quality, service, and uncompromising ethics.

PROFESSIONAL CERTIFICATION

CompTIA Security +

CISA

PROFESSIONAL TRAINING:

Enterprise Certification & Accreditation Training

Information Systems Security training,

Certification and Accreditation Document Review training,

Anti-Phishing training,

CAP: Certified Authorization Professional Training,

FISMA Compliance Certification,

KPMG (CONTRACTOR) June 2020 – Present

ISSE

Conducts security assessments of customer systems and systems audits.

Prepares IT security audit.

Works with system engineers to assemble accreditation packages, including SSP, SAR, POA&Ms, RAR, Authorization Decision Letter, ATO request letter, Executive summary. etc.

Collaborates with 3PAO’s to prepare application materials demonstrating that the organization meets both technical competence in security assessment of cloud systems and management requirements for organizations performing inspections.

Conducts a FedRAMP readiness study to provide the Agency with an assessment of their capabilities to achieve FedRAMP accreditation.

Identifies FedRAMP Boundary components in customer deployments.

Knowledge of current security threats, techniques, and landscape for on-premises and Hybrid cloud-hosted systems and services

Evaluates IT systems involving software, hardware, configuration, and proposed changes to ensure IT security posture follows existing information security policies and regulations.

Collects evidence to support the implementation of system baseline security controls and performs analysis on evidence to ensure compliance with the systems security plan and risk management framework designs.

Develops Security Control Assessment Plan to conduct security assessment.

Coordinates and schedules kick-off meetings for the A&A process for each system.

Review the FIPS 199 Security Categorization of the overall impact level of systems using NIST SP 800-60.

Schedules interview meetings with control owners and other stakeholders.

Review and develop System Security Plan (SSP), Configuration Management Plan (CMP), Contingency Plan (CP) and other security policy documentation.

Performs security assessment by testing information security controls.

Review vulnerability scans and perform analysis of results.

Examines artifacts and review control implementation status with control requirements.

Proficiency with common information security assessment tools, including CSAM, Nessus, Web Inspect, etc.

Assess security and privacy controls using the NIST SP 800-53A Rev4 publication guideline.

Advises the Agency on any assessment and authorization issues.

Reviews security policy documents and makes recommendations on documentation compliance.

Creates POA&Ms and determines milestones for each finding.

U.S Army (DC National Guard) May 2019 – Present

Security Analyst

Key support areas include program management, transition planning, process re-engineering, capacity planning, IT acquisitions management and impact analysis for assigned customers.

Reports directly to the company commander surrounding the new client operational backup and disaster recovery including software and hardware vendor reviews, analyzing current disaster recovery methodologies, and executing daily operations.

Maintenance of network, hardware, and software.

Provides customer and network administration services.

Improved productivity initiatives while coordinating itineraries and scheduling appointments.

Prepared monthly, weekly, and daily logs using Microsoft Office Suite for my supervisors.

Administer compensation, benefits, and performance management systems and safety and recreation programs.

Performs various administrative functions, including filing paperwork, delivering mail, sorting mail, office cleaning, and bookkeeping.

Constructs, edits, and test computer programs.

ABLEVETS (VA) (CONTRACTOR) July 2018– May 2020

IT Security & Compliance Analyst

Developed IT audit methodology and compliance requirements for clients, as well as designed, documented, and implemented control framework for IT processes and infrastructure.

Experience in cloud Computing Security Requirements Guide (SRG).

Collaborated with 3PAO’s to prepare application materials demonstrating that the organization meets both technical competencies in the security assessment of cloud systems and management requirements for organizations performing inspections.

Knowledge of current security threats, techniques, and landscape for on-premises and Hybrid cloud-hosted systems and services

Part of the remediation efforts, to support various compliance and regulation requirements (HIPAA, FedRAMP, NIST 800, and ISO 27000 series) for a variety of clients. Conduct security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented.

Planned, executed, and led IT general and application controls reviews, IT security and governance reviews, controls optimization, and Business Process and Database security controls reviews.

Monitored new and emerging internal control-related guidance and issues and assist with facilitating group-wide training to interested and impacted stakeholders.

Conducted the performance of audit procedures, including identifying and defining issues, developing criteria, reviewing, and analyzing evidence, and documenting processes and procedures.

Performed IT risk assessments, reviewed system access, segregation of duties, and documentation of controls and processes; assisted IT management and business owners to enhance internal controls as needed. Identified threats, vulnerabilities, and risks.

Managed and executed information systems and security audits, including application, platform, and general IT controls.

Documented internal audit and IT security resources to design, implement, and test IT controls.

Education: University of Cape Coast (Ghana) - Bachelor of Education Arts.

Westen Governors University - Bachelor of Science, Information Technology

Contact this candidate