Richard Bossman

New York, NY 929-***-**** ad2nte@r.postjobfree.com www.linkedin.com/in/richardkbossman U. S Citizen

Information Systems Security Officer/Security Controls Assessor/ RMF Analyst

Information Security Control Analyst Cybersecurity Analyst

Dedicated and detail-oriented IT Security Analyst with over 8+ years of experience in Cybersecurity,

Risk Assessments/Audits, and mitigation. Experienced in identifying and remediating

vulnerabilities; eliminating critical control gaps and driving strategic security initiatives, expertise in Ostrich Cyber Product, Collaborative team player and natural leader with proven success coaching junior analysts,

meeting tight deadlines, and establishing improved processes.

CORE STRENGTHS

Information Security Risk Analysis & Remediation Security Controls Assessments

Compliance

Plans of Action and Milestones (POA&Ms) Vendor Partnerships Security Awareness

Documentation

Team Leadership Security Artifacts SDLC Vulnerability Scans & Tests Stakeholder

Engagement Governance Network Operations Coaching/Mentoring Reporting

Security

Information and Event Mgmt Identity Access Management System Vulnerability Testing

Threat Analysis Cryptology/Steganography Encryption/Decryption Digital Forensic

Analysis Enterprise Key Management Network Security Firewalls Penetration Testing

Incident plans responds and putting up mitigation measures

PROFESSIONAL EXPERIENCE

Information System Security Officer ISSO, Cyberrisk Beyond Solutions, AL ( July 2022 to Date)

Coordinating, executing, and supporting cybersecurity assessment & authorization (A&A) activities such as risk management, business continuity, threat detection and prevention, incident response and management, auditing, vulnerability management support, and authorizing/coordinating of system security documentation.

Facilitate, perform, and manage actions necessary to maintain system and capability accreditation status in accordance with DFARS, NIST 800-53 and 800-171, including scanning, auditing, and authoring/coordinating security accreditation-related documentation.

Provide advice and assistance on cyber security for corporate development and system maintenance, projects monitoring, system authorization, status of segment components, authorizing and coordinating related documentation.

Review and advise on security aspects of corporate policy, procedures and development.

Present system maintenance and authorization status, and potential issues to corporate leadership when necessary.

Assist in the creation and maintenance of A&A packages, System Security Plans (SSP), Risk Assessment Reports (RARs), Security Controls Traceability Matrices (SCTMs) and Plans of Action & Milestone (POA&Ms) for all corporate systems.

Assist the ISSM in establishing and administering appropriate security system Policy standards, and procedures in compliance with applicable gouvernement and corporate directives, guidelines, and any customer contractual obligations.

Conduct regular audits in accordance with corporate compliance policies and guidance.

Assist in providing Continuous Monitoring activities for security-relevant information system software, hardware, and firmware.

Assist in the investigations of information system security violations and assist in the preparation of reports with corrective actions and preventative measures.

Proven experience and expertise in Ostrich Cyber products.

Strong background in risk management and governance.

Excellent analytical and problem-solving skills.

FISMA Security Compliance Analyst, CyberTech, PA (February 2019 to June 2022)

Worked with a team of Information Security Owners, Developers and System Engineers to ensure proper system categorization using NIST 800-60 and FIPS 199 and determined if the system required PTA or PIA.

Selected and tailored security controls to safeguard system information using NIST SP 800-53 and FIPS 200.

Conducted assessments of security controls on various impact systems in accordance with agency guidelines to ensure compliance with NIST 800-53A, 800-171A, ISO 27001/2.

Liaised with system owners to develop, test, and train on contingency plans and incident response plans.

Prepared and updated security authorization documentation including security plan, risk assessment, contingency plan, privacy impact analysis

Documented NIST 800-53A, 800-171A, ISO 27001/2 security control compliance findings within Security Assessment Reports (SARs)

Conducted security assessment interviews to determine the security posture of the System and to develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain company’s Authorization to Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.

Reviewed and updated remediation on plan of action and milestones (POA&Ms), in organization's Cyber Security and Management (CSAM) system. Work with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M.

Ensured that adequate controls are maintained for SOX, HIPAA, and NIST regulations.

Maintained and monitored IT security practices to protect the confidentiality, integrity, and availability of data.

Developed, implemented, maintained, and oversaw enforcement of security policies.

Assessed network intrusion detection systems IDS/IPS and artifacts including logs, system images and packet captured (SIEM) to enable mitigation of network incidents.

Tested, assessed, and documented security control effectiveness. Collected evidence, interviewed personnel, and examined records to evaluate effectiveness of controls.

IT Security Analyst, Northwell Health, NY (August 2017 to January 2019)

Analyse management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards in order to validate maintenance of secure configurations.

Map Digital Realty requirements and regulatory requirements across the information security framework to identify overlapping requirements and compliance efficiency.

Plan and / or perform security controls assessments for customer systems in accordance with NIST SP 800-53 and NIST SP 800-53A, using processes, guidance and methods to support the customers authority to operate process, or its annual assessment process. Activities include control assessment (Interview & Examination, physical security walk through and / or technical vulnerability testing), interagency participation, and table-top scenarios.

Develop and maintain standard processes to assist Information System Security Officers (ISSO) and Information System Owners (ISO) with security control implementation for information system.

Assist with identification and remediation of related security Plan of Action & Milestones (PO&AMS). Identify existing and / or potential system security weaknesses as a result of the assessments, including personnel controls, training, incident and emergency response, logical security controls, physical security controls, operational security and integrity

enterprise compliance across multiple security frameworks including SOC 2, NIST and ISO and maintain up-to-date records of requirements and corresponding mitigating controls.

Monitor third-party risk assessments and assist in performing internal risk assessments.

Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.

Security Controls Assessor, New Horizon Security Service, TX (February 2015 to July 2017)

comprehensive assessments of the management, operational, and technical security controls.

Assessment of control enhancements employed within, or inherited by information technology (IT) systems, to determine the overall effectiveness of the controls (as defined in NIST SP 800-37 ).

Perform and evaluate continuous monitoring of Information Technology (IT) assets

Support NIST, Risk Assessment, HIPAA project initiatives by undertaking risk assessments, advising on implementation of security measures, recommending appropriate risk mitigations, interpreting security policy and standards in the context of projects and business scenarios to help the business operate securely.

Assess existing controls to determine level of compliance to HIPAA, NIST and FedRAMP. Inclusive of: their maturity, state of compliance, and the risk associated with any findings.

Execute security control assessment plan by following provided assessment procedures, collecting, and analyzing evidence, and documenting steps taken, and findings documented.

Update System Security Plan with actual control implementation determined during assessment.

Develop Security Assessment Reports for management staff providing residual risk statement, impact, and suggested corrective actions.

Use NIST SP 800-53, “Security and Privacy Controls for Information Systems and Organizations”, to assess information security controls for compliance.

Junior Cybersecurity Analyst, Mount Sinai South Nassau, Ocean Side NY (March 2013 to January 2015)

Maintain records of security monitoring and incident response activities.

Work with System and Network administrators to create, modify, and update IDS, IPS, and SIEM rules.

Reviewed System logs with Splunk to identify and investigate suspicious activities.

Performing vulnerability scanning using Nessus and documenting the vulnerability results in a risk register and managed them.

EDUCATION/CERTIFICATIONS

- Bachelor – University of Education Winneba

- Associate Degree in Cyber Security – New York University

- CompTIA Security+

- CompTIA Network+

- Certified Information System Auditor (CISA)

Contact this candidate