Resume

Information Security Systems

Location:

Secaucus, NJ

Posted:

January 14, 2024

Contact this candidate

Resume:

Audrey Boatemaa Addai

***** ******* **, ********, **, 20109

Phone: 703-***-****, Email: ad2raz@r.postjobfree.com

Professional Summary:

Results-oriented Cyber Security Professional with experience in information technology, including data monitoring, threat detection and response, threat analysis, and security control implementation and assessment. Adept at working with system stakeholders in the development and implementation of information security strategies required to protect enterprise information systems, networks, data, and operational processes through the Security Assessment & Authorization (SA&A), using industry based standards such as NIST, FISMA, OMB, RMF, and FedRAMP, process. Strong background in Governance, Risk

Management, and Compliance requirements and well-versed in installing, configuring, and deploying next-generation Cyber Security tools.

AREAS OF EXPERTISE

•Security Assessment & Authorization • FedRamp

•Third Party Risk Management • ServiceNow Security

•Policy and Process Development • Risk Management Framework

•Security Planning • Cloud Security

•Incident Response • Business Continuity and Disaster Recovery planning

•Risk Assessments • IT general Controls (ITGC) Auditing

•Vulnerability Management • Splunk

•FISMA Act 2002

•NIST SP 800-Series

•Tenable Nessus Scanning

•ISO 2700X

Education and Certifications:

•Strayer University, VA – BSc. Business Administration

•CISA (Certified Information Systems Auditor)

•CISM (Certified Information Systems Manager)

•Information security Audit and Compliance Training – Coursera 06/2016

SIEM TECHNOLOGIES & Tools

•Nessus

•Splunk

•Wireshark

Core Skills:

•Provide FedRAMP Authorization to Operate (ATO) support for Workday public cloud deployment following FedRAMP and NIST guidelines.

•Liaise with external auditors and internal control owners to support various internal and external audits/assessments such as FedRAMP, ISO 27001

•Manage the creation and update of security documentation for FedRAMP Moderate environment such as (System Security Plan (SSP), SSP Attachments, Policies and Procedures.

•Performed comprehensive assessments and wrote reviews of management, operational and technical security controls for audited applications and information systems.

•Used checkpoint Firewall Analyzer to access predefined Checkpoint firewall reports that help with analyzing bandwidth usage and understanding security and network activities.

•Analyze reports and archive logs from Check Point Firewalls.

•Develop and execute Cloud (AWS) Information Security strategy to proactively identify risk and drive remediation.

•Improve the efficiency of information security processes and advance the effectiveness of the information security controls of the AWS cloud operating model.

•Participates in Incident Response activities in coordination with other teams as necessary, Reviewing and editing event correlation rules, performing triage on these alerts by determining their criticality and scope of impact, evaluating attribution and adversary details.

•Develop and conduct Security Control Assessments (formally ST&E) per NIST SP 800-53A and NIST SP 800-53R4

•Over 5 years of experience in system security monitoring, auditing and evaluation, C&A and Risk Assessment of GSS (General Support Systems) and MA (Major Applications)

•Performed Certification and Accreditation documentation in compliance with company standards.

•Developed, reviewed and evaluated System Security Plans based on NIST Special Publications

•Compiled data to complete Residual Risk Report and to insert contents into POA&Ms

•Security Life Cycle and Vulnerability Management, using FISMA and applicable NIST standards.

PROFESSIONAL EXPERIENCE:

Third Party Security Risk and Privacy Analyst

GeekView Tek Solutions, Frederick MD 07/2021 - Present

•Schedule kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.

•Conduct formal end-to-end Vendor Security Risk Assessments (review of questionnaires, third-party security audit reports, and artifacts).

•Review new/existing third-party services and data in the scope of the assessment and analyze engagement risk rating.

•Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide.

•Work together with the TPRM team and stakeholders to review the assessment and escalate any issues.

•Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A Rev 4.

•Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination and testing.

•Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.

•Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool.

•(CSAM) Request scans and later review the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.

•Develop documentation [FIPs 199, FIPs 200, PTA, PIA, e-authentication on new or existing systems.

•Provide system/equipment/specialized training and technical guidance.

•Serve as liaison with clients, participating in meetings to ensure client needs are met.

•Independently research and collaborate with teams to develop knowledge regarding the environment.

•take on leading roles within the team and effectively train team members based on inherent knowledge.

ISSO (Information System Security Officer)

AGO Worldwide Consulting., Severn, MD 09/2018– 07/2021

•Provide responses to data calls and all audit requests by due dates and Maintain tracking reports and central repository of data call artefacts.

•Prepare and document System's ATO Brief for submission to Authorizing Official (AO) for his adjudication to grant ATO to a new system or for the existing system to continue operation.

•Schedule, track and manage the monthly and quarterly POA&M review process. Coordinates meetings and tasking with System Owners (SOs), Information System Security Officers (ISSOs) and support remediation of opened POA&M items

•Review Information System Security Policies and Procedures, System Security Plans (SSPs), and Security baselines in accordance with NIST, FISMA, OMB App III A-130, and industry best security practices

•Assess Security Controls through document review, interview, and test procedures to ensure compliance with FISMA, and NIST SP 800-53A Rev 1

•Conducting in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.

•Providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.

•Review and validate vulnerability scan results at the operating system (OS) and application level and work with stake holders to architect and implement mitigations.

•Monitor and analyze Security Information and Event Management (SIEM) alerts to identify security issues for remediation and investigate events and incidents.

•Using wide variety of tools such as Splunk, Cisco Firepower, Symantec, Checkpoint Endpoint Security, etc. to identify, prioritize, and manage potential security incidents.

•Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).

•Create and update the Security Assessment Report (SAR) in compliance with NIST and FISMA regulations.

•Assist in the coordination and implementation of major detection enhancements to SOC analytics.

•Provide security management, process engineering and operations management to a Security Operations Centre.

Security Control Assessor 03/2017 - 09/2018

Henry Mensah CPA LLC