Information Systems Security

SAMUEL NII ODARTEY LAMPTEY

443-***-**** *************@*****.***

OBJECTIVE

An experienced Information Systems Security Officer (ISSO) with experience in managing and protecting enterprise information systems, networks, operational processes through the Security Assessment & Authorization (SA&A) process in pursuit of information system authorization. Also, possess the skill set to develop and implement information security policies, identify, report, and resolve security violations as relate to infrastructure technologies and functionalities with proven ability to utilize industry-standards/frameworks (not limited to NIST, RMF, FISMA, FedRAMP) to maximize efficiency and maintain continual effectiveness in a rapidly evolving industry.

CORE PROFICIENCIES

Assessment and Authorization (A&A) process

Plan of Action and Milestones (POA&M) Management

System Documentation (SSP, CP, CM, PTA)

Security Control Assessments (SAP & SAR)

Information Security Continuous Monitoring (ISCM)

Vulnerability Management (ACAS)

TRAINING & CERTIFICATIONS

CompTIA Security+

CISM – Certified Information Security Manager

CISA – Certified Information Security Auditor (pending)

EDUCATION

Per Scholas 2018

Cyber Security Boot Camp (Networking, FISMA RMF, & Security)

University of Ghana (Legon) 2015

Bachelor Of Science

PROFESSIONAL EXPERIENCE

CyberVision Technologies, LLC

Information Systems Security Officer ( ISSO) 12/2021 - Current

Work with system stakeholders to develop and update A&A documentation for assigned systems in accordance with FISMA and other regulatory requirements

Conduct security test and evaluated (ST&Es) and developed supporting documentation of test results

Perform security control assessments (SCA) for systems to determine their effectiveness using NIST SP 800-53A Rev4 (Examine, Interview, and Test).

Document and finalize Security Assessment Report (SAR)

Help to develop and maintain ATO packages such the System Security Plans (SSP), Security Assessment Reports (SAR), and POA&Ms

Provide continuous monitoring support for assigned systems to maintain the ATO status

Manage Plan of Action and Milestones (POA&M) for identified vulnerabilities to ensure timely remediation actions in compliance with FISMA requirements

Review Artifacts to verify and validate security controls implementation statements

Priority Dispatch. 11/2018 - 12/2021

Security Control Assessor (SCA)

Create standard templates for required security assessment and authorization documents

Provided subject matter expertise with the development of security policy documentation that follows Federal Information Security Management (FISMA) requirements, and National Institute of Standards and Technology (NIST)

Conducted risk assessments regularly; ensured measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37

Conduct security assessments by reviewing System Security Plan (SSP) to create Kick-Off presentation slides

Assessed security controls in accordance with assessment procedures defined in the Security Assessment Plan (SAP) through examination, interviews, and testing

Prepared and delivered security assessment report (SAR) to the ISSO and other stakeholders.

Conducted regular annual assessments for on-prem and cloud based systems to determine the weakness in the infrastructure (hardware), application (software) and people.

Performed Vulnerability Assessment to make sure that risks are assessed, evaluated and proper actions been taken to limit their impact on the Information and Information Systems

TOOLS

Microsoft Office (Word, Excel, PowerPoint, Teams)

Google Workspace/Drive

GRC Tools (eMASS pilot)

Vulnerability Tool (ACAS, Nessus)

SCAP, DISA STIG Viewer

SharePoint

Contact this candidate