Shiela Acheampong

Laurel, MD Email: ad2twn@r.postjobfree.com Tel: 202-***-****

Public Trust

CAREER SUMMARY

Certified Cyber Security and IT Security professional, with experience in Risk Management Framework process. An insightful, results-driven IT Security Analyst with years of experience developing and implementing security solutions in fast paced environments. Adept in Security and privacy Control Assessment with proven history of delivering exceptional risk management support. Skilled in assembling authorization packages using documents like NIST 800 series, FIPS 199 and FIPS 200, FedRAMP, OMB, FISMA and industry best standard.

KEY SKILLS

●Compliance & Governance

●Risk Management Framework (RMF)

●NIST Publications

●Vulnerability Analysis

●Authentication and Access Control

●FISMA and FedRAMP Process

●Assessment & Authorization

●POA&M Management

●Policy & Procedures

●Continuous Monitoring

●SSP Reviews

CERTIFICATIONS

SECURITY+

CISA

/FRAMEWORK/APPLICATION SUMMARY

FISMA, FIPS 199, Project Management, NIST standard, Risk Management Framework, Information Assurance, Identity & Access management, Information management, NIST, SP 800-53, SP 800-53A, SP 800-37, FIPS, FISMA, Risk Management Framework (RMF), FIPS-199, PTA, PIA, RA, SSP, CP, RTM, SAR, POA&M, ATO, ISA, MOU, Security Compliance Access, Windows, Word, Excel, and PowerPoint.

EDUCATION

Master in Business Administration 2011-2013.

Strayer University

Bachelor of Science 2005-2009

Georgia State University

Associate in Health Diploma 2004 - 2005

Gwinnett-Technical College

PROFESSIONAL EXPERIENCE

Date – 12/2021 - Present

Security Control Assessor Woodbridge, VA

ZILLA GROUP

●Examine, interview and test controls in accordance with NIST SP 800-53A guidelines and documented test procedure and results in RTM.

●Experience testing controls at the control levels and at the determine-if levels as in FedRAMP assessments.

●Participate in client interviews to determine the security posture of the System.

●Conduct security assessment interviews to determine the Security posture of the System.

●Participate in client kick-off meetings.

●Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST 800-53A as a guide.

●Assess security controls to determine if they are properly implemented, working as intended and producing the desired results.

●Conduct Risk analysis and Assessment, provided recommendations for remediation or mitigation

●Assist in documenting assessment findings in a Security Assessment Report (SAR) and create Plan of Action and Milestone (POA&M) to trace corrective action to resolve vulnerabilities and findings for the client.

Date: 03/2019-09/21 Lanham, MD

IT Security Analyst

TighTech Consulting

●Maintained and ensured implementation of applicable RMF based documentation, policy, and controls

●Supported the creation, monitoring, and updating the status of POA&Ms to ensure weaknesses are resolved in accordance with their scheduled completion dates.

●Supported the creation of Waivers or Risk Acceptance Memos to assist in the effective management of system risks.

●Conducted vulnerability scan analysis and documented findings on a POA&M for effective management.

●Performed system Assessment and Authorization planning and testing and liaison activities; supports secure systems operations and maintenance.

●Created or updated the System Security Plan and conducted an Annual Self-Assessment.

●Conducted Systems Risk Assessment through Risk Analysis assess the various Assets within the U.S Bank

Date: 2014-2018

Data Analyst

Nordstrom, Seattle, WA

●Collaborated with clients and team members to fully grasp and address visualization requirements.

●systems boundaries and rigorously identify all the possible vulnerabilities that exist within the system.

●Ensured that assigned information systems are operated, maintained, and disposed of in accordance with approved security policies and practices.

●Ensured that system security requirements are addressed during all phases of the IS lifecycle

●Conducted security audits on IT Infrastructure and policies, including, including firewall, access management, user authentication, and risk mitigation.

●Attended meetings with the cybersecurity team to discuss potential security threats and identify opportunities to enhance information security measures for users on the portal.

Date: 2011-2014

Columbia, MD

Credentialing Specialist

●Compiled and maintained current and accurate data for all providers.

●Completed provider credentialing and recredentialing applications.

●Monitored applications and follows-up as needed.

●Maintained copies of current state licenses, DEA certificates.

●Maintained corporate provider contract files

●(George Town Hospital)

●Handled inquiries and patient intake.

●Entered and verified the patient's demographics.

●Performed patient insurance data entry.

●Performed patient insurance verification.

●Knowledge of medical / imaging terminology.

●Strong organization abilities and attention to detail.

References

Available Upon Request

Contact this candidate