Safo A. Donkor (USC)

VA *****

ad2unw@r.postjobfree.com 703-***-****

Summary:

An Information Assurance Analyst, with 5 years’ experience in Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), security life cycle, and vulnerabilities management using FISMA, Security Assessments, Information Assurance and applicable NIST standards. Organized, solutions-focused, deadline-focused, team oriented with in-depth knowledge and understanding of numerous software packages and operating systems. Specialized in providing IT security expertise and guidance in support of security assessments and continues monitoring for government (FISMA & NIST) and commercial clients. Possess active public trust clearance.

Skills:

Risk Management 5 years

Information Assurance 5 years

Information Security 5 years

Policy Analysis 5 years

Risk Assessment 5 years

Security Assessments 5 years

Cyber security 5 years

Develop and update POA&Ms 5 years.

RMF documentation. 5 years

Managing technical security Q&A team/SA&A Package Independent Validation and Verification (IV&V) 5 years

MS Excel, Power Point, SharePoint, Windows 360, Microsoft Teams, Zoom, Skype 5 years.

GRC tools: Process Unity, ServiceNow, Archer, Jira, Monday, Ripple. 5 years

Education:

MBA University of Maryland Global Campus

B.A Kwame Nkrumah University of Science and Technology 2014

Certifications:

CompTIA Security+

CISA - Certified Information Systems Auditor

Experience:

NXT Partners January 2023 – June 2023

Security Control Implementation Specialist

Creates, edits, and maintains cybersecurity compliance and implementation documentation for current and future applications.

Create and update policies, standards, and guidelines to address emerging security threats and regulatory changes.

Support internal peer review and quality assurance efforts, assemble documentation for audits and ensure that documentation is compliant with governance policies.

Design and implement security controls, procedures, and technical safeguards to ensure compliance across the organization.

Research and evaluate new documentation needed.

Develop documentation plans and timelines with the level of effort required.

Collaborate with platform analysts, project managers and subject matter experts to collect and interpret their input.

Develop and maintain an effective security compliance framework that aligns with organizational goals and objectives.

Utilize critical thinking skills to problem solve issues that arise.

Coordinate communication amongst all project team members

Collaborate with the Education Team in the design and development of training programs or project specific materials to support the workflows to be implemented.

Communicate project status amongst the team and up through project and department leadership.

Train end users on the proper use of the application

Develop best practices to be utilized for future implementations.

Ability IT Consultancy September 2019 – December 2022

Cyber Security Analyst (Federal Contractor)

Analyse and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).

Assist System Owners and ISSO in preparing Security Assessment and Authorization package for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4.

Designate systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60

Conduct Annual Self- Assessment (ASA) (NIST SP 800-53A).

Perform Vulnerability Assessment. Make sure that risks are assessed, evaluated and a proper action have been taken to limit their impact on the Information and Information Systems.

Create standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.

Ensure Systems' Plan of Action & Milestone (POA&Ms) are closed or update in a timely manner using a tracking tool CSAM.

Manage Systems’ Accounts to ensure Privilege Users Accounts are Re-certified twice a year.

Ensure Separation of Duties is enforced by reviewing all Accounts in the Windows Server Admins and Domain Admins.

Reviewed Information Assurance documentation.

Ability IT Solutions June 2016 – September 2019

Senior Cyber Assurance Analyst (Federal Contractor)

Ensured all Security Authorization documentation for assigned systems remain accurate and up to date on a continuous basis, including but not limited to accurate and valid lists of assets (hardware/software), accurate boundary diagrams, accurate ports, and protocols, etc.

Loaded and maintained all supporting artifacts and information from these documents such as appropriate for assigned systems into the DHS and USCIS repositories as designed by ISD (for example, Information Assurance Compliance Systems (IACS) and ECN.

Compiled, wrote, updated, finalized, produced, and supported activities for IT Security Common Control catalogues and related documentation including, but not limited to, Security Plans or other documents required.

Provided additional FISMA support for Chief Financial Officer (CFO) designated systems as required.

Reviewed all ISSO provided documentation for accuracy and relevancy, provide follow-up to ISSOs to ensure documents are properly completed.

Facilitated and provided continuous support to the USCIS POA&M program to include but not limited to analysis, creation, remediation plans, closure, status tracking, and overall management of System-Level and Program-Level POA&Ms in a format provided by the Government daily or as defined and directed by the Government.

Facilitated and assisted with reviews and updates to POA&M content such as breakdown of milestones as required.

Managed, maintained, and tracked all assigned tasks and duties related to POA&Ms.

Facilitate and provide continuous support for the USCIS WEAR program to include but not limited to analysis, creation, approval, status tracking, and overall management of WEARs in

relation to System-Level and Program-Level POA&Ms in a format provided by the Government on a daily, weekly, monthly basis or as defined and directed by the Government.

US Security Associates June 2015 – June 2016

IT Help Desk Support (Tier 1)

Configured and installed new devices and software; maintained the computer system.

Installed OS and common applications, diagnosed and repaired Laptop and PC Desktop,

Built and installed new devices.

Detected and resolved users’ issues on Laptop and PC desktop.

Assigned users and computers to proper groups in Active Directory. Modified configurations, utilities, software default settings.

Installation of telephone and networking equipment.

Worked directly with contracted customers to assure their satisfaction with equipment.

Provide support for software, hardware, and networking related issues. Setup and support a network consisting of wireless computers, network printers, routers, and access points.

Contact this candidate