GEORGE MENSAH

Pelham, AL 205-***-**** ad2yve@r.postjobfree.com

Information Systems Security Officer/Security Controls Assessor/ RMF Analyst

Data driven and goal oriented Cybersecurity professional with 10 years experience in Privacy and Data Security Management & Operations, Vulnerability Scanning, Certification and Accreditation (A&A), Project Management, NIST 800 - 53 Rev1 and rev4 and NIST SP 800-37 rev 1, 800-18, 800-53A rev4 and 800-34,FIPS, FISMA Security Content Automation Protocol, NIST Family of Security Control, FedRAMP Security Assessment Framework, POA&M, Incident and Contingency Planning.Worked in different capacities as Information Systems Security Officer, Security Control Assessor and Third party Risk Analyst. Adaptable and transformational leader with ability to work individually or as a team player in achieving organizational goals.

PROFESSIONAL EXPERIENCE

Information System Security Officer ISSO, Cyberrisk Beyond Solutions, AL ( June 2019 to December 2023)

Coordinating, executing, and supporting cybersecurity assessment & authorization (A&A) activities such as risk management, business continuity, threat detection and prevention, incident response and management, auditing, vulnerability management support, and authoring/coordinating of system security documentation.

Facilitate, perform, and manage actions necessary to maintain system and capability accreditation status in accordance with DFARS, NIST 800-53 and 800-171, including scanning, auditing, and authoring/coordinating security accreditation-related documentation.

Provide advice and assistance on cyber security for corporate development and system maintenance projects, monitoring system authorization status of segment components, authoring and coordinating related documentation.

Review and advise on security aspects of corporate policy, procedures, and development.

Present system maintenance and authorization status, and potential issues to corporate leadership when necessary.

Assist in the creation and maintenance of A&A packages, System Security Plans (SSPs), Risk Assessment Reports (RARs), Security Controls Traceability Matrices (SCTMs) and Plans of Action & Milestones (POA&Ms) for all corporate systems.

Assist the ISSM in establishing and administering appropriate security systems, policies, standards, and procedures in compliance with applicable government and corporate directives, guidelines, and any customer contractual obligations.

Conduct regular audits in accordance with corporate compliance policies and guidance.

Assist in providing Continuous Monitoring activities for security-relevant information system software, hardware, and firmware.

Assist in the investigations of information system security violations and assist in the preparation of reports with corrective actions and preventative measures.

Verify that all Information System authorization documentation is current and accessible to authorized individuals.

Security Controls Assessor, Baylor Scott and White Hospital, TX ( July 2016 to May 2019)

Support NIST, Risk Assessment, HIPAA project initiatives by undertaking risk assessments, advising on implementation of security measures, recommending appropriate risk mitigations, interpreting security policy and standards in the context of projects and business scenarios to help the business operate securely.

Assess existing controls to determine level of compliance to HIPAA, NIST and FedRAMP. Inclusive of: their maturity, state of compliance, and the risk associated with any findings.

Execute security control assessment plan by following provided assessment procedures, collecting, and analyzing evidence, and documenting steps taken, and findings documented.

Update System Security Plan with actual control implementation determined during assessment.

Develop Security Assessment Reports for management staff providing residual risk statement, impact, and suggested corrective actions.

Use NIST SP 800-53, “Security and Privacy Controls for Information Systems and Organizations”, to assess information security controls for compliance.

Conduct independent comprehensive assessments of the management, operational, and technical security controls.

Assessment of control enhancements employed within, or inherited by information technology (IT) systems, to determine the overall effectiveness of the controls (as defined in NIST SP 800-37 ).

Perform and evaluate continuous monitoring of Information Technology (IT) assets

IT Security Analyst, New Horizon Security Services, TX (September 2014 to June 2018)

Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards in order to validate maintenance of secure configurations.

Map Digital Realty requirements and regulatory requirements across the information security framework to identify overlapping requirements and compliance efficiency.

Plan and / or perform security controls assessments for customer systems in accordance with NIST SP 800-53 and NIST SP 800-53A, using processes, guidance and methods to support the customers authority to operate process, or its annual assessment process. Activities include control assessment (Interview & Examination, physical security walkthroughs 2and / or technical vulnerability testing), interagency participation, and table-top scenarios.

Develop and maintain standard processes to assist Information System Security Officers (ISSO) and Information System Owners (ISO) with security control implementation for information system.

Assist with identification and remediation of related security Plan of Action & Milestones (PO&AMS). Identify existing and / or potential system security weaknesses as a result of the assessments, including personnel controls, training, incident and emergency response, logical security controls, physical security controls, operational security and integrity of software applications and data.

Track enterprise compliance across multiple security frameworks including SOC 2, NIST and ISO and maintain up-to-date records of requirements and corresponding mitigating controls.

Monitor third-party risk assessments and assist in performing internal risk assessments.

Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.

Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance group.

Performing vulnerability scanning using Nessus and documenting the vulnerability results in a risk register and managed them.

Assists in internal and external cyber security audits

Shares key examination findings to help organizations limit security risks and comply with laws relating to securing customer financial data.

Works in a consultative role to help organizations securely navigate an evolving information technology (IT) environment and stay compliant with applicable laws and regulations.

.

EDUCATION

Bachelor of Science, Management Information System Faulkner University, Montgomery, Alabama (December 2007).

ompTIA Security +

Certified Information System Auditor (CISA)

Contact this candidate