Career Objective: Results-driven and highly motivated Risk Management Framework Analyst seeking to leverage years of acquired RMF experiences in government and commercial settings for any next generation Information Security Team, with room to further develop my skills whilst contributing to the safety of the organization. With my thorough understanding of NIST 800-53 Rev 4 and 5 security controls. Audit projects including Security Audit, RMF, PCI DSS, HIPAA, SOC 1 and SOC 2. Knowledge of the process to obtain a system ATO and requirements to maintain the ATO. An IT professional with experience in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, as well as risk assessment. Understanding of information technology concepts, cloud computing models (PaaS, SaaS, IaaS).

EDUCATION

Kwame Nkrumah University of Science and Technology September 2009-June 2013

Bachelor of Science, Logistics and Supply Chain Management

CERTIFICATION

CompTIA Security+

Certified Information Security Manager (CISM)

TECHNICAL SKILLS

NIST Guidelines Publications Certification and Accreditation (C&A) Assessment and Authorization (A&A) HIPAA & PRIVACY ACT training. PCI DSS ISO 27001 IT Security Compliance Vulnerability Assessment Network Vulnerability Scanning Information Assurance System Risk Assessment System Development Life Cycle Nessus Vulnerability Scanner ACAS HBSS SCAP Splunk SharePoint Nexpose LAN WAN NIST SP 800-53 SP 800-53A SP 800-37 NIST SP 800-171 FIPS FISMA FedRAMP Risk Management Framework (RMF) FIPS-199 PTA PIA SSP CP SAR POA&M ATO ISA, MOU/A IDS IPS Windows Archer Linux Microsoft Office NISPOM Splunk, Snort, Nessus, Tripwire, TrendMicro, Cylance PROTECT, Microsoft 365 Defender AWS and Azure Cloud Infrastructures Risk Assessment: NIST SP 800-30, Third-Party Risk Management

PROFESSIONAL EXPERIENCE

Wayfair, NJ

Risk Management Framework Analyst March 2019- Present

Developed key security standards by performing in-depth security assessment of information systems to maintain FISMA compliance by following guidelines and standards identified in NIST 800 series in facilities throughout each US state, territory, and the District of Columbia.

Developed key security standards by performing an in-depth security assessment of information systems to maintain HIPAA compliance by following guidelines and standards identified in (NIST) 800-66 in facilities throughout each US state, territory, and the District of Columbia.

Responsible for the completion of security control assessment. A Composite Report was developed detailing the results of the assessment by location along with plan of action and milestones (POA&M).

Experience with the Nessus Tool- detect Vulnerabilities that could allow unauthorized control or access to sensitive data on a system, Default passwords, a few common passwords, and blank/absent passwords on some system accounts.

Prepared Security Authorization package that included Systems Security Plan (SSP), Security Assessment plan (SAR), POA&M Report and Risk Assessment Report (RAR).

Provided support for implementing and following the federal information policies and guidelines throughout the whole certification and accreditation process for security client’s information systems (NIST SP 800 Series).

Drafted Contingency Plan (CP), Contingency Plan Test, Risk Assessment Report (RAR), Privacy Threshold Assessment (PTA), Privacy Impact Analysis (PIA), Security Assessment Report (SAR), Security Impact Analysis (SIA) and the Security Risk Traceability Matrix (SRTM).

Created detailed remediation reports and recommendations for compliance and security improvements across systems based on constant changing threats.

NU Level Information Technology October 2017 – February 2019

Information Systems Security Officer

Supported Information System Owners through Security Assessment & Authorization (SA&A) process.

Used Xcitium EDR for end point protections, incident response, and vulnerability management.

Maintained system security documentation including System Categorization, Risk Assessment, System Security Plan, System Assessment Report, System Contingency Plan, Review, approve, and provide editorial guidance on security documents.

Ensured that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.

Reviewed, analyzed, and updated security plans (SSP) using NIST SP 800-18 guidelines

Reviewed POAM and enforce timely remediation of audit issues.

Used and applied knowledge of Security Assessment & Authorization (SA&A) policies, guidelines, and regulations in the assessment of IT systems and the documentation and preparation of related documents.

Professional reference: Will be furnished upon request.

Contact this candidate