Risk Management Supply Chain
Resume:
Kwabena A. Boakye
Washington, DC 267-***-**** *************@*******.***
OBJECTIVE
Information Technology professional with over Seven (7) plus years of experience in implementing risk management framework and supply chain risk management. Adept at the application and integration of interpersonal skills and experience to ensure good security posture of the organizations information system. I am seeking an information technology position which will allow me to apply technical experiences in information systems to help achieve organization-wide security goals and objectives.
SUMMARY OF QUALIFICATIONS & EXPERIENCE
•Adept knowledge in Risk Assessment, Risk Management Framework (RMF) which outlines the 6 Steps to Risk Management Process for Federal Information Systems. Experience and knowledge in Supply Chain Risk Management (SCRM) Assessment of Vendors and Systems and policies.
•Experience with NIST 800 SPs to include but not limited to NIST SPs 800-18, 800-30, 800-37, 800-53 & 53A-B, 800-60, FIPS (199 & 200), 800-161, 800-137, 800-171, 800-218, FAR, DFARS, EO 14028, 15 CFR 7, OMB M-22-18 (M-23-16), FISMA regulations
•Risk Identification, Assessment, and Mitigation
•Information and Communications Technology (ICT) SCRM, SCRM initial Policy Development, and quantitative and qualitative metrics / Key Performance Indicators (KPIs).
•Secure Supply Chain Risk Management Reviews and Assessments
•NDAA Section 889 Part A and Part B, 15 CFR 7
•Counterfeit Fraud Detection
•Experienced with Performing Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders.
•Experience with NIST 800-171 -Controlled Unclassified Information (CUI)
•Experienced in the performance of risk assessment and risk management to ensure compliance to FISMA requirements.
•Adept in the development of System Security Plans (SSP), Security Assessment Report (SAR), Disaster Recovery Plans, Incident Response Plans, and Configuration Management
•Assess policy needs to govern IT activities.
•Plans, System Security Checklists, Privacy Impact Assessments, Security Plan of Action, and Milestones (POA&M).
•Experienced with working face-to-face with multiple stakeholders, interviewing, planning, and participating in a team effort to bring multiple complex projects to execution in a highly motivated environment.
•Working knowledge of Windows OS, MS Office, Vulnerability Assessment tools (Nessus) McAfee Virus Scan Enterprise, Share Point, Excel, Nessus
•Adept at the use of OSINT FRAMEWORK, MITRE ATTACK FRAMEWORK for intelligence and vulnerability assessments
EDUCATION
Pharm D. (Doctor Of Pharmacy) - 2006
Temple Univ. School Of Pharmacy
BS in Chemistry~2002
North Carolina Wesleyan College, Rocky Mount NC
Minor - Computer Science
PROFESSIONAL CERTIFICATIONS
CompTIA Security+ CE
Certified Information Security Manager -CISM
Clearance: Top Secret
PROFESSIONAL EXPERIENCE
US Department of Education
Sugpiat Defense LLC 10/02/2022-Present
Supply Chain Risk Management (SCRM) Senior Analyst
•Conducted Supply Chain Risk Assessment (SCRA)
•Rapid Vendor Assessment
•Moderate & HVA Assessments
•Deep Dive Risk Assessments
•Security Assessment Team (SAT) Team Assessments
•Quarterly reports for Ongoing Security Assessments & Authorization (OSA).
•Collect and analyze of Secure Software Development Framework (SSDF) Attestations
•Conduct counterfeit Detection
•Developed an SCRM Continuous Monitoring Plan
•Update policies, processes, procedures, and training requirements as identified by ICT SCRM program manager.
•Collects supply chain treat and risk information, fuses open-source intelligence (OSINT) to identify supply chain threats and risk exposure and report to Mission/Business stakeholders
•Research, develop, and draft solutions in Supply Chain Risk Management (SCRM)
•Support qualitative and quantitative metric analysis, threat analysis, and a comprehensive supply chain risk analysis to uncover patterns within complex multi-variable data
•Collect, analyze, and deliver intelligence information
Just Here LLC. 08/2018 – 09/30/2022
Information System Security Officer
•Initiated and developed System Security Plans using CSAM.
•Initiated and maintained Risk Management Framework (RMF) for all client systems and manages the process through assessment and authorization.
•Managed security systems and analyzed potential threats and vulnerabilities to client systems.
•Provides expert level security analysis services for product, system, and network architecture designs.
•Analyzed Assured Compliance Assessment Solution (ACAS) scan results and reports and develop and document mitigations and remediation for open findings.
•Conducted Annual FISMA Reporting Requirements for all IT systems.
•Developed and maintained plan of actions and milestones for all client systems.
•Processed and obtained Authority to Operate (ATO) certifications for tactical systems.
•Developed and maintained all Assess and Authorize artifacts for multiple systems and facilitated the processing of Authority to Operate documentation.
•Developed and maintained Security Classification Guides, Delegation of Disclosure Authority Letters, Program Protection Plans, System Security Plans, and Technology Assessment and Control Plans.
•Captured and refine information security requirements for new systems or for enhanced functionality on existing system and ensure that the requirements are effectively integrated into information systems throughout the System Development Life Cycle (SDLC)
•Performed system security categorization using FIPPS 199 and NIST 800-60 in compliance with FISMA requirement.
•Reviewed and updated some of the system categorization using FIPS 199, Initial Risk Assessment, E-authentication, PTA, PIA, & POA&M.
•Documented and reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.
•Monitored controls post authorization to ensure continuous compliance with the security requirement.
•Utilized processes within the Security Assessment and Authorization environment such as system security categorization, development of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring.
Hermes Acquisitions & Logistics 02/2017-06/2018 Information Security Analyst
•Assisted in conducting the Security Control Assessment meeting (SCA) Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A.
•Performed data gathering techniques (e.g., questionnaires, interviews, and document reviews) in preparation for assembling C&A/A&A packages
•Worked with Certification and Accreditation team; performed risk assessment; updated System Security Plan (SSP), contingency plan (CP), Privacy Impact Assessment (PIA)
•Updated Plan of Action & Milestones (POA&M) and Risk Assessment based on findings assessed through monthly updates.
•Developed and updated security authorization packages in accordance with the client’s requirement and compliant with FISMA. Core documents that the candidate will be responsible for are the System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
•Developed and maintained the Plan of Action and Milestones and supported remediation activities.
•Validated that protective measures for physical security are in place to support the system's security requirements.
•Maintained an inventory of hardware and software for the information system.
•Performed risk analyses to determine cost-effective and essential safeguards
•Supported Incident Response and Contingency activities.
•Conducted Independent scans of the application, network, and database (where required).
•Provided continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner.
Contact this candidate