Ophelia Agyeman-Duah

Frederick, MD Phone: 317-***-**** • Email:ad4w8z@r.postjobfree.com

Professional Summary

A Cybersecurity professional who champions system security commensurate with an organization’s mission and risk tolerance while meeting legal and regulatory requirements and has demonstrated thorough expertise in security control implementation, assessment, authorizations, and POA&M management. Extensive knowledge of Nist publications 800-30, 800-37, 800-53 rev 4 and rev 5 FIPS 199/200. Risk Management Framework (RMF) methodologies, Privacy/Compliance, and Continuous monitoring security strategies. Great communication and customer service skills. Proven ability to, solve problems creatively, and make strategic decisions in fast paced environments that are beneficial for clients.

Education and Certification

University Of Ghana

2004- BA English Language and Linguistics

CompTIA Advanced Security Practitioner (CASP+)

Technical Skills

NIST SP 800 series, FedRAMP, Third Party Risk, service Now, Test Result Controls, Access Control

Management, FIPs 199/200, Contingency Plan, SAP/SAR, System Security Plan, Policy Review,

Continuous Monitoring, Artifacts gathering, PTA/PIA, ROB,SORN, Nessus, Risk Assessment,

POAM Management, Security Test and Evaluation (ST&E)

RMF (Risk Management Framework), ISO 2700X, Data Security and Privacy

Professional Experience

ISSO (Information System Security Officer) April 2021 – Present

H.M CPA LLC, Hartford CT

•Prepare and document System’s ATO brief for submission to Authorizing Official (AO) for his adjudication to grant ATO to a new system or for the existing system to continue to operate.

•Schedule, track and manage the monthly and quarterly POA&M review process. Coordinates meeting and tasking with system Owners (SOs), Information System Security Officers (ISSOs) and support remediation of opened POA&M items.

•Review Information System Security Policies and Procedures, System Security Plans (SSPs), Security baselines in accordance with NIST, FISMA,OMB App III A-130, and industry best security practices.

•Assess Security Controls through document review, interview, and test procedures to ensure compliance with FISMA and NIST 800-53 A Rev 4

•Create and update the Security Assessment Report (SAR) in compliance with NIST and FISMA regulation.

•Analyze and update System Security Plan(SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and evaluation (ST&E) and the POA&Ms.

Security Control Assessor

ISSO( Information System Security Officer) March2019 – April 2021

Ago Worldwide consulting, Severn, MD

•Reviewed SOC reports, penetration test report, vulnerability scan reports, business continuity plan, disaster recovery and incidence response plans as supporting evidence backing up the information security questionnaire.

•Partnered with key stakeholders to research reviews and document risk and controls, including risk associated with new or modified products, services, distribution channels, regulations, and third-party operations.

•Evaluated, monitored, and reported on the adequacy of artifacts provided to evidence remediation of issues, audit findings and regulatory requirements.

•Responded to security questionnaires and inquiries related to the company’s compliance program.

•Analyze, build and update System Security Plan(SSP), Privacy Threshold Analysis (PTA), Privacy Impact Assessment(PIA) and POA&M management

Information Security Analyst February 2018 – March 2019

Geekview Tek Solutions Frederick, MD

•Collaborate with a team of assessors to conduct security control assessments on all enterprise in scope assets to ensure they were compliant with PCI-DSS, HIPPA, ISO, and NIST regulatory frameworks.

•Schedule meetings with the Senior Assessors, ISSO, and various system owners.

•Ensure all discussed items are accurately logged in the meeting minutes for recording keeping and tracking purposes.

•Assist in the development, maintenance, and revision of policies, standards, procedures, and guidelines of security programs.

•Work with a team of Information System Owners, Developers and System Engineers to select and implement tailored security controls in safeguarding system information.

•Review security con

Contact this candidate