Risk Management System Security
Resume:
AB Anthony Boadu-Ayeboafo
SUMMARY Over * years’ experience as an Information Assurance Specialist with unique combination of passion in information security, project development and management, and Assessment & Authorization process (A&A) process. Concentrate on enterprise security risk management with in- depth knowledge in assessing information systems for risks, implementing appropriate controls, identifying and mitigation vulnerabilities via POA&M and vulnerability management and ensuring appropriate configuration management for all software and hardware using industrial standards frameworks.
Knowledge of and experience with federal security policies, standards, and guidelines including NIST 800 SPs such as 800-37, 800-53/53A rev 4, FISMA, HIPAA, & FedRAMP.
Working knowledge of Risk Assessment, Risk Management Framework (RMF), Systems Development Life Cycle (SDLC) and Security Assessment and Authorization process (SA&A).
Experience in the development of ATO package documents such as SSPs, SARs, POA&Ms, Contingency Plans, Incident Response Plans, PIA and Configuration Management Plans.
Proficient in explaining technical information, resolutions, documentations, and presentations to clients and non-technical personnel at all levels of the organization or enterprise.
SKILLS Risk Assessment & Management
Security Assessment and Authorization
POA&M Management
Authorization-To-Operate (ATO) Process
System Security Documentation
EXPERIENCE INFORMATION SYSTEM SECURITY OFFICER
Truist Bank, Petersburg, VA 05/2020 to present
Work with Information System Security Officers to prepare Assessment and Authorization (A&A) package for reviews using the six steps Risk Management Framework Process (RMF).
Create and track for corrective actions the Plan of Action and Milestones (POA&M) of all accepted risks upon completion of Security Control Assessment (SCA) exercises and documented in system security plan (SSP).
Develop and review system security artifacts such as contingency plans (CP), incident response plans (IRP), privacy impact assessments (PIA), MOUs/ISAs and risk assessment (RA) documents for compliance with NIST 800 guidelines and agency’s security requirements.
Monitor controls post authorization to ensure continuous compliance with the security requirements by evaluating threats and vulnerabilities through Nessus scan results and work with the IT staff for mitigation actions.
Develop and update Authorization to Operate (ATO) packages such as the SSPs, SAR and POA&Ms for information systems to ensure they are in compliance with organization’s information security requirements.
Conduct the ST&E Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A.
Review implementation statements and supporting evidence of security controls as to determine if the systems are currently meeting the requirements and provide findings/suggested mitigations to stakeholders.
INFORMATION SYSTEM SECURITY ANALYST
Computech Information System 04/2019-04/2020
Performed security categorization using NIST SP 800-60 and FIPS 199 and reviewed Privacy Threshold Analysis (PTA), and E-Authentication with system stakeholders.
Prepared, updated and maintained RMF documentation such as, but not limited to, ATO packages, SSPs), SARs, POA&Ms and Security Control Traceability Matrixes (SCTM) for all networks and systems.
Participated as a member of Certification and Accreditation team; to perform risk assessment, update System Security Plan (SSP), Contingency Plan (CP), and Plan of Actions and Milestones (POA&M).
Reviewed, monitored, and reported Plan of Action and Milestone (POA&M) status to all stakeholders and follows up with appropriate personnel to ensure that POA&Ms are remediated and reported in a timely manner to the POA&M Manager
Worked with the Security Control Assessors (SCA) team to determine effectiveness of current security controls and a path forward to implement future security controls, where potential weaknesses might exist.
Responsible for researching and evaluating relevant information security policies, guidance, and best industry practices, including NIST and FISMA for applicability to IT systems security.
MILIFE INSURANCE CO LTD, GHANA
IT Support Officer 04/2012-03/2019
Installed and configured computer hardware, software, and networks
Diagnosed hardware and software issues
Maintained and upgraded network systems
Monitored the network for potential threats
Replaced parts or equipment
Created documentation for technical support purposes
Communicated with clients, coworkers, and other support staff
Settled up accounts for employees
Addressed all technical queries
Supported new applications: Provided support for the roll-out of new applications and other computer programs
EDUCATION MBA – Marketing Management
Kwame Nkrumah University of Science & Technology, 2014
BSc – Development Policy Planning
Kwame Nkrumah University of Science & Technology, 2009
PROFESSIONAL Scrum Master Accredited Certification – (SCM)
CERTIFICATIONS COMPTIA Security+ (S+)
Certified Governance, Risk & Compliance – (CGRC)–exam in view
Certified Information Security Manager – (CISM) – exam in view
TECHNICAL Risk Management - Governance, Risk & Compliance (GRC)
TOOLS Vulnerability Assessment Tool - Nessus
Operating Systems - Windows Operating Systems and Microsoft Server
Microsoft Suite – Word Excel and Powerpoint
North Prince George, VA 23860
********@**********.***
Contact this candidate