Post Job Free
Sign in

Information Systems Security

Location:
Hagerstown, MD
Posted:
June 25, 2024

Contact this candidate

Resume:

Musa Kamara

Hagerstown, MD ***** • *********@*****.*** • 240-***-**** • https://www.linkedin.com/in/musa-kamara-971136227 SUMMARY

Diligent and detail-oriented cybersecurity professional with a strong foundation in GRC cybersecurity practices. Proven track record in overseeing information security tasks, vendor performance, and risk assessment activities. Skilled in translating complex security concepts for non-technical stakeholders and contributing to executive-level reporting. Experienced in vulnerability management, incident response, and compliance readiness. Demonstrated ability to optimize processes and drive fiscal responsibility. Eager to leverage expertise in supporting cybersecurity initiatives and contributing to organizational success in a dynamic environment. EDUCATION, CERTIFICATIONS

• Candidate for Risk & Information Systems Control (CRISC)

• Candidate for Certified Information Systems Auditor (CISA)

• Maryland Board of Nursing- Certified Nursing Assistant (CNA) (A00143821)

• Maryland Board of Nursing- Certified Medication Technician (MT0095234)

• CPR & First Aid Certification

• Milton Margai College, Sierra Leone – Major: Accounting & Finance

• US Citizen

TECHNICAL SKILLS

Security Architecture: COBIT, NIST RMF, NIST CSF, CMMI, ISO, Zero Trust Regulatory Compliance: HIPAA, 800-53 R5, 800-171, NIST CSF, FedRAMP, SOX, AS5, SOC 2, PCI, GDPR, GLBA, SANS, FISMA

Audited: Oracle E-Business Suite, Oracle 9i/10g, PeopleSoft, Great Plains, SAP, Azure, AWS, AS/400, Sybase, SQL Server, Active Directory, Windows, Unix, Routers, Firewalls, CrowdStrike, KnowBe4, IDS/IPS, DLP, Splunk SIEM, Vulnerability/Patch Management, NOC/SOC, JIRA

Applications: Access, Excel, Word, PowerPoint, Project, Visio, SmartSheet, CSAM, SharePoint, Remedy Programming: SQL, PL/SQL, ChatGPT

PROFESSIONAL EXPERIENCE

Impactful Achievements

ControlPoints – Hagerstown, MD, Jr. IT Security Consultant, 01/24 - Present Assisting cybersecurity projects under the guidance of senior project managers.

• Supported Sr. ISSO by assisting the implementation of NIST RMF (via 800-37); ensuring accurate categorization and boundaries (via FIPS-199 and 800-60). Tailored security controls (via FIPS-200, 800-53, SANS Top 20), drafted BIA, CP/DR, SSP, PTA/PIA, IRP, and POA&M remediation. Incorporated risks from SOC 2 and FedRAMP reports, efficiently managing artifacts in CSAM and SharePoint.

• Reviewing information security tasks (over 1,400 to date) assigned to security engineers in Excel and Smartsheet, ensuring they are entered concise and complete, while monitoring progress against due dates, and elevating risks where delays appear imminent.

• Participate in the development of PowerPoint slides for a weekly InfoSec-focused status report for 60+ stakeholders, adeptly translating complex security topics for non-technical audiences to identify top risks related to timeline, quality, and cybersecurity.

• Achieved 5 out of 5 vulnerability scans on schedule through effective coordination and continuous refinement based on lessons learned.

• Reviewed vendor’s 20 draft security test cases and their exit criteria against NIST 800-53 Rev 5 controls and noted 5 discrepancies that required updates to the test cases. This ensured Dry Run and Customer Witness tests achieved expected outcomes.

• Meticulously evaluated the 214 controls of the NIST Cybersecurity Framework (CSF) for the cybersecurity posture of a potential acquisition company in a mergers & acquisition deal.

• Produced content for an Incident Response Playbook, for the purpose of an expedited detection, response, and recovery from incidents, including ransomware attacks.

• Constructed a client’s Cyber Security Awareness Training (CSAT) video, which was subsequently delivered to 300 new Plant employees, and as a resource for future onboarding, ensuring a consistent and effective cybersecurity education for all new hires.

• As part of a team performed SOX 404 readiness activities of a forthcoming audit. Documented policies and procedures, implemented security controls, and prepared supporting artifacts.

• Audited more than 100 work papers from the client’s outsourced audit firm, identifying over 30 exceptions that could have jeopardized a clean audit opinion. Subsequently, external auditors acknowledged zero (0) exceptions, affirming the effectiveness of the implemented improvements.

• Developed a formula-driven risk assessment model to compute inherent and residual risks associated with all exploitable vulnerabilities. Presented a cost-benefit analysis for each proposed solution, enabling intelligent decision- making.

AHC Alternate Care Site - Crisis Response – Takoma Park, MD, CNA/Nurse Assistant, 11/22 – 3/23

• Provided front-line support to aid patients in their COVID recovery efforts.

• Disposed of patient information securely, such as shredding physical documents and ensuring digital data is permanently deleted from devices before disposal.

• Maintained the security of medication administration records, ensuring that access is restricted to authorized personnel only.

• Used encrypted devices for documenting and accessing patient medication information.

• Enter medication data into EHR systems accurately and securely, ensuring all entries are protected against unauthorized access.

• Utilized multi-factor authentication (MFA) when accessing EHR systems to enhance security.

• Stayed informed about the latest cybersecurity threats and best practices through continuous education and training programs.

Residence at Creekside Assisted Living – Hagerstown, MD, CNA/GNA, 12/18 – 12/23

• Ensure patient information, both digital and paper-based, is kept confidential and secure.

• Avoid discussing patient details in public areas or with unauthorized individuals.

• Employ secure passwords and follow best practices for password management on electronic health record (EHR) systems and other digital tools.

• Log out of systems and devices when not in use to prevent unauthorized access.

• Follow the healthcare facility’s cybersecurity policies and protocols, including those related to the use of mobile devices and personal computers.

• Report any suspicious activity, such as phishing attempts or unauthorized access to patient records, to the appropriate IT or security personnel.

Immigrated to the USA and Successfully Filed and Obtained Work Authorization – June 2018 HONORS

• Earned a Strong Performer Rating during the ControlPoints Mid-Year Performance Review



Contact this candidate