Information Security Officer

Location:

Fredericksburg, VA

Posted:

June 18, 2020

Contact this candidate

Resume:

EMMANUEL O. OPARE

Fredericksburg, VA ****** 571-***-**** addvz6@r.postjobfree.com

CLEARANCE: TOP SECRET

OBJECTIVE

A self-motivated Information Technology personnel with over eight (8) years of Risk Management experience. Looking for a challenging position in a growth-oriented organization which will allow me to integrate my experiences and expertise to achieve enterprise-wide FISMA objectives for the organization. I have proven ability to lead and direct, solve information security risks problems professionally, and make strategic decisions in fast paced environments through the application of my experiences in Risk Management.

INFORMATION SYSTEM OPERATIONAL ACHIEVMENTS

6- ATO’s within 1year

15-SAP’s with 1year

20-Package Validated within 1year

SUMMARY OF QUALIFICATIONS EXPERIENCE

Working knowledge in Risk Assessment, Risk Management Framework (RMF) which outlines the 6 Steps to Risk Management Process for Federal Information Systems in order to assist the business areas in completion of the Business Impact Analysis, and subsequent creation of Security Documentations like System Security Plan (SSP), Security Assessment Report (SAR) and Plans of Action and Milestones (POA&M)

Experience with NIST 800 SPs to include but not limited to NIST SPs 800-18, 800-30, 800-37, 800-53 & 53A, 800-60, FIPS (199 & 200), OMB, FISMA regulations

Experienced with Planning System Security Checklists and Privacy Impact Assessments

Highly knowledgeable in the performance of Security Control Assessment (SCA), prepare report on management, operational and technical security controls for audited applications and information systems

Experienced with Performing Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders

Experienced in Documenting and reviewing System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO)

Experienced with Performing Security Categorization (FIPS 199), reviewing and ensuring Privacy Impact Assessment (PIA) document after a positive PTA is created

Experience with identifying and communicating security exposures and information security incidents

Experienced with working face-to-face with multiple stakeholders, interviewing, planning, and participating in a team effort to bring multiple complex projects to execution in a highly motivated environment

Have working knowledge of Windows OS, MS Office, Vulnerability Assessment tools (Nessus) McAfee Virus Scan Enterprise, Share Point, Excel, Nessus, eMASS, ACAS, HBSS, Csam.

EDUCATION

Bachelor of Science in Criminal Justice

American InterContinental University Hoffman Estates, IL 2012

Associate of Arts Business Admin

American InterContinental University Hoffman Estates, IL 2011

CERTIFICATIONS

CompTIA Security+ CE

Scrum Master

CISA

CAP

COMPLIANCE CHECKERS AND IT GOVERNANCE RISK COMPLIANCE

FedRamp

Archer

Nessus

Acas

DB Protect

Csam

Rsa

Stig Viewer

Emass

Excel

Visio

JIRA and Remedy (BMC)

Share Point

Vista

Microsoft Office

PROFESSIONAL EXPERIENCE

Andrews Airforce Base, Blue Irish JB- Andrews, MD.

Information Security Officer 2019 – Present

Adept at conducting contingency plan, recovery plan and incident response tests for assigned IT systems.

Provide guiding to system owners on all matters, technical and otherwise, involving the

security of assigned IT systems.

Develop standard operating procedures in accordance with security control requirements.

Perform continuous monitoring of security controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome with respect to meeting the cybersecurity requirements for assigned IT systems.

Assisting in conducting the Security Control Assessment meeting (SCA) Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A.

Performed data gathering techniques (e.g. questionnaires, interviews and document reviews) in preparation for assembling C&A/A&A packages.

Worked with Certification and Accreditation team; performed risk assessment; updated System Security Plan (SSP), contingency plan (CP), Privacy Impact Assessment (PIA), and Plan of Actions and Milestones (POA&M).

Updated Plan of Action & Milestones (POA&M) and Risk Assessment based on findings assessed through monthly updates.

Creating, updating, and reviewing System Security Plans using NIST 800-18, Contingency Plans using NIST 800-34, Incident Reports using NIST 800-61.

Supported client in creating memos for POA&M that past schedule completion date (SCD).

Conducted assessment of controls on Information Systems by interviewing, examining, and testing methods using NIST SP 800-53A as a guide.

Evaluated threats and vulnerabilities to ascertain whether additional safeguards are needed.

Ensured that security controls testing, and evaluations are completed and documented

Assessed changes in the system, its environment, and operational needs that could affect the accreditation.

Supported and guided through the phases of FISMA A&A, including monitoring of the A&A artifacts compliance, annual control-assessment (NIST SP 800-53A guidelines).

Developed Plan of Action & Milestones (POA&M) document to take corrective actions

United States Department of State, Intercon Washington, DC

Information Security Analyst 2019-2020

Author existing and new security artifacts to achieve or maintain system Authorization to Operate (ATO).

Cyber Security Asset Management (CSAM) Administrations; Security Asset Management toolset; perform updates and configuration

Worked with Certification and Accreditation team to conduct risk assessment; updated System Security Plan (SSP), contingency plan (CP), Privacy Impact Assessment (PIA), and Plan of Actions and Milestones (POA&M)

Assist in developing NIST Compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses

Updated Plan of Action & Milestones (POA&M) and Risk Assessment based on findings assessed through monthly updates

Conducting assessment of controls on Information Systems by interviewing, examining and testing methods using NIST SP 800-53A as a guide.

Creating, updating and reviewing System Security Plans using NIST 800-18, Contingency Plans using NIST 800-34, Incident Reports using NIST 800-61

Document and review security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies

ManCare Medical Locust Grove, VA

Information Assurance Officer 2015 to 2018

Responsible for implementing and enforcing an Information Assurance (IA) program at the organization.

Streamlined IA processes by reviewing, analyzing and determining the necessary actions to accomplish requested tasks.

Ensured all systems and applications are certified and accredited and that RMF packages were processed, reported and coordinated in a timely fashion with the organization.

Assisted subordinate IAMs to create RMF artifacts and Plans of Actions and Milestones (POA&Ms).

Ensured POA&M mitigations and timelines were adhered to and documented any changes that occurred.

Applied mastery of IT system security principles, concepts, and methods, including state-of-the-art and emerging techniques and products, to recommend appropriate technical strategies to resolve complex and persistent IT security challenges.

Reviewed status of Information Systems for modifications and assessed the impact to current system accreditation.

Validated system requirements, security policies and procedures, contingency plans, incident response plans, personnel security, access control mechanisms and identification and authentication mechanisms.

Performed technical assessments to ensure the system or application proposed for accreditation or connection met the classification and sensitivity levels of the systems and applicable policies, regulations, and standards.

Ensured the implemented security safeguards were adequate to assure the integrity, availability, and confidentiality of the information being processed, transmitted, or stored consistent with the level of sensitivity of that information.

Ensured system POA&M mitigations and timelines were adhered to and documented all changes that occurred.

Responsible for 4 accredited systems and ensuring that system security postures are maintained.

INOVA Fairfax Hospital Fall Church, VA

Jr. Information Security Analyst 2012 to 2015

Provide services as control assessor (SCA) and perform as an integral part of the Assessment and Authorization process to include A&A, documentation, reporting, reviewing and analysis requirements.

As a team, we determined Categorizations using the FIPS 199/NIST 800-60 as a guide, reviewed, update and develop Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), and initiated SSP.

Worked with ISSO, system Owner and team to access controls selected, and assess the weakness and all findings reported in our SAR report.

Assisted subordinate IAMs to create RMF artifacts and Plans of Actions and Milestones (POA&Ms).

Ensured POA&M mitigations and timelines were adhered to and documented any changes that occurred.

Review and document contingency plans (CP), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various agencies.

Review and update of the SSP using NIST SP 800-18 guidelines.

Specialize in the entire Risk Management Framework (RMF), and system control assessment processes using NIST SP 800-60, NIST SP 800-53A, preparing and reporting SSP, SAP, PTA, PIA, E-Authentication, POA&M.

Develop and conduct ST&E according to NIST SP 800-53A and perform on-site testing and reviewing vulnerability scan results.

Assisting in conducting the Security Control Assessment meeting (SCA) Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A.

Contact this candidate