FREDERICK NKRUMAH, SEC +, CEH

***** ******* ****, ******** ****, TX 77489

adgp82@r.postjobfree.com

614-***-****

United States Citizen Ability to Obtain Secret Clearance

CAREER OBJECTIVE

I am seeking an Information System Security Professional position in the area of Testing Information Technology Controls, IT Security Monitoring and Auditing, and Risk Assessments/Management, Vulnerability Assessment, Sarbanes-Oxley 404 (SOX) and PCI DSS using FISMA and applicable NIST Standards.

SKILLS AND ABILITIES

Possess excellent verbal and written communication skills both in English and Spanish.

Appreciable level in computer literacy.

Strong problem solving skills and result oriented..

Good presentation and human relation skills.

Ability to meet short and long-term tasks assigned.

A strong team player with high level of customer relationship.

Appreciable knowledge in network/server topologies and configurations.

SOFTWARE/PLATFORM/ARTIFACTS

MS Office Suite (Word, Power Point, Excel, Access and Database), Windows 7, 8 and 10. PC hardware and PC software, Nessus vulnerability scanner, Nmap, VMware, SharePoint, Archer, ServiceNow, Fips199, SOX 404, SORN, E-Authentication, PTA, PIA, System Security Baseline Control, RA, SSP, CP, CPT, SAP, ST&E, SAR, POA&M, NIST SP-800-53A, SP-800-53R4, MOU.

EDUCATION

Bachelor of Science in Engineering

CERTIFICATIONS

CEH - Certified Ethical Hacker

CompTIA Security Plus Certification

CSM – Certified Scrum Master

Actively pursuing Certified Information System Auditor (CISA)

PROFESSIONAL IT TRAININGS

Information Systems Security Training.

Certification and Accreditation Document Review Training.

The Health Information Technology for Economic and Clinical Health (HITECH) – (HIPAA).

The Payment Card Industry Data Security Standard (PCI DSS).

CISA Exam Preparation Training Course.

PROFESSIONAL EXPERIENCE

TCEQ

Information System Security Officer 03/2019 – 08/2020

Reviewed system security A&A package submissions for consistency, completeness and traceability ensuring compliance with current A&A guidance.

Maintained SOP checklists for each package to ensure compliance.

Provided compliance package reports which list specific rework actions to Government customers and the submitting Program.

Identified potential risks associated with system configurations and advised on mitigation strategies.

Participated in A&A status meetings and facilitated moving systems toward a successful A&A effort.

Conducted test results and analyzed them for accuracy, compliance, and adherence to Federal cybersecurity requirements.

Conducted thorough reviews of all vulnerabilities, architecture, and defense in-depth strategies and report findings in POA&M document, etc.

DeeRich Tech Consulting

Information Security Analyst 07/2015 - 02/2019

Conducted IT controls risk assessment to identify system threats, vulnerabilities and risks.

Worked with IT security team to gather evidence, develop test plans, testing procedures and document test results.

Assisted in conducting Privacy Threshold Analysis (PTA) and Privacy Impact Analysis (PIA) by working closely with the Information System Security Officer (ISSO), the System Owner, the Information Owners and the Privacy Act Officer.

Conducted security control assessment to ensure the effectiveness or adequacy of management, operational, privacy and technical security controls implemented.

Developed Security Assessment Report (SAR), detailing the results of the assessment along with Plan of Action and Milestones (POA&M) which were submitted to the System Owner for corrections to be made and submitted later to the Authorizing Official to obtain the Authority to Operate.

Conducted a Business Impact Analysis (BIA) to identify high risk areas where audit effort will be allocated to before Contingency Plan is put in place.

Assisted in the development of System Security Plan (SSP) to provide an overview of system security requirements and describe the controls in place or planned by information system owners to meet those requirements.

Prepared recommendation reports that are made available to system owners to remediate identified vulnerabilities during risk assessment process.

Reviewed IT related policies, standards, procedures and guidelines and ascertain if they are in compliance with the regulatory requirements.

LANGUAGES

English: Fluent in reading, writing and oral communications

Spanish: Fluent in reading, writing and oral communications

REFERENCES

References will be furnished upon request.

Contact this candidate