Information Security Officer
Resume:
Daniel Twum-Gyamrah, MBA, MITS, CISA,
CCNA, CCNA SEC, COMPTIA SEC+, AWS
• adi9zr@r.postjobfree.com •Phone: 330-***-**** • linkedin.com/in/danieltwumgyamrah/ SECRET CLEARANCE
PROFESSIONAL PROFILE
Results-oriented, dynamic, and versatile IT professional with verifiable knowledge and over 12 years of successful experience in cybersecurity industry and ability to work in a fast-paced enterprise environment. Excellent grasp of cybersecurity within an enterprise government cloud environment, strong background in Cloud Computing and able to apply FedRAMP, and RMF security practice expertise across complex cloud architectures. Security Lead who provides FedRAMP and DoD government, regulatory, compliance, and cybersecurity guidance. This includes managing the Continuous Monitoring process and relationship with the FedRAMP PMO, JAB Reviewers, DoD Authorizing Official, and Third-Party Assessment Organization (3PAO). Lead and manage NIST-based system security assessments, privacy assessments, continuous monitoring, and/or other Assessment and Authorization (A&A) activities, Third Party Vendor Risk Management, Vulnerability Management, and Patch Management, SIEM. Advanced knowledge, and understanding of private, commercial and/or government community clouds such as Microsoft Azure and AWS, GovCloud and other regulatory framework which includes; NIST 800 Series, PCI DSS, CMMC, SOC1&2, HIPAA, HITRUST, SOX, CCPA, GDPR. GRC Tool – RSA Archer, eMASS and vast experience in Microsoft office suite; (Word, Excel, PowerPoint, Outlook Visio) and Mac Platforms, SPSS, Windows 10, Adobe. PROFESSIONAL EXPERIENCE
INFORMATION SYSTEMS SECURITY OFFICER (ISSO)
Advanced Programs Inc 07/2019 to present
• Serves as the Policy Subject Matter Expert on a multi-functional team, performing gap analysis on several federal policies, OMB directives, DOD Binding Operational Directives (BOD), and NIST special publications (gap analysis on NIST SP 800-53, Rev.4 and Rev. 5)
• Develops cybersecurity policies, memoranda, standards, and guidance for API and supports the maintenance of such policies covering a wide field of disciplines including cyber security program governance, IT security and privacy operations, continuous monitoring, and risk management.
• Advises business stakeholders on policy strategies by determining cyber security policy applicability to the API environment and integrating such policy updates into GRC tools.
• Prepares regulatory and policy crosswalks to meet API needs
• Provides technical guidance on a range of specific controls under the Risk Management Framework (RMF), NIST Publications, OMB directives and HHS Policies to increase API System’s security posture.
Daniel Twum-Gyamrah, MBA, MITS, CISA,
CCNA, CCNA SEC, COMPTIA SEC+, AWS
• adi9zr@r.postjobfree.com •Phone: 330-***-**** • linkedin.com/in/danieltwumgyamrah/
• Participates in collaborative and integrative projects in an agile environment by serving as a quality assurance point of contact for API cybersecurity program and provides technical review of deliverables.
• Interacts in both oral and written communications with all levels of System staff including; Computer center staff, developers and other ITS staff, technical staff, general counsel, auditors, and all System staff and technology vendors and contractors, in matters related to information security and security awareness materials.
• Led the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations of CMMC compliance per the NIST 800-171 CUI requirements.
• Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Analyze security vulnerabilities and risk, within the Risk Management Framework
(RMF) guidance provided through the NISPOM, DAAPM and the JSIG, and provides suitable options for identified issues.
• Review, prepare, and update RMF and AIS accreditation packages in eMass
• Perform self-inspections, provide security coordination and review of all system test plans
• Identify vulnerabilities and implement countermeasures in POAM mitigation
• Conduct security surveys at subordinate facilities and gather pertinent
• Perform risk assessment reports (RAR) for new systems per NIST 800 series
• Maintain AIS security records and documentation in eMass
• Ensure AIS and network nodes are operated, maintained, and disposed of in accordance with security policies and practices.
• Managed Plan of Action & Milestones (POA&Ms), risk mitigation and remediation plans and provided information security solutions to address risks INFORMATION TECHNOLOGY SPECIALIST (25Bravo)
US ARMY RESERVES 08/2018 to present
• Installed and configured mail exchange server
• Installed and configured client and windows server
• Hands-on experience configuring initial settings network devices
• Configured monitoring tools available to medium-sized business networks
• Troubleshooting basic operations of a small, switched networks
• Provide technical guidance and supports remotely or locally, travel as necessary
• Responsible for the hardware and software installation, configuration, and troubleshooting.
Daniel Twum-Gyamrah, MBA, MITS, CISA,
CCNA, CCNA SEC, COMPTIA SEC+, AWS
• adi9zr@r.postjobfree.com •Phone: 330-***-**** • linkedin.com/in/danieltwumgyamrah/
• Responsible for training end users in proper use of the hardware or software, if required.
• Handled repairs to hardware, software, and peripheral equipment following the proper installation specifications.
• Provided support and maintained telephony (VoIP) systems. INFORMATION SYSTEMS ANALYST
Ether Solutions (Contract) 3/2018 to 7/2018
• Performs Role Engineering analysis to support Role Base Access Controls (RBAC).
• Monitors daily provisioning requests to ensure appropriate access.
• Captures application requirements for integrating with provisioning system.
• Performs analysis to respond to IS Security risks and compliance audits.
• Supports policies, procedures, and systems to support IAM Governance.
• Develops educational materials to promote best practices for IAM.
• Produces dashboards to support both IS and external clients.
• Trains junior analysts to conduct daily tasks associated with provisioning.
• Demonstrates strong logic and reasoning capabilities
• Delivers on well-specified work items
• Uses questions and proposals to clarify requirements when unclear
• Applies understanding of the Financial Services and Asset Management industries
• Connects my work with the strategy of the team and department.
• Engages in business-led conversations.
IT COMPLIANCE ANALYST
Bank Of America (Contract) 5/2017 to 2/2018
• Participated in design, development and implementation of complex applications, often using new technologies, software, hardware and tools.
• Worked closely with senior developers under supervision and guidance of more seasoned consultants and may also be expected to provide application support.
• Collaborated with external programmers to coordinate delivery of software application.
• Performed routine accountability for technical knowledge and capabilities
• Developed and customized data access routines to mine data from source systems for monitoring operations compliance according to banking laws and standards.
• Developed enterprise independent tests models for compliance and regulatory reporting of various lines of businesses.
• Developed, reviewed, and updated Information Security System Policies, Daniel Twum-Gyamrah, MBA, MITS, CISA,
CCNA, CCNA SEC, COMPTIA SEC+, AWS
• adi9zr@r.postjobfree.com •Phone: 330-***-**** • linkedin.com/in/danieltwumgyamrah/ GRADUATE RESEARCH ASSISTANT /TECH SUPPORT
Ohio University 1/2016 to 12/2017
• Troubleshooting, diagnosing and resolving hardware, software, and other network and system problems.
• Maintaining and administering computer networks and related computing environments including systems software, applications software, hardware, and configurations.
• Identifying and solving any problems that arise with computer networks and systems
• Maintaining existing software and hardware and upgrading any that have become obsolete
• Responsible for maintaining a neat and organized workstation
• Responsible for researching hardware and software product specifications, availability, and pricing
• Responsible for procurement of computer equipment, computer accessories, and supplies
• Handled technical support request through e-mail, remotely, or in person; analyzing reported problem, resolving recurring issue, and escalating the issue if needed
• Performed and maintain existing written documentation and use of the knowledgebase
• Maintained daily record of computer data transactions such as reported IT related activities and resolution of the issues, and/or requests, and assigning the work orders
• Worked as a team player in all aspects of the IT Department INFORMATION SECURITY ANALYST
Priority Dispatch Inc. (Cleveland, OH) 5/2011 to 12/2015
• Evaluated the technical sufficiency of submissions from HIPAA covered entities and business associates in response to data and documentation requests (i.e. Assessing reports related to security baselines, vulnerability assessments).
• Assisted in the development of audit objectives and detailed test procedures that effectively address key controls and information systems risks
• Identified vulnerabilities, recommended corrective measures and ensured the adequacy of existing information security controls.
• Developed audit report findings, issues and made recommendations for improvement.
• Assisted business units with risks associated with using vendor products and recommended solutions to reduce or eliminate risk.
• Identified potential risks in the information systems through risk assessments methodologies with business leads.
• Evaluated identified risks and provided recommendations on how to mitigate the risks Daniel Twum-Gyamrah, MBA, MITS, CISA,
CCNA, CCNA SEC, COMPTIA SEC+, AWS
• adi9zr@r.postjobfree.com •Phone: 330-***-**** • linkedin.com/in/danieltwumgyamrah/
• Drove service levels from the Risk & Compliance function to ensure that the operational risks of the business are mitigated through continuous monitoring of implemented controls
• Established a comprehensive risk management framework through security control assessments and the development of Risk Management and Loss Prevention Programs designed to minimize losses to the bank
• Trained interns about the fundamentals of information security, risk, and compliance.
• Identified and evaluated risks related to the systems and information supporting Firm activities
• Reviewed metrics and escalation reports to monitor risk and control-related developments, issues, and trends
• Worked with 1st line of defense risk and control owners in assessing inherent and residual levels risks based on structured risk framework
EDUCATION
Master of Information and Telecommunications systems
• Ohio University, Athens, OH 12/2017
Master of Business Administration Degree (Supply Chain Management)
• Cleveland State University, OH, 05/2015
Bachelor of Arts Degree in Economics
• Kwame Nkrumah University of Science & Technology, G.H. 04/2009 CERTIFICATIONS
Certified Information Security Auditor (CISA)
Cisco Certified Specialist - Security Identity Management Implementation Cisco Certified Network Associate Routing & Switching Cisco Certified Network Associate Security
Certified Ethical Hacker
CompTIA Security+
Certified Amazon Web Services Associate Developer
Certified Information Systems Security Professional (CISSP in progress) PROFESSIONAL GROUPS
ISACA Central Maryland Chapter
(ISC)2 Baltimore Chapter
National Black MBA Association – Washington DC Chapter
Contact this candidate