ADDO ADU GYAMFI
OBJECTIVE An ambitious and self – motivated individual within depth experience in
customer satisfaction, seeking a position in the Computer Information Systems field, with a focus on service delivery with increasing responsibilities that will challenge me to draw on my professional and personal skills, education, and potentials.
EDUCATION KWAME NKRUMAH UNIVERSITY OF SCIENCE & TECHNOLOGY GHANA
Bachelor of Science in Physics
CompTIA Security+ (Active)
ISACA CISM (Active)
ISACA CISA (Active)
ADDITIONAL Technical Skills/Platform: Fips199, SORN, E-Authentication, PTA, PIA, RA, SSP, CP, CIPT, ST&E, SAR, POA&M, ATO, ISA, Oracle Database, SQL & PL/SQL, MSSQL-Server, PowerBI, Tableau, Ms Visio, Microsoft Office Packages (Word, Excel, Access, Power Point, and Outlook), Visual Basic C#, Python, Creating Dashboards using Power BI and Tableau
Standards: HIPPA, SORN, Confidentiality, Integrity, Availability, Security Assessment & Authorization (SA&A), ISO 27001 and 27002, SOX, SOC1, 2 and SOC3, Certification and Accreditation, General Computer Controls, Application control, Testing, Compliance Testing, Risk Assessment, Change Management, Security Maintenance, Contingency Planning; Policies and Procedures, NIST SP 800-37, NIST SP 800- 60, NIST SP 800-53, FIPS, FISMA, HIPAA, FISCAM, FedRAMP, PCI DSS
07/19 – Current Renowned Systems, Stafford VA
Information Security Assessor
Conduct kick-off meetings with CISO and system stakeholders prior to assessment engagements and authorization process.
Conduct security assessment using NIST SP 800-53A standards.
Develop Security Assessment Test Plans to outline the assessment process and requirements.
Prepare the final Security Assessment Report (SAR) containing the results and findings from the assessment.
Conduct interviews with key stakeholders as a part of the Security Test and Evaluation.
Perform security control compliance reviews, tracking, and continuous monitoring of assessment packages.
Advise and assist with the Lifecycle Assessment and Authorization (A&A) process and develop a Security Assessment Report.
Document and report findings and remediation plans to management.
Assess changes in the system, its environment, and operational needs that could affect the accreditation.
Initiate a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR.
Manage the Security Control Assessment schedule for the client’s portfolio of systems to ensure system remain compliant with ATO and continuous Monitoring requirements
08/15 – 06/19 Pioneer IT Solutions Fairfax, VA
Information System Security Officer
Conducted effective vulnerability assessments and validated all technical controls found within NIST SP 800-53R4, and requirements.
Prepared and reviewed system documentation to include Systems Security Plans (SSPs), Certification and Accreditation (C&A) packages, contingency plan, and incident response plan.
Developed Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities.
Monitored security controls for customers to maintain security Authorized to Operate (ATO).
Ensured that changes to a customer's IS, its environment, and operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM).
Coordinated appropriate correction or mitigation actions and tracked the timely completion of (POAMs).
Maintained operational security posture for systems through customized Risk Management Framework (RMF) to ensure established security processes and procedures are followed.
Advised clients on potential impacts from new regulations and provided recommended strategies that considered both agency risk and compliance.
Prepared reports on the status of security safeguards applied to computer systems.
Participated in A&A testing/Security Control Assessment testing and assisted in the preparation of the necessary documentation after the tests to ensure systems attain the appropriate certifications and authorizations to operate.
Ensured that selected security controls are implemented and operating as intended during all phases of the IS lifecycle.
Ensured that system security documentation is developed, maintained, reviewed, and updated on a continuous basis.
02/14 - 06/15 Asurion Smyrna, TN
Information Risk and Compliance Analyst
Reviewed business and technical assessments questionnaires and evidence. Scheduled and conducted review calls with vendors and tracked questionnaires sent to vendors, reported on abandoned vendors, received, and reviewed questionnaires.
Conducted detailed vendor risk assessments using SIG Questionnaire, working closely with key partners, to identify and evaluate risks before continuing operations with third-party vendors. Accurately determine the risk rating with qualifications based on the potential impact and likelihood.
Planned and conducted security assessments of clients third parties’ vendors focusing on compliance with regulations, company policies, and internal controls.
Presented control deficiencies, findings, and recommendations to various levels of owners and leadership.
Performed security risk and control assessments to identify vulnerabilities or security exposures.
Ensured remediation plans were in place for vulnerabilities identified during risk assessments, audits, and inspections.
Reviewed authorization and assurance documents to confirm that the level of risk is within acceptable limits for each third-party software application, system, or third-party vendor.
Performed risk analysis on third party capabilities whenever an application or system undergoes a major change.
Worked closely with various business leaders on addressing security vulnerabilities.
Performed security reviews, identify gaps in security architecture and developed a third-party risk management plan.
10/09-01/14 GHANA STANDARD BOARD LIMITED GHANA
Junior Security Analyst
Identified vulnerabilities and tested new software to help protect the data of the organization.
Supported in the investigations performed by the Information Security team
Performed testing for compliance with security policies and procedures.
Examined available recovery tools and processes.
Analyzed and assessed vulnerabilities in the network infrastructure.
Performed security checks on hardware devices.
Other support work, as needed.
Enhancing Your Risked-Based Audit Skills Training 2020
Information Assurance Awareness Training 2016
Information Systems Security Training 2015