Lovelace Sarfo Doffour

**** ******* ***** ***. **********, VA 22309

admgtg@r.postjobfree.com 571-***-****

Information Security Analyst

A dynamic, experienced and results-driven Security Assessment and Authorization professional with strong problem solving and project management skills, knowledgeable in Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), Security Life Cycle and Vulnerability Management, using FISMA and applicable NIST standards is seeking a position in a growth -oriented organization to help manage and protect enterprise information systems.

Core Skills & Abilities

• System Life Cycle Project Management MS Office Suite

• Security Assessment & Authorization Authentication & Access Control

• System Security Documentation Risk Management & Mitigation

• Vulnerability Assessment and Management GRC Tools

• POA&M Management Excellent interpersonal skills

• Cloud Security Effective written & verbal communication skills

Professional Experience

Information Security Analyst 10/2019-Present

Manav Consulting Group Inc- Dumfries,VA

Assist System Owners and ISSO in preparing certification and Accreditation package for company's IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4

Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment(PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)

Designate and categorize systemsbased on C.I.A using FIPS 199 and NIST SP 800-60

Perform Vulnerability Assessments, ensuring risks are assessed, evaluated and proper correctiveactions taken to limit their impact on the Information Systems

Create standard templates for required security assessment and authorization documents, including riskassessments, security assessment plans and reports, contingency plans, and securityauthorization packages.

Perform IT risk assessment and document the system security control.

Design and conduct walkthroughs, formulate test plans, test results and develop remediation plans for each area of the testing.

IT Security Analyst 08/2017-09/2019

Comcast- Alexandria, VA

Reviewed and updated System Security Plans (SSP) and Security baselines in accordance with NIST, FISMA, OMBand industry best security practices.

Supported the review of all Cloud Service Providers (CSP) documentation for compliance as well as work with stakeholders until the cloud system documentation meets FedRAMP A&A requirements.

Led in the development of Privacy Threshold Analysis (PTA), and Privacy Impact Analysis (PIA) by working closely with the Information System Security Officers (ISSOs), the System Owners, the Information Steward and the Privacy Act Officer

Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.

Conduct Security Control Assessment on General Support Systems (GSS), Major Applications and Systems to ensure that such Information Systems are operating within strong security posture.

Update IT security policies, procedures, standards, and guidelines according to department and federal requirements.

Performed continuous monitoring after authorization to operate (ATO) to ensure continuous compliance with the security requirements.

Put together Authorization Packages (SSP, POA&M and SAR) for AuthorizationOfficer (AO) review and signature

Developed Security Assessment Plan (SAP) to initiate Security Assessment for low, moderate, and high control information systems.

Information Assurance Analyst 07/2016-08/2017

Inova Hospital- Mt Vernon, VA

Developed asystem security plan to provide an overview of information system security requirements anddescribed the controls in place or planned.

Conducted ongoing internal assessments to ensure regulatory compliance in an assigned area such as documentation, coding, insurance and Health Insurance Portability and Accountability Act(HIPAA)

Developed an E-Authentication report to provide technical guidance in the implementation of electronic authentication.

Assisted with creating, receiving, maintenance or transmission of Protected Health insurance(PHI) through coordination of IT related HIPAA compliance processes.

Supported in the development of an Information Security Continuous Monitoring Strategy to help inmaintaining an ongoing awareness of information security.

Assisted in the development of rules of engagement documentation in order to facilitate the scanning of network, applications and databases for vulnerabilities.

Conducted security control assessments to assess the adequacy of management, operational, privacyandtechnical security controls implemented.

Security Assessment Reports (SAR) were developed detailing the results of the assessment along withPlan of Action and Milestones (POA&M)

Developed a security baseline controls and test plan that was used to assess implemented security controls.

IT Helpdesk

Kool smile dentistry 2014 – Jan 2017

Provided technical support to faculty, staff, manner via self-service portal, telephone, and in person.

Ensured proper client system operation so that end users can accomplish business tasks. This includes receiving, prioritizing, documenting, and actively resolving end user requests and escalating incidents when considered appropriate.

Provided appropriate communications and turnover for long running incidents as needed.

Provided backup to other Technology Support Services technicians such as desktop support for computer hardware and software and new user laptop and desktop setup with company standard software.

Tracked, serviced, and fixed problems that occur with laptops/desktops/cell phones/printers/accessories.

Coordinated with service provider’s repairs of broken devices.

Worked closely with Systems & Networking to support application, server, and networking requirements.

IT support Technician Assistance

Resurrection Methodist church Alexandria, VA - present

Installed, maintained & updated all IT inventory including personal computers, devices, network equipment & peripherals such as multifunction printers, scanners and check-in equipment

Provided consistent, friendly IT Support to volunteers, staff and attendees and members

Responsible for keeping all devices in an efficient and functional state

Troubleshoots issues via our helpdesk systems and maintains updated status on tickets

Education

BS Healthcare IT & Administration-Stafford University, Virginia

Professional Certifications

CompTIA Security Plus CE(Security+)

Certified Authorization Professional (CAP) - Candidate

Technical Proficiencies

Windows Operating Systems and MS Office Suite

Vulnerability Assessment tool (Nessus)

GRC Tools

SharePoint Application

Reference upon request

Contact this candidate