Assurance Analyst System Administrator

KEVIN ASUBONTENG

Brooklyn, NY 929-***-**** *****.*****@*****.***

PROFESSIONAL SUMMARY:

Experience as a Cyber Security Controls Assessor. Demonstrates knowledge in NIST 800-37 (Risk Management Framework), Security controls assessment, knowledge on NIST 800-53 rev 4, NIST 800-54a, NIST 800-60, NIST 800-137, NIST 800-70, FIPS 199. Skillful in conducting vulnerability management, security control implementation, Assessment and Authorization (A&A), PO&AM management and continuous monitoring.

PROFESSIONAL EXPERIENCE:

CPT GLOBAL May 2021 – Present

Security Control Assessor

Conduct kick-off meetings with System Owners and other assessors to identify the assessment scope, system boundaries information and confirm system’s security categorization

Develop, document and review Security Assessment Plans (SAPs), Plan of Action and Milestones (POA&M) and Security Assessment Reports (SARs).

Prepare and review authorization packages (i.e., SSP, SAP, SAR, POA&M, etc.) for Low, Moderate and High impact systems.

Perform audits, vulnerability/risk assessment analysis to conduct assessments & Authorizations (A&A).

Conduct security controls assessment of applicable security controls to ensure compliance per NIST 800-53 Rev.4 requirements.

Assist in developing a Security Control Assessment (SCA) strategy for the organization; to include an overall assessment process flow, which documents the steps required to conduct assessment activities and interact with all necessary parties.

Provide POA&M support to ensure mitigations are completed or the teams are working to mitigate all vulnerabilities in a timely fashion and within customer policy timeframe.

Perform continuous monitoring to ensure implemented security controls remain functional throughout the lifecycle of the information system.

Attending meeting with stakeholders to present assessment findings and remediation recommendations.

Prepare authorization package for management review and final Authorization to Operate (ATO).

NFC MANAGEMENT Oct 2019 – May 2021

Information Assurance Analyst

Developed Security Assessment Plans (SAP) and perform assessment per NIST SP 800-53A

Conducted gap analysis of organizations policies and procedures against NIST based control.

Scheduled kick off meetings with system owners to assist in identifying assessment scope, system boundary, the information system's category and obtain any artifacts needed in conducting the assessment.

Prepared and reviewed ATO packages (i.e., SSP, POA&M, PTA, PIA, SAP, SAR, etc.) for continuous operation.

Developed Plan of Action & Milestones (POA&M) to remediate actions resulting from security control assessments; monitor and track remediation progress using GRC tool

Ensure control implementation statements comply with NIST SP 800-53 Rev 4 requirements.

Reviewed system vulnerability scans and audit logs and worked with system administrators to remediate findings.

Kent Services Aug 2018 – Sept 2019

System Administrator

Maintained, installed, troubleshoots, and configured desktop and laptop computers and related peripheral equipment Responded to various alerts and remediate as needed.

Provided first-level support for internet problems to 500 users by identifying network/applications issues, including updating and maintaining network security software.

Creating user accounts and performing access control

Documenting processes, as well as backing up and archiving data.

Resolved end-user issues quickly and efficiently by offering technical support for helpdesk requests and computer systems, software, and mobile hardware issues.

Perform or delegate regular backup operations and implement appropriate processes for data protection, disaster recovery, and failover procedures

EDUCATION(S):

Brooklyn College

BA in Information Technology Brooklyn, NY

2015- 2018

Kingsborough College

AA in Computer Science Brooklyn, NY

2013- 2015

CERTIFICATIONS:

CompTIA Security+ - In progress

Core CompetenciesInformation Assurance, Compliance Analyst, Information Assurance, Auditor Certifying Agent/Authority, System Certifier, Controls Validator, IT Auditor Assessor, Risk Management Framework (RMF), System Security Plan (SSP), Assessment & Authorization, Security Assessment Report (SAR), Plan of Action & Milestones (POA&M), Continuous Monitoring, Security Control Implementation.

Technical Skills

Microsoft Office Suite, Microsoft SharePoint, Vulnerability Scanning (Nessus Tenable) NIST 800-53 rev 4, NIST 800-54a, NIST 800-60, NIST 800-137, NIST 800-70, FIPS 199, FISMA, FIPS 199/200.

REFERENCES

AVAILABLE UPON REQUEST

Contact this candidate