OBJECTIVE
Seeking an Information System Auditor or Information Assurance position in a growth-oriented organization with focus on IT Security and Risk, system security monitoring and auditing; risk assessments; audit engagements, and testing information technology controls.
STANDARDS
Confidentiality, Integrity, Availability, Access Control, Audit and Accountability, ISO 27001, PCI-DSS, Certification and Accreditation, General Computer Controls, Inventory Asssessment,Application control, Compliance Testing, Risk Assessment, Change Management, Security Maintenance, Contingency Planning; Policies and Procedures, NIST 800 series, FIPS, FISMA,
SOFTWARE/PLATFORM/ARTIFACTS
MS office suite, Power Point, Visio, SharePoint, excel, access, Windows, Fips199, SORN, E-Authentication, PTA, PIA, RA, SSP, CP, IR, ST&E, SAR, POA&M, ATO, 800-53A, ISA, MOU, RFP.
PROFESSIONAL EXPERIENCE
Collabera, Tx (April 2019 -Present)
Duties: GRC Consultant
Developed a system security plan (SSP) to provide an overview of federal information
Developed and maintained RMF packages, including maintaining the system and program artifacts
Conducted a business Assessment workstream
Validated assigned security controls, including executing the system security plan (SSP)
Assisted in the development of Privacy Threshold Analysis (PTA), and Privacy Impact Analysis (PIA) by working closely with the Information System Security Officer (ISSO) and the System Owner.
Performed Security Assessment and Authorization documents in compliance with FISMA/NIST
Create standard templates for required security assessment and authorization documents; Risk Assessment (RA), System Security Plan (SSP) as per NIST 800-18, Contingency Plan (CP) as per
NIST 800-34
Perform risk-based analysis on proposed projects, vendors, and issue resolution implementations
Test implemented controls and perform risk assessments based on established frameworks and internal policies
Assist in IT audits and govern/report on findings, track status, and ensure corrective actions are complete and sustainable
Responded to client security risk assessment questionnaires by gathering information from across the organization as necessary
Promoted security education and awareness.
IT Futuristic, CA (March 2016– April 2019)
Duties: IT Security Analyst:
Conducted IT controls risk assessments that included reviewing organizational policies, standards, procedures and guidelines.
Developed security baseline controls to select controls to be implemented.
Developed and conducted ST&E (Security Test and Evaluation) according to NIST SP 800-53A to assess the adequacy of management, operational privacy, and technical security controls implemented
Developed Security Assessment Report (SAR) detailing the results of the assessment along with plan of action and milestones (POA&M) to the Designated Approving Authority (DAA) to obtain the Authority to Operate (ATO).
Assisted in the development of an Information Security Continuous Monitoring Strategy to help IT Futuristic in maintaining an ongoing awareness of information security (Ensure continued effectiveness of all security controls), conducted vulnerability scanning and assessments with tools such as Nessus.
Performed business impact analysis using Archer Vendor Management (VM) which result in audit calculate.
Developed an E-Authentication report to provide technical guidance in the implementation of electronic authentication (e-authentication)
system security requirements and describe the controls in place.
Assisted in planning and undertaking of periodic risk analysis of systems and mitigate risks as well as ensuring the success of the Infor Enterprise Asset Management (EAM) system implementation covering all aspects of asset management, reporting, maintaining, budgeting and scheduling.
Developed health insurance portability and Accountability Act (HIPAA) artifacts and assisted in conducting HIPAA framework.
Conduct a Business Impact Analyst (BIA) to identify high-risk area where audit effort will be allocated.
Established and maintained an adequate internal control structure and procedures for financial reporting using Sarbanes-Oxley Act of 2002 (SOX)
Conducted walkthroughs, formulated test plans, documented gaps, test results, and exceptions; and developed remediation plans for each area of testing.
Wealth Management financial advisors Inc., CA (April 2014 – January 2016)
Duties: Compliance Analyst:
Conducted gap analysis for all deliverables received from system personnel before routing them to appropriate parties to acquire signatures.
Initiated the pre-assessment and post-assessment write-ups where each artifact is critically looked at for accuracy and consistency across all documents with recommendations provided to better streamline documentation processes
As POC for Nine (9) systems, I attended all ATO briefings and drafted all ATO memos to be signed by the AO
Implemented continuous monitoring strategies, by reviewing all POA&Ms drafted by system ISSO and made recommendations to the client for approval and also track milestones set forth for all POA&M items.
Reviewed closure request for all POA&Ms and made recommendations to the client for approval or denial
Assisted with Incident Response training and testing
Assisted ISSO’s throughout the A& A package and provided recommendations based on standards and requirements.
Inscope, Reston, VA (November 2012-May2013)
Duties: IT Security Analyst:
Conduct kick off meetings using the approved IT security framework, FIPS 199/NIST 800-60 to categorize information and information system.
Conduct IT Controls risk assessment to identify system threats, vulnerabilities and risk, and generate reports.
Develop and Conduct Security Assessment Plan as well as the Security Test and Evaluation (ST&E) according to NIST SP 800-53A.
Conducted periodic IT Risk Assessment and Reviewed IA controls for any deficiencies and reported
to the ISSO for appropriate mitigation actions.
Continuously monitored IS Program Management and common controls
Performed assessment base on the COSO and HIPAA Frameworks
EDUCATION
oCalifornia University of Management and Sciences, Anaheim CA 2016 MBA
oUniversity of Ghana, Accra 2012 Bachelor of Arts, Linguistics
OTHER PROFESSONAL EDUCATION AND TRAINING
FISMA Compliance training – January 2014
Security Assessment and Authorization training – October 2015
ISO 27000 series training – September 2016
Security Awareness Training April 2020
CCPA Training June 2019
HIPAA TRAINING 2020
PROFESSIONAL CERTIFICATION
Actively Pursuing to become a Certified Information System Security Professional (CISSP)
REFERENCES
Available upon request