Assurance Analyst Customer Service
Resume:
DAVID AMOO ADU
RMF INFORMATION ASSURANCE ANALYST
CONTACT
EMAIL:
***********@*****.***
PHONE:
ADDRESS:
20136
EDUCATION.
Bachelor’s Degree in Information
Technology. Cape Coast, ( Ghana)
September 1997-jun.2001.
ADDITIONAL SKILLS
FISMA andFEDRAMP compliance
security controls and
operations,system security
plan,POA&M,Vulnerability
Management/remediation,NIST SP
800-53,SP 800-53A SP800-
37,SP800-34,SP800-
60,FIPS199,FIPS200 share point
and visio.
Written Communication, oral
communication. Meetings.
DOD eMASS, Nessus Scan,
MCCAST.
Microsoft word, outlook.
LICENSES AND
CERTIFICATIONS
CompTIA Security +CE
Certified Authorization
professional(CAP )
Active Secret Clearance.
CAREER OBJECTIVE
Adaptable professional with 9 years of experience and a proven knowledge of IT/IS. Aiming to leverage my skills to successfully fill the RMF INFORMATION ASSURANCE ANALYST role at your company. PROFESSIONAL EXPERIENCE
Cyber Information Assurance Analyst.
kaiser Permanante., Mcclean, VA / Jan 2016 – Present
• Develops and completes security assessment plans based on NIST SP800-53A.
• Periodically communicate control weaknesses to stakeholders via email and meetings.
• prepares risk assessment reports and provides to the recommendations to the client.
• Manages POA&M for accuracy and currency.
• Assists with contract and vendor management issues directly related to security.
• Create and update system security plan and conduct an Annual Self
-Assessment.
• Ensure management,operational and technical controls for securing either sensitive security systems or IT systems are in place and are followed according to federal guidelines(NIST 800-53).
• Take appropriate steps to implement information security requirement for IT system throughout life cycle;from the requirement definition phase through disposal.
• Supporting systems Test and Evaluation(ST&E)efforts and other support to the IT security office.
• Develop and implement information assurance standards and procedures.
• Contribute to kick off meeting with system owners, ISSO, and engineers to provide support in projects deliverables.
• Ensure incorporation of security activities in all ongoing projects and determine security impact of new releases, while collaborating with projects managers.
• Deliver exceptional assistance to systems test and evaluation (ST&E) efforts and monitor IT systems security Office for data integrity and consistency.
• Perform Categorization and classification of a system using NIST SP 800-60 VOL 1 and FIPS 199 as my guide base on the CIA Triad, Confidentiality, integrity and Availability of the system policy and procedures.
• Work with my system engineers and developers in implementing controls.
• Test the required security controls monthly and drives the overall A&A life-cycle process in accordance with the system Development Life-cycle.
• Perform Cyber security risk and regulatory compliance assessment.
• Follow up with appropriate personnel to ensure that POA&Ms are remediated in timely manner and reports closed findings to the POA&M Manager.
• Adhere to client security standards and industry best practices.
• Participate in security team meeting and render other support to IT security office, which includes ensuring appropriate steps are taken to implement information security requirements for all IT systems.
• Establish an E-authentication report to provide technical guidance in implementation of electronic authentication.
Cyber Information Assurance Analyst.
• Vertis Communications, Manassas, VA / Nov 2010 – Jan 2016 Reviewed vulnerability reports and submitted plan of action and milestone (POA&M) for certification and accreditation packages.
• Responsible for reviewing and finalizing security control assessment reports(SAR)
• Developed and maintain C&A packages
• Assisted the Authorizing official in the oversight inspection review information systems.
Provided support and recommendations for the organization by help and processes to execute RMF.
• Worked with ISSO to perform continuous monitoring on information system by use of NIST 800-137 to maintain ongoing ATO
• Helped in almost all the steps in RMF and also familiar with scan tools.
• Worked on Vulnerability management and evaluation.
• Met and exceeded system owners and ISSOs requirements by ensuring certification and executing Accreditation(C&A) process.
• Supported management in overseeing vendor management concerns related to security for improving project outcomes and deliverables.
• Completed security assessment report using NIST 800-53a to ensure controls work compliance before security implementation.
• Managed a high volume of email and calls from the client, government and offered quick resolution to provide excellent customer service.
• Prepared security assessment report (SAR) in which all the weaknesses are reported and communicate results to the ISSO/ISO to generate POA&Ms.
• Prepared Security Authorization package (SSP, SAR, and POA&M) to enable the Authorizing official to make risk-based decision to grant or denial the Authorization to operate.
• Identified issues, analyzed information and provided solutions to problems.
• Reviewed violation of computer security procedures and developed mitigation plans.
• Assisted in the development of an information security and continuous monitoring in the company.
• Designed a performance and security monitoring system, risk assessment report incident response, vulnerability assessment and risk mitigation.
• Checked events logs for irregularities, identified regularities are then reported as incidents.
• Conducted time and time risk assessment and reviewed controls for any deficiencies were reported to the ISSO for complete mitigation action.
• Excellent verbal /written communication.
REFERENCE:
Available upon request.
.
Contact this candidate