Information Security Officer
Resume:
SUMMARY
Demonstrated knowledge preparing guidance related to Cybersecurity best practices within the framework of NIST publication series, RMF and the various control families. I have over 6 years of experience in Security Assessment and Authorization (SA&A) professional in the Risk Management Framework (RMF) process, Systems Development Life Cycle (SDLC), security life cycle and vulnerability management using FISMA, OMB, HIPAA and applicable HITRUST standards. Specialized in providing IT security expertise and guidance in support of security assessments and continues monitoring for government (FISMA & NIST) and commercial clients. Well-versed in direct and remote analysis with strong critical thinking communication and people skills. Conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and recommends appropriate mitigation countermeasures in operational and nonoperational situations.
EXPERIENCE
Tantus Technologies Inc July 2019 - Present
Cyber Security Analyst
Determines security categorizations using the FIPS 199 and SP 800 60 as a guide in the risk management framework
Performs Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders
On an on-going basis, coordinates with business process owners to ensure timely identification and remediation of jointly owned risk related issues and action plans (POA&M)
Assists System Owners and ISSOs through Security Assessment and Authorization (SA&A) Process, ensuring that operational, management and technical controls securing sensitive Security Systems are in place and being followed according to the Federal Guidelines (NIST SP 800-53)
Organizes and participates in kick-off meetings with CISO and system stakeholders prior to assessment engagement
Identifies and advises on major security incidents, which could impact day-to-day services and operations
Performs security testing and analyzes results to identify vulnerabilities and violations of information security work to determine strategies and takes measures to mitigate risk
Prepares documentation and review System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Miles tones (POA&M), Authorization letter/memorandum (ATO)
Functional knowledge of incident response, proper handling of forensic data, and the ability to provide meaningful recommendations for remediation and attack prevention
Have experience reviewing and analyzing raw log files (e.g. firewall, network flow, IDS, system logs) and performs data correlation
Performs real-time and proactive analysis on various data sources, such as anti-virus logs, firewall logs, IDS and IPS data, event logs, and other host based and network-based artifacts
Protects enterprise systems and information by promptly responding to security threats and incidents, acting individually and as part of a team to resolve issues
Proactively hunts for threats and enacts identification, containment, and eradication measures while supporting recovery efforts
Collects and analyzes event information and performs threat or target analysis duties.
Interprets, analyzes, and reports all events and anomalies in accordance with cyber security related directives, including initiating, responding, and reporting discovered events
Coordinates with key stakeholders & management on aligning risks, issues, incidents and assist with investigations across the enterprise
Assesses & implements new technologies in Cybersecurity analytics and reviews existing technology for capabilities and limitations
Sabre Systems Inc, Lexington Park, MD January 2016 - June 2019
Information Security Analyst
Reviewed and updated existing information security policy, standards, and procedures based on federal and departmental regulations
Managed Security & Accreditation Packages
Plannned and conducted security authorization reviews and assurance case development for initial installation of systems and networks
Reviewed authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network
Performed security reviews and identified security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
Provided input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials)
Ensured that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc
Coordinated and oversaw agency security assessment and authorization (SA&A) activities—to include managing authorization to operate (ATO) efforts, tracked/reported status of ATOs, and updated system security plans
Coordinated with external information security auditors and assessors (i.e., FISMA, pen tests, etc.) to provide requested artifacts and security control information; attended meetings and provided regular status reports on audit/assessment activities
Coordinated and oversaw agency plan of action & milestone (POAM) activities—to include tracking POAM remediation efforts and reported POAM statuses; conducted regular meetings with system owners and technical POC’s to review POAM remediation progress
Reviewed proposed system requirements, design, and architecture documents to identify potential security issues in agency cloud environments, information systems, and applications
Home Health Aide, NJ Aug 2010 – Dec 2015
Care Giver
Established long-term relationships with existing and new Wells Fargo high value customers, ensure retention, and provide excellent service in all customer interactions
Administered medications to clients
Assisted clients with ambulation and mobility around the house or outside (doctor’s appointments, walks etc.)
Assisted clients with personal care and hygiene
Helped clients with physical therapy exercises
Performed light housekeeping duties that clients can’t complete on their own
Reported any unusual incidents
Acted quickly and responsibly in cases of emergency
Participated in the planning and evaluation of patient needs based on patient behaviors
Provided direct patient care services in accordance with the treatment plan and under the direction of a professional nurse
Assisted with providing a safe and therapeutic environment according to established policies and procedures
Wrote comprehensive reports and presentations daily
Global Media Alliance, Accra, Ghana Feb 2008 - July 2010
News Reporter
Gathered and verified factual information regarding a specific story through interview, observation, and research
Monitored the news daily to keep abreast of issues that needed to be covered, and saw that no pertinent news was missed
Attended press conference and asked questions to important personalities
Gave importance to the two sides of a story and not biased
Gave live reports from site of event or mobile broadcast unit
Assisted in editing, vidoes for broadcasting
Cooperated well with the news team
EDUCATION & CERTIFICATION
GHANA TECHNOLOGY UNIVERSITY, Accra, Ghana
Computer Science, May 2007
Certified Information Security Manager (CISM): In Progress
CompTIA Security + Certification: In progress
SKILLS AND TOOLS
Working knowledge of NIST 800 Series publications, HIPAA, ISO 2700, HITRUST, IT Infrastructure & Network Protocols, Assessment and Authorization, Security Control Testing, Vulnerability Scanning, Sans-20 Security Standards, Ability to generate residual risk reports and POA&M Risk Management Framework, OMB, POA&M, Microsoft Office Suite (Word, excel, PowerPoint), XACTA, CSAM, RiskVision, etc.
REFERENCES
Will be provided upon request
Contact this candidate