Post Job Free
Sign in

Security Analyst Officer

Location:
Washington, DC
Posted:
August 04, 2022

Contact this candidate

Resume:

Ernest Acquah Clearance: Active Secret

Phone: 202-***-**** Email: ******.*******@*******.***

ISSO/Security Control Assessor (SCA) Cybersecurity Analyst

Dedicated and detail-oriented IT Security Analyst with over five (5) years of experience in Cybersecurity, Risk Assessments/Audits, and mitigation. Experienced in identifying and remediating vulnerabilities, eliminating critical control gaps, and driving strategic security initiatives. Collaborative team player and natural leader with proven success coaching junior analysts, meeting tight deadlines, and establishing improved processes.

CORE STRENGTHS

Information Security Risk Analysis & Remediation Security Controls Assessments Compliance

Plans of Action and Milestones (POA&Ms) Vendor Partnerships Security Awareness Documentation

Team Leadership Security Artifacts SDLC Vulnerability Scans & Tests Stakeholder Engagement Governance System Administration Coaching/Mentoring Reporting

EDUCATION & PROFESSIONAL TRAINING

Master of Science, Cybersecurity, and Information Assurance Western Governors University (WGU) Utah, USA.

Bachelor of Business Administration, Institute of Professional Studies (IPS) Accra, Ghana.

Certified Information Security Auditor (CISA)

CompTIA Security+

HIPAA Awareness Certificate

PROFESSIONAL EXPERIENCE

SYNERGYBIS US COAST GUARD (USCG) Kearneysville WV September 2021 – Present.

Information Security Analyst

Supporting the APLES contract with the USCG in developing a testing method and procedures to meet STIG requirements for the system.

Lead the LOE team to meet critical deadlines by extracting data from PBI into LOE template, finalizing application scans, and generating executive summary of findings.

Lead the team to establish requirements and LOE effort estimation by meeting critical deadlines and remediating documentation findings.

Supports the APLES with United States Coastal Guard to conduct System Analysis, changes, and testing as part of the CAC Modernization effort and PIV implementation.

Provide support to plan, coordinate, and implement the organization’s information security.

Use DoD Assured Compliance Assessment (ACAS) scan vulnerabilities result to conduct assessment with proficient understanding and interpreting the scan results.

Collaborates with tech writers in updating system documentations (SSP, TRG, and DSMP’s) after assessments and as part of the remediation processes.

Understand and interpret different security controls.

Review application architecture and technology stack including COTS and GOTS platform assess security vulnerabilities.

Assess application, web, and database security compliance with DoD STIG and IAVA standard.

Uses DoD Assured Compliance Assessment (ACAS) to scan vulnerabilities and utilizes results to conduct assessment with proficient understanding and interpreting the scan results.

Review application architecture and technology stack including COTS and GOTS platform to assess security vulnerabilities.

Assist in supporting the System ISSMs with managing and updating cybersecurity information to include verifying artifacts are properly documented in eMASS.

Provide security finding assessment report, resolution implementation plan, and level of effort.

Identify and propose security finding remediation solutions.

Works with remediation team to strategize remediation plan for POAM and STIG findings.

Conducts functional testing and smoke testing on systems as part of remediation efforts.

Perform risk analysis which also includes Risk Assessment.

Complete pertinent security and Information Assurance documentation.

Assist in the development of an Information Security Continuous Monitoring Strategy to help maintaining an ongoing awareness of Information Security (ensuring continued effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions.

Kastel System Links LLC. CENTER FOR MEDICARE AND MEDICAID SERVICES (CMS) Baltimore MD September 2019 – August 2021.

Information System Security Officer

Develop supplemental security documentation, such as Configuration Management Plans (CMP) and Contingency Plans (CPs).

Participate in information-system authorization briefings and associated meetings to review the assessment results.

Support the development of Plans of Action and Milestones (POA&Ms), documenting corrective action plans for remediation identified security control deficiencies.

Review and validate the Security Authorization Package/Authorization to Operate Package (SAP/ATO), which includes, the SSP, Risk Assessment Report (RAR), Security Assessment Report (SAR), POA&M Status Report, Privacy Threshold Assessment (PTA), Privacy Impact Analysis (PIA), E-Authentication Threshold Analysis (ETA), E-Authentication Risk Assessment (ERA), Request for Authorization to Operate, and Authorization Decision Letter.

Address questions from System Owners, Authorizing Officials, and other information-system stakeholders about the SAP.

Generate underlying data for the reports and to export cleaned data from Excel Spreadsheets, Text file, MS Access, and CSV files.

Develop/update the SSP and other relevant security documentation such as the CMP, CP, Baseline Configuration, POA&M Status Reports, ETA, ERA, and Memoranda of Understanding/Interconnection Security Agreements (MOUs/ISAs).

Maintain and update all security-related documentation during the Continuous Monitoring period. This shall include, but is not limited to, the CMP, CP, Baseline Configuration, SSP, POA&M Report, PTA, PIA, ETA, ERA, Memoranda of Understanding/Interconnection Security Agreements (MOUs/ISAs), and any system-specific policies and procedures.

Participate in and/or support the annual Contingency Plan testing effort and document the results in the Testing, Training, and Exercise (TT&E) After-Action Report (AAR), and Information Security Continuous Monitoring.

Identify events or circumstances in a variety of systems (application, hardware, infrastructure) that can introduce risk to the organization.

Flash Tech, LLC NATIONAL INSTITUTE OF HEALTH (NIH), Bethesda MD. July 2016 – August 2019.

Security Control Assessor (SCA)

Led compliance teams performing assessments to monitor HIPAA compliance for the National Institute of Health (NIH).

Facilitated cloud implementations and migrations. Directed assessment remediation, validation, and collation of security artifacts to ensure successful implementation of security and privacy controls. Served as a subject matter expert (SME) for HIPAA and NIST control requirements.

Assist the Medical devices development program team by giving them expert advice and recommendations on how to map out HIPAA recommendations to NIST controls, develop SSPs and IRPs for medical devices to make them HIPAA compliant.

Led kick-off meeting and assisted System Owners, Security Staff and Stakeholders in understanding Authorization and Assessment (A&A) documentation and reporting requirements.

Scheduled kick-off meetings with system owners to help identify assessment scope, system boundary, the information system’s category and attain any artifacts needed in conducting the assessment.

Develop Security Assessment Plans (SAPs) and conduct assessment of security control selections on various impact level systems to ensure compliance with the NIST SP 80053A.

Reviewed A & A templates and deliverables created to ensure completeness and accuracy for both cloud and traditional systems.

Performed POA&M oversight and Audit Remediation initiatives across the infrastructure and information systems to satisfy compliance requirements by NIST and FEDRAMP and FISMA requirements.

Worked directly with Subject Matter Experts through the A & A process to resolve issues and answer questions related to all aspects of the RMF process.

Participated in continuous monitoring activities and created Continuous Monitoring reports per FISMA requirements.

Ensured information systems security documentation templates (e.g., System Boundary development, System Security Plan (SSP), Contingency Plan, Contingency Plan Test, Business Impact Analysis) remained up to date to align with NIST updates and changes.

Performed Information Technology General Controls audit, SOX compliance, IT control risk assessments & business process reviews.

Conduct security control interview meeting and artifact gathering meeting with various stakeholders using assessment methods of interview, examination, and testing.

Documented assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.

Performed POA&M oversight and Audit Remediation initiatives across the infrastructure and information systems to satisfy compliance requirements by NIST and FEDRAMP and FISMA requirements.

Review A&A package using NIST guidance for FISMA compliance such as the FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT).

Perform security control and vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool such as CSAM.

Participated in continuous monitoring activities and created Continuous Monitoring reports per FISMA requirements.

Ensured information systems security documentation templates (e.g., System Boundary development, System Security Plan (SSP), Contingency Plan, Contingency Plan Test, Business Impact Analysis) remained up to date to align with NIST updates and changes.

Performed Information Technology General Controls audit, SOX compliance, IT control risk assessments & business process reviews.



Contact this candidate