Henry Koomson
Phone: 817-***-****
Email: *******@*****.***
UNITED STATE CITIZEN
SUMMARY OF QUALIFIFCATIONS
An IT Security Analyst and NIST 800-53 Control assessor with enormous years of combined experience in Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standards and Technology (NIST), Risk Management Framework (RMF) processes, Risk Assessment (RA), System Development Life Cycle (SDLC), as well as Contingency planning. Thorough understanding of NIST 800-53 Rev 4 and 5 security controls. Audit projects including Security Audit, RMF, COBIT, PCI DSS, HIPAA, SAS 70 SSAE 16/SOC and SSAE18. Knowledge of the process to obtain a system ATO and requirements to maintain the ATO. An IT professional with experience in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, as well as risk assessment. Understanding of information technology concepts, cloud computing models (PaaS, SaaS, IaaS).
CYBER SECURITY TRAINING/SKILLS/STANDARDS/SOFTWARE
NIST Guidelines Publications Certification and Accreditation (C&A) Assessment and Authorization (A&A) HIPAA & PRIVACY ACT training. PCI DSS ISO 27001 IT Security Compliance Vulnerability Assessment Network Vulnerability Scanning Information Assurance System Risk Assessment System Development Life Cycle Nessus Vulnerability Scanner ACAS HBSS SCAP Splunk SharePoint Nexpose LAN WAN NIST SP 800-53 SP 800-53A SP 800-37 NIST SP 800-171 FIPS FISMA FedRAMP Risk Management Framework (RMF) FIPS-199 PTA PIA SSP CP SAR POA&M ATO ISA, MOU/A IDS IPS Windows Archer Linux Microsoft Office NISPOM.
SKILLS & QUALITIES.
Strong attention to details, Team builder and player, Good interpersonal communication skills, Results-oriented, Initiative and Creativity, Fast Learner, and Ability to adapt, Critical Thinking, integrity, multi-tasking, strong organizational skills, time management and organizational skills, Interpersonal skills, Strong problem solving, decision-making, reporting, communication, and management skills.
ACTIVE CERTIFICATIONS:
• CompTIA Security+ Ce
EDUCATION
UNIVERSITY OF CAPE COAST, Ghana August 2004 - July 2008
Bachelor of Science, Computer Science
PROFESSIONAL EXPERIENCE
TechFlow Consulting LLC. June 2018 - Present
Information System Security Officer
• Develop solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP).
• Perform assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.
• Maintains and manages Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, SAR, and other relevant security documentations for the system.
• Performs risk assessments, develops, and recommends mitigating controls, and remains abreast of advancements that address emerging business and environmental factors impacting assurance levels.
• Work with IT Controls Manager to improve efficiency and effectiveness of IT audit testing procedures, processes, and attributes.
• Provide security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis – analyzing current threats to information security and systems.
• Execute on day-to-day deliverables that support the ongoing compliance needs related to, PCI, IT policy, compliance, and risk, as well as any new regulatory requirements.
• Develop/Review deliverables associated with a FedRAMP security authorization package including, but not limited to: System Security Plan, Information System Contingency Plan, Security Assessment Plan, Security Assessment Report.
• Review for accuracy Security Control Assessment (SCA) documentation, including but not limited to the Security Assessment Report (SAR).
• Performing ongoing RMF/A&A/ATO projects in support of client security systems using NIST SP 800-37 Rev 1 as a guide.
• Ensure compliance with data security policies and relevant legal and regulatory requirements in accordance with agency directives and applicable Risk Management Framework (RMF) requirements.
• Review Nessus and Nexpose scan reports for deficiencies and remediation of findings.
• Participates in the System Assessment and Authorization process by working with the key stakeholders to ensure complete and accurate ATO packages.
• Validated system requirements, security policies and procedures, contingency plans, incident response plans, personnel security, access control mechanisms and identification and authentication mechanisms.
Texas Health April 2014 – May 2018
Senior Risk Assessor
• Assessing and monitoring compliance to our information security policies and procedures across the enterprise.
• Oversee, evaluate, and support the documentation, validation, and accreditation processes necessary to ensure new and existing information technology (IT) systems meet the organization's information assurance (IA) and security requirements.
• Ensures appropriate treatment of risk, compliance, and monitoring assurance from internal and external perspectives.
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network
• Develop and Implement information assurance independent audit processes for application software/networks/systems and oversee ongoing independent audits to ensure that operational processes and procedures are in compliance with organizational and mandatory IA requirements and accurately followed by Systems Administrators and other cybersecurity staff when performing their day-to-day activities.
• Develop Methods to monitor and measure risk, compliance, and assurance efforts.
• Perform validation steps, comparing actual results with expected results and analyze the differences to identify impact and risks.
• Monitor and evaluate a systems' compliance with information technology I t security, resilience, and dependability requirements.
• Maintain information systems assurance and accreditation materials.
• Prepared, executed, and reported on audit of subset of NIST SP 800-53 cybersecurity controls to include interview, document review, and testing of systems to support compliance audit activities.
• Knowledgeable on NIST Cybersecurity Framework and how the Identify, Protect, Detect, Respond, and Recover categories comprise and facilitate an information security program
• Developed concise, tailored cybersecurity awareness content, improving targeted end-user base cyber hygiene.