Serrina Akosah-Yiadom
**************@*****.*** 703-***-****
SUMMARY
Highly experienced, organized and detail-oriented customer specialist consultant professional providing technical support in a business environment. I have excellent oral and written communication skills; I am tactful and effective when it comes to customer communications. I have great work ethics and can evaluate and learn new technologies and apply them effectively. I have experience in fast-paced environments, and I am a dependable and highly productive professional with a track record of exceeding customers’ expectations.
KEY SKILLS
●Vendor/Third party Risk and Compliance Management
●NIST Risk Management Framework
●PCI-DSS/HIPAA/SOC/ISO 27001/NIST 800-53
●FedRAMP
●Continuous Monitoring & Risk Assessment
●Cloud Computing Security
●Risk Assessment & Vulnerability Management
●Cyber Security Policy and Governance
●Project and Team Management
●Cybersecurity Framework
●Information Security Compliance
●Organizational Change Management
●Information Assurance/Certification and Accreditation
●Policy Documentation
●Security Control Development and Assessment
●Conflict Management
CERTIFICATIONS
Certified Authorization Professional (CAP) – In view 2022
TECHNICAL SKILLS
Cloud: AWS
Security Tools: Nessus, WebInspect, Rapid7
Platform: Windows
Tools: JIRA, Confluence, ServiceNow, CSAM, Risk Vision, ZenGRC
Microsoft: Excel, Visio, PowerPoint, Project, Teams
PROFESSIONAL EXPERIENCE:
Information Security Analyst – USPS 2017 – PRESENT
●Developing, reviewing, and updating Information Security System policy documents, System Security Plan (SSP), and Security Assessment Plan (SAP), Security Requirement Traceability Matrix (SRTM), Security Assessment Report (SAR), Security Impact Assessment (SIA), Risk Assessment Report (RAR) and other Security Package artifacts.
●Updating Systems Security Plans, as changes are implemented in the system through established configuration management policies.
●Conducting Security Impact Analysis (SIA) to determine the impacts of proposed system changes to develop additional security design requirements necessary to minimize the impact of proposed system changes.
●Conducting assessment of security controls to assess adequacy of Management, Operational, and Technical Controls implemented in accordance with NIST guidelines.
●Monitoring systems security controls after authorization to ensure continuous compliance with the security requirements.
●Reviewing and updating information system information such as System Security Plans, Contingency Plan, Configuration Management Plan, Security Assessment Reports, Privacy Impact Assessment, Incident Response Plan.
●Engaging with IT managers as a key member of major project teams to ensure security considerations were addressed early and effectively
●Verified completeness of SSP Implementations statements using NIST SP 800-18 and NIST SP 800-53
●Assessing security controls using NIST 800-53A to determine the extent to which controls are implemented correctly, operating as intended, and producing the desired outcome in addition to meeting the security requirements for the system
●Develop and implement security protocols, policies, and procedures, and conduct ongoing audits to ensure compliance.
●Participate in incident response by coordinating and directing multiple subject matter experts internal and external to the organization
●Complete customer security review requests within published timeframes.
●Creating and standardizing operating (SOPs) practices and procedures that ensure audit compliance and standard levels of agreement (SLA)
●Periodically audit and assess the effectiveness of NIST 800-53 security controls implemented within the organization
●Apply PCI, SOC 2, GDPR knowledge to help comply with security policies and regulatory requirements
●Manage annual PCI attestation for the organization
●Work with department heads to ensure appropriate information security policies, standards, procedures, and guidelines are being incorporated across services and infrastructure
●Manage and track remediation of identified risks and vulnerabilities and provide appropriate reporting to all interested parties
●Coordinating the implementation and management of Information Security Management System compliance using frameworks that include ISO 27001, NIST, and other applicable legislation and best practices
●Conducting periodic gap analysis reviews of the internal Information Security program using industry standards.
●Conducting vulnerability management by tracking and addressing weaknesses, as needed.
●Coordinating with POCs to request artifacts to close out POAMs in a timely manner.
●Assisting in enforcing a company-wide security awareness program that is tailored to the needs of specific roles within the organization and is measurable and auditable.
Customer Service Supervisor - USPS 2015 –2017
Supervised 33 Rural routes, 5 City routes, Clerks and PSE’S. I supervise carrier activities, evaluated the daily workload, and made carrier and route assignments.
Coordinated distribution and dispatch of mail.
Established work schedules and allocated work hours to meet service requirements; made assignments based on changes in mail volume and human resource availability.
Analyzed delivery operations and mail flows.
Conducted and oversaw mail counts and inspections.
Analyzed factors such as office practice safety conditions, route layouts and delivery methods to determine if route are laid out properly.
Supervised vehicle maintenance inspection schedules and monitored vehicles to ensure they are road worthy.
Responsible for overseeing vehicle service contracts.
EDUCATION
Jefferson High School. 08/08/2001 – 01/05/2002
Pennsylvania, USA Education: Level: GED
Northern Virginia Community College. 08/04/1998 – 02/18/2000
Annandale, Virginia. USA Education Level: Grad deg/Not completed
Subject: Nursing
References available on demand