Abigail Nana Afful
Bronx NY I****
adt0la@r.postjobfree.com
Professional Summary
Practical experience regarding compliance with FedRAMP and Meaningful use of NIST guidelines SP 800-53 rev4, ISO 27000 series, SOX, FIPS 199&200, FISMA, FEDRAMP, NIST family of security controls and POA&M. Experience in IT security compliance work, including demonstrated experience by documenting policy and IT security artifacts in accordance with NIST. Expert in Project management of Security Assurance projects including gap analysis and security risk assessments of health plans, hospitals and practice facilities which assure compliance and mitigate risks. Certification and Accreditation (C&A), Risk Management Framework, Authorization to Operate (ATO) documentation, Security control assessment (SCA), Incident Response Planning, Contingency Planning, Disaster Recovery Planning, Privacy Impact Analysis, PTA, SORN, MOU/ISA, Change Management.
Education
University of Legon
BS in business Administration
Certification
Comptia Security+
CISA
AWS solutions architect
PROFESSIONAL TRAINING:
Information System Security Training
CompTIA Security+ Training
ISO 27001 Training
CMMC Training
AWS solutions architect Training
PCI -DSS Training
Professional Experience
MILDEN SYSTEM LLC
Information Security Analyst 06/2018 - Present
Conducted walk-through, formulated test plans and testing procedures, document gaps, test results, and exceptions and develop remediation plans for each area of testing
NIST 800-37 risk management framework—categorize systems, privacy impact assessments, security impact assessments, interconnection security agreements, risk assessments, waivers.
In depth experience in security incident response and management including analysis of events, review of suspected malicious activity, identification of Indicators of compromise and providing guidance on resolution and remediation activities
Executed technical risk assessments, advise business and IT leaders on risk of initiatives
Defined and executed Third Party / Vendor Information Security Risk Assessment programs
Supported organization’s Business Continuity Plan (BCP) and Disaster Recovery (DR) processes by evaluating resilience, recovery capabilities and risks inherent in their IT infrastructures for strategic purposes based on ISO 27001 and NIST Special Publications 800-34 series
Participated in POA&M remediation by evaluating policies, procedures, security scan results, and system settings to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, continuous monitoring, and FISCAM audits.
Performed assessments, POA&M remediation and document creation using ISO 27001 and NIST SP 800-53A rev4.
Conducted PCI compliance testing to verify corporate PCI security controls meet the latest PCI DSS requirements.
Executed the system HIPAA Security Compliance Program, including perform assessments of new and existing application systems, and provide monitoring of remediation efforts by the business units.
Assisted ISSOs in creating solutions to weaknesses based on system functionality and pre-existing architecture.
Oversaw the preparation of a Comprehensive and Executive Certification & Accreditation (C&A) packages for approval of an Authorization to Operate (ATO)
Ensured all weaknesses discovered during assessment of security controls are completed and tested in timely fashion to meet client deadlines.
Interfaced with IT operators and network engineers to mitigate system vulnerabilities discovered in network devices.
Developed and Conducted Security Test and Evaluation (ST&E) according to NIST SP 800-53A.
Developed Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action & Milestones (POAM).
Created standard templates for required security assessment and authorization documents; Risk Assessment (RA), System Security Plan (SSP), Contingency Plan (CP) and Security Plan (SP).
Involved in third party contract evaluation, Review information security accreditation request.
Conducted periodic IT Risk Assessment and Reviewed IA controls for any deficiencies and reported to the ISSO for appropriate mitigation actions.
Assisted in the development of an information security continuous monitoring strategy.
Worked with the Engagement Team to identify and resolve client issues discovered during the Audit and Review Process.
Tested and documented key SOX and IT General controls leveraging a defined process compliance monitoring process.
AQSOLUTION LLC
Cybersecurity Assurance Specialist 05/2018 - 11/2017
Performed comprehensive Security Controls Assessments (SCA) and wrote reviews of management, operational and technical security controls for audited applications and systems.
Oversaw auditors to identify IT related risk throughout development phases. Areas include networks, operating systems, databases, security and disaster recovery.
Performed general controls oversight and review to verify compliance with SOX provisions and professional standards.
Ensured audit tasks are completed accurately and within established timeframes.
Identified and evaluated risks during review and analysis of the System Development Life Cycle (SDLC), including design, testing/QA, and implementation of systems and upgrades.
Lead and facilitate meetings with system stakeholders and technical personnel to categorize systems, define system boundaries, and establish and maintain information security standards and procedures in compliance with information security and risk management policies, standards, and guidelines
Prepared audit scopes, reported findings and presented recommendations for improving data integrity and operations.
Conducted IT controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with Payment Card Industry Data security Standard.
Conducted security control assessments to assess the adequacy of management, operational privacy, and technical security controls implemented. Security Assessment Reports (SAR) were developed detailing the results of the assessment along with the Plan of Action and Milestones (POA&M).
Created and updated the following Security Assessment and Authorization (SA&A) artifacts; FIPS 199, Security Test and Evaluations (ST&Es), Risk assessments (RAs), Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, Contingency Plan, Plan of Action and Milestones (POAMs) and evaluated existing documents for correctness and compliance with applicable policies.
Prepared Security Assessment and Authorization (SA&A) packages to ascertain that management, operational and technical security controls adhere to NIST SP 500-53 standards
PACIFIC CYBER SOLUTION LLC
Information Compliance Analyst 06/2016- 03/2018
Support development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.
Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance group.
Plan, execute and lead security audits across an organization related to SOC, ISO 27001 and other compliance initiatives
Highlighting shortcomings in the operation of platform security and compliance processes ensuring they are appropriately addressed
Coordinate efforts for internal and external audits
Using existing firm policies and standards, and applicable industry regulations to plan, maintain, and operate compliance activities
Develops, reviews, prepares and analyzes compliance and assessment documents
Conduct periodic reviews/audits of systems to insure adherence to current procedures and policies by all areas within the firm
Work with business units and IT support staff to design remediation where deficiencies are identified
Perform vulnerability assessments and develop related mitigation strategies
Work with outside consultants as appropriate for independent security audits and/or testing