BARIMAH A. BOAFO

**** ****** *****, ********, **** 43219,

929-***-**** adulgh@r.postjobfree.com

OBJECTIVE

An experienced Information Assurance Analyst with experience in managing and protecting enterprise information systems, networks, operational processes through the Security Assessment & Authorization (SA&A) process in pursuit of information system authorization. Also, possess the skill set to develop and implement information security policies, identify, report, and resolve security violations as relate to infrastructure technologies and functionalities with proven ability to utilize industry-standards/frameworks (not limited to NIST, RMF, FISMA, FedRAMP) to maximize efficiency and maintain continual effectiveness in a rapidly evolving industry.

CORE PROFICIENCIES

Assessment and Authorization (A&A) process

Plan of Action and Milestones (POA&M) Management

System Documentation (SSP, CP, CM, PTA)

Security Control Assessments (SAP & SAR)

Information Security Continuous Monitoring (ISCM)

Vulnerability Management (ACAS)

TOOLS

Microsoft Office (Word, Excel, PowerPoint)

GRC Tools (eMASS pilot)

Vulnerability Tool (ACAS, Nessus)

SCAP, DISA STIG Viewer

SharePoint

PROFESSIONAL EXPERIENCE

CyberVision Technologies, LLC 01/2020 - Current

Information Assurance Analyst

Work with system stakeholders to develop and update A&A documentation for assigned systems in accordance with FISMA and other regulatory requirements

Conduct security test and evaluated (ST&Es) and developed supporting documentation of test results

Perform security control assessments (SCA) for systems to determine their effectiveness using NIST SP 800-53A Rev4 (Examine, Interview, and Test).

Document and finalize Security Assessment Report (SAR)

Help to develop and maintain ATO packages such the System Security Plans (SSP), Security Assessment Reports (SAR), and POA&Ms

Provide continuous monitoring support for assigned systems to maintain the ATO status

Manage Plan of Action and Milestones (POA&M) for identified vulnerabilities to ensure timely remediation actions in compliance with FISMA requirements

Review Artifacts to verify and validate security controls implementation statements

Priority Dispatch. 07/2016 - 01/2020

Cybersecurity Analyst

Create standard templates for required security assessment and authorization documents

Provided subject matter expertise with the development of security policy documentation that follows Federal Information Security Management (FISMA) requirements, and National Institute of Standards and Technology (NIST)

Conducted risk assessments regularly; ensured measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37

Conduct security assessments by reviewing System Security Plan (SSP) to create Kick-Off presentation slides

Assessed security controls in accordance with assessment procedures defined in the Security Assessment Plan (SAP) through examination, interviews, and testing

Prepared and delivered oral IA-focused presentations to technical and non-technical groups

Conducted regular penetration testing on systems to determine the weakness in the infrastructure (hardware), application (software) and people to develop controls

Performed Vulnerability Assessment to make sure that risks are assessed, evaluated and proper actions been taken to limit their impact on the Information and Information Systems

EDUCATION

Per Scholas 2021

Cyber Security Boot Camp (Networking, FISMA RMF, & Security)

University of Sunyani, Ghana 2010

Bachelor Of Science

TRAINING & CERTIFICATIONS

CompTIA Security+

CISA – Certified Information Security Manager (pending)

Clearance: ELIGIBLE

Contact this candidate