Mercy Afrifa

718-***-****

adv639@r.postjobfree.com, New York

Summary

A highly motivated and dynamic cyber security analyst professional with over 7+years of experience with focus on the federal information security management acKnowledgeable in multiple areas of technology, with hands-on experience and technical expertise across all Information Security domainst, (Fisma) compliance, NIST cyber security risk management framework (rmf), system security monitoring and auditing, risk assessments, security control assessment (sca) and developing security policies and procedures with reference to NIST standards and guidelines, constantly seeking growth opportunities. Software/Platform/Artifacts:

• Ms office suite, power point, visio, sharepoint,, Microsoft office Outlook,, Egnyte Wand platform VMS platform excel, access, windows fips199, e-authentication, Saas,Paas,, pia,, ssp, cp, cipt, st&e, sar, poa&m, ato, 800-53a, isa, mou, emass, c&a.ISO27001, NIST CSF, FAIR, SSAE16/18, CSA, CIS Top 20, OWASP Top 10,COBIT, GTAG.

Cybersecurity Training

• Emass. Enterprise mission assurance support service

• Poa&m training

• Hipaa & privacy act training.

• Cyber awareness challenge v4.0

• Force protection.

• Network technology

• Risk management framework

• National institute of technology guidelines publications . Audit and compliance

. Privacy Act.

. FISMA

Professional Experiences:

ASAP

July 2022- present

IT Risk and Compliance Analyst

Experience in PCI-DSS,SOX AWS Environment,Tenable vulnerability,Confluence,Jira ticket support, Authomize Slack as well as Google platform and More.

•Working very closely with the Director of Information Security,as well as other departments in my organization.

•I stay current on relevant compliance frameworks

• contributed in implementing new compliance requirements or processes via our internal change management plan

Maintain and update compliance documentation

• I escalated the audit information to relevant teams.

• Serve as the primary point of contact for internal and 3rd party compliance teams.

• Respond to audit findings, questions, and gather supporting evidence.

•Ability to review, update, and create technical documentation.

•Being the key person in ASAP completing its PCI-DSS and SOX compliances.

• Working with Multiple Auditors on each Project

• Work with the existing infrastructure and Engineering team to ensure all security policies and procedures are implemented.Monitor the systems for vulnerabilities Advanced problem solving and analytical skills.

•Making sure all our compliance training are up to date with all employees required.

•Going over HR training and onboarding Processes to make sure necessary policies are implemented.

• I write and review my organization policies in Confluences. PRO- Unlimited /Right sourcing

March 2022-July,2022

Infosec and compliance Analyst

•Worked closely with the compliance and Audi manager on preparing vendor assessment questionnaires .Assist in ISO,PWC,SOC 1,2 C5 Audit

•Facilitated in MITRE ATT&CK framework, CIS Benchmarks, as well as DISA STIGs..

•contributed in preparation for internal Audit Readiness Assist the team with Client RFP and Client Vendor Risk Management Responses

•contributed to the development of the Information Security plan (ISP) and performing gap analyses.

• Audit remediation validation for compliance to security policies/standards

• Evaluation of security risk assessments and gap analysis

• Updating/developing policies, procedures, controls, etc.

• Creating policy compliance procedures including compliance measurement reports/dashboard

• contributed in the Implementation of the various security tools

• Developing and maintaining a compliance recordkeeping system.

• Basic Knowledge of Network technologies: Operating Systems: UNIX, Linux, Windows: People Soft and Oracle Database.

• contributed with vulnerability assessment management and Penetration Testing reporting. ISO 27001 and gap assessments.

Work with the existing infrastructure team to ensure all security policies and procedures are implemented Monitor the systems for vulnerabilities Advanced problem solving and analytical skills

•Provide Information Security subject matter expertise to General Counsel Organization, Third Party Lifecycle Management, Global Procurement, and Global Business Units organizations for the inclusion of Information Security and IT Risk requirements into third party supplier and non-supplier contracts

Bronxcare Hospital Center, Bronx, Ny

Jan 2017- Dec 2021

Sr. Information Security Analyst

• A good working knowledge of the entire risk management framework (rmf) processes and use of NIST 800-series sps: 18, 37r1, 137, 53ar4, 60 vol 1&2, fips 199, publications and standards.

• In-depth ability and proficiency in creating, reviewing, and updating security artifacts and documentation such as ssp, poa&m, pia and pta.

• Excellent communication, customer service, analytic, problem solving, writing/documentation, time management and interpersonal skills.

. Experience developing and documenting business process improvement documentation, gap analyses, and risk management artifacts.

• Experienced in vulnerability scanning and penetration testing tools (Nessus) as well as poa&m automated tracking tools.

• Extensive knowledge of categorizing information systems (using fips 199 and NIST sp 800-60 vol 2 rev 1 as a guide)

• Creating, updating, and revising system security plans, contingency plans, incident reports and plan of action & milestones (poa & ms).

• Generating, reviewing, and updating system security plans (ssp) against NIST 800-18 and NIST 800 53 requirements

• Participating in internal and external audits based on HIPAA, HITECH, FISMA, FERPA,PCI DDS,SOX .

CIS, COBIT,, OWASP) and computing environments.

•Knowledge on Aws security services and Networking services Aws inspector,VPC,AIM and direct connect

• Selecting and implementing applicable security controls (technical, operational and management) using NIST sp 800-53 rev 4 as a guide.

• Highly effective team player, quick learner, very dependable, proactive, with an adept attention to detail and ability to work under pressure to meet deadlines.

• Assist customers with identifying, defining, and implementing cybersecurity strategies, policies, tactics, techniques, and procedures

• Experienced in performing ongoing authorizations aligned to NIST sp 800-53 and 800-137

. Experience directly related to privacy and security operations, including enforcement of the Privacy Act and Federal Information Management Security Act.

. Experience communicating privacy risks and mitigations to system owners and administrators.

• Reported and maintained architecture, policies, and compliance, identified and documented vulnerabilities,

system status; maintained records of incidents, hardware/software, etc.

• Managing and maintaining a campus information security plan, and providing oversight of campus compliance

with information security laws, policies, rules, and regulations like ( HIPAA, FISMA etc).

• Monthly reporting of vulnerability and patch management operations.

• Develop report after audit findings, remediation, gap analysis and a corrective action plan in accordance with

the organization's policy.

• Conducted Security Risk Assessment on all new applications, IT Systems or changes to existing IT systems to

verify if they satisfy established security baseline before adoption into Corporate Regional offices and assisted

management in authorizing the IT Systems.

• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems

• Perform vulnerability/risk assessment analyses to support a&a activities Choice consulting llc (inten)

New York, NY Jun 2015 –Dec 2016

Information Security Analyst

• Assisted in the development of an information security continuous monitoring strategy to help in maintaining an ongoing awareness of information security (ensured continued effectiveness of all security controls)

• Conducted security control assessments to assess the adequacy of management, operational privacy, and technical security controls implemented. Security assessment reports (sar) were developed detailing the results of the assessment along with plan of action and milestones

(poa&m)

• Engage in gap analysis remediation, development of corrective action plan and develop report after security assessment

• Perform internal security assessments with focus on existing and new systems for business units

• Develop report after audit findings, remediation, gap analysis and a corrective action plan in accordance with

the organization's policy.

Certifications and Education

• University of science and Technology B.S Computer science - 2011-2015

• CompTIA security + CE

•Certified cisco network associate- CCNA

• Scrum master certification

•Certified Information system Auditor-CISA

•Certified information security Manager CISM

Contact this candidate