Post Job Free
Sign in

Security Specialist Analyst

Location:
Houston, TX
Salary:
Negotiable
Posted:
April 04, 2023

Contact this candidate

Resume:

Information Assurance Analyst

William Gyasi Afriyie

347-***-****

****.********@*****.***

Technology Summary

Hands-on experience assessing, developing, and updating security documents/artifacts including but not limited to System Security Plans (SSP), Configuration Management Plans (CMP), Information System Contingency Plans (ISCP), Incident Report Plans (IRP), Business Impact Analysis (BIA), Control Tailoring Workbook (CTW), e-Authentication Risk Assessment, Plan of Action and Milestones (POA&M), Security Assessment Plans (SAP), Security Assessment Reports (SAR), Privacy artifacts in accordance with FedRAMP, NIST and applicable Federal regulations, guidelines, and the best practice for a variety Information Systems.

PROFESSIONAL EMPLOYMENT

USDA (Contractor)

Feb 2021 – Present

Security Analyst

●Conduct independent, extensive evaluations of the administration, functionals, and technical security controls and control enhancements employed within or acquired by an IT system to identify efficiency and effectiveness of NIST based security controls.

●Develop RMF Executive Packages for each Authorization that includes System Security Plans, Security Assessment Reports (SAR), Plans of Actions and Milestones (POA&M), Risk Assessment Reports (RAR), and Authorization Decision Document.

●Develop/review data security policies using data security standards, guidelines, and requirements that include privacy, authentication, access control, retention, disposal, incident management, disaster recovery, and configuration.

●Monitor compliance with cyber security policy, as appropriate, and review the results of such monitoring.

●Evaluate the effectiveness of solutions implemented to provide the required protection of data, including appropriate authenticator management and encryption controls.

●Identify improvement actions through a POA&M based on reviews, assessments, and other data sources.

●Prepare project plans and execute the implementation of RMF for assigned systems, perform control validation activities, initiate the Plan of Actions & Milestones (POA&M), and compile supporting artifacts in Archer.

●Evaluate the effectiveness of solutions implemented to provide the required protection of data, including appropriate authenticator management, encryption controls, and patch and vulnerability management processes.

●Identify improvement actions through a POA&M based on reviews, assessments, and other data sources.

Deloitte (Contractor)

April 2018 -Feb 2022

Information Security Specialist

●Assisted with the implementation and operation of Governance Risk and Compliance (GRC) tools to further improve and automate GRC processes.

●Supported the enterprise Information Security and IT compliance awareness, communication, and education program.

●Assisted with all ongoing compliance activities related to the implementation, maintenance, monitoring, and continuous improvement of the Information Security Management System (ISMS).

●Performed information security assessments such as Third-Party Vendor Assessments, Vulnerability Assessments, and Risk Assessments.

● Help provide input in preparing the Statement of work. (SOW)

● Help Prepare vendor evaluation questionnaire.

● Conduct vendor risk analysis, and qualification activities, including review of vendor evaluation questionnaires and check references.

● Directly works with the vendor to obtain initial qualification and ensure that they adhere to requirements and are compliant with company policy.

●Independently planned, organized and devises approaches necessary to respond to incidents and capture forensics related to each attack type, taking into consideration country and regulatory requirements.

●Help with the Preparation and presentations to stakeholders.

●Help in Preparing PFI and RFP

●Conducted routine reviews of existing procedures (business and technical processes) to identify meaningful cyber, social engineering and internal complicity protection improvements across the organization.

●Developed and maintained documentation for supported policies, processes, and procedures.

●Review invoices from Vendor to ensure that charges are accurate as according to the statement of work. (SOW)

●Able to develop Information Security metrics and report.

●Good critical thinking skills to evaluate alternative options and present solutions.

●coordinates, reviews, and evaluates all aspects of the information life cycle, including data collection, storage and use, retention, and destruction, help to execute governance initiatives such as establishing data governance and compliance.

●Also help with business program management.

Booz Allen (Contractor)

Sept 2016 – Mar 2018

Information Assurance Analyst

●Monitored initial security accreditation of information systems to identify and track any changes.

●Analyzed the impact of those changes, reevaluated, and made appropriate adjustments to the security controls and to the system’s security plan and reported the security status of the system to agency officials.

●Developed System Security documentation, including System Security Plans (SSP), Security Assessment and Reports, (SAR), Contingency Plans, and Plan of Action and Milestones (POA&M) in the RMF.

●Developed test plans, testing procedures and evidence needed to validate the controls using SP 800-53A.

●Developed and maintained secure SDLC processes by leading application security review and testing programs.

●Provided full RMF lifecycle support, including, assistance with system security categorization, system security control selection, tailoring, enhancement, system security control assessments and implementation, artifacts, and continuous monitoring support.

●Conducted risk and vulnerability assessments of systems and implement security configurations utilizing DISA Security Technical Implementation Guides (STIGs) and automated scanning software.

●Participated in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies and disaster recovery plans and procedures.

●Assessed system compliance against NIST and other security requirements to include the NIST 800-53 controls and DISA STIGs/SRGs.

●Produced evidence as necessary to support compliance status of required controls as well as internal risk management procedure documentation.

●Performed cyber risk assessments on enterprise environments, suppliers, and software to identify cybersecurity risks.

●Independently reviewed and analyzed third party COTS and Open-Source code/software for enterprise risk, performing Static Code Analysis scans and analysis and investigating code vulnerabilities.

●Analyzed vulnerability scans of information systems and assisted in remediation tasks.

●Able to use Microsoft tools, Teams, Word, Excel, PowerPoint, Outlook,

EDUCATION AND PROFESSIONAL CERTIFICATIONS

●Kwame Nkrumah University of Science Technology, Ghana

BSc. Business Administration

●CompTIA Security+

●ISACA Certified Information Systems Manager (CISM), In Progress



Contact this candidate