Cyber Security Officer
Resume:
BENSON OPOKU BREDU A.S, SEC+,CEH,SMC
NEW YORK,NEW YORK
Email: ********@*****.*** 347-***-****
PROFESSIONAL SUMMARY
Detailed Knowledge of security tools, technologies, and best practices with more emphasis on FISMA compliance and NIST Publications. Over 5 years’ experience in Risk Management Framework and Vulnerabilities Management using FISMA and applicable NIST Standards. Perform Risk Assessment and Compliance reviews to ensure Integrity, Confidentiality, and Availability of system resources. Organized, Solutions-focused, deadline-focused, team oriented, work well independently, or in a team. Specialized in providing guidance in support of security assessments and continuous monitoring for government (FISMA & NIST) and commercial clients.
Education
Hostos College
Associate Science in Information Management System
IT INDUSTRY CERTIFICATION
CompTIA Security+ Ce
Certified Ethical Hacker(CEH)-
Scrum Master Accredited Certification-
CYBER SECURITY TRAINING
Disa Acas
Disa HBSS
eMASS. Enterprise Mission Assurance Support Service
POA&M Training
HIPAA & PRIVACY ACT training.
Cyber Awareness Challenge v4.0
Network Technology
Risk Management Framework
National Institute of Technology Guidelines Publications
Summary of Qualification
●Review the System Security Plan (SSP) using NIST SP 800-18 as a guide
●Participated in FIPS 199 process in which Security Categorization takes place, and selecting the Technical, Operational and Managerial Controls using NIST SP 800-60 guidelines.
●Reviewing and developing of E-Authorization document using NIST 800-37 as a guide
●Ability to develop POA&M (Plan of Action & Milestones) document to take corrective actions resulting from ST&E (System Test & Evaluation)
●Reviewing and developing Risk Assessment (RA) using NIST SP 800-30 guidelines.
●Understanding in IT Security Compliance work, including demonstrated experience documenting/reviewing policy, Plan and Procedures and IT Security artifacts in accordance with NIST.
●Professional knowledge in providing support and guidance to System Owner's through the NIST Risk Management Framework & Systems Assessment and Authorization processes.
●Developing SAP, Security Categorization using 800-61/FIPS 199, selecting of security controls using 800-53/FIP 200
WORKING EXPERIENCE
APEX CONSULTING LLC Information Systems Security Officer, ASHBURN,VA JANUARY 2016 TO JULY 2022
●Categorized the information system using FIPs 199 artifacts and SP 800-60 Rev. 1 vol 2 and nist publication guidelines. Entered information types, system description and overall CIA impact level in eMASS to determine Selected applicable controls and overlays base on the impact level.
●Assisted in drafting Policies & Procedures needed to perform assessment and implementation of the security controls for the site enclave.
● Assisted in drafting “Authorization to Operate” (ATO) packages for new and existing systems.
●Provided subject matter expertise in all cyber security initiatives and help in explaining new guidance.
●drafted documentation needed to announce new cyber security initiatives and participate building and implementing processes surrounding cyber security.
●provideed Cyber security reports to leadership, conduct scans and participate in the process to obtain ATO status for systems determined by leadership.
●Complied with cyber security program implementation plan, and ensured compliance with organization management policies.
●Ensured compliance with data security policies and relevant legal and regulatory requirements in accordance with organization directives and applicable Risk Management Framework (RMF) requirements.
●Ensured appropriate changes and improvement actions are implemented as required.
●Maintained current knowledge of authenticator management for unclassified systems.
●Ensured compliance with protection requirements, control procedures, incident management reporting, remote access requirements, and system management for all systems under scope.
DELOITTE CONSULTANT LLC. Information Assurance Officer,SPRINGFIELD, MA, MAY 2014 TO December 2015.
●Responsible for implementing and enforcing an Information Assurance (IA) program at the organization.
●Ensured all systems and applications are certified and accredited and that RMF packages were processed, reported and coordinated in a timely fashion with the organization.
●Assisted subordinate IAMs to create RMF artifacts and Plans of Actions and Milestones (POA&Ms).
●Developed and reviewed artifacts such as eAuthentication, PTA, PIA, CM Plan, CP Plan, SAR, POA&M, SSP
●Ensured POA&M mitigations and timelines were adhered to and documented any changes that occurred.
●Reviewed status of Information Systems for modifications and assessed the impact to current system accreditation.
●Develop kickoff meeting slides and emails
●Validated system requirements, security policies and procedures, contingency plans, incident response plans, personnel security, access control mechanisms and identification and authentication mechanisms.
●Performed technical assessments to ensure the system or application proposed for accreditation or connection met the classification and sensitivity levels of the systems and applicable policies, regulations, and standards.
●Ensured the implemented security safeguards were adequate to assure the integrity, availability, and confidentiality of the information being processed, transmitted, or stored consistent with the level of sensitivity of that information.
●Ensured system POA&M mitigations and timelines were adhered to and documented all changes that occurred.
●Responsible for 4 accredited systems and ensuring that system security postures are maintained.
PROTIVITI CONSULTING LLC, Help Desk Support, New York, New York JAN 2010 To MAR 2014
●Troubleshot system performance in absence of System Analyst or the Director ensuring technical and support control efficiency.
●Assisted with launching new start up programs working closely with personnel to perform suitability
●Reviews by learning and implementing protocols and engaging client awareness.
●Prepared correspondences-maintained client appointment logs and records, and provided ongoing
●support to build rapports and disseminate information.
Reference:
Will be giving upon request.
Clearable Level
US Citizen Clearable for Security Clearance
Contact this candidate