PRINCE OWUSU

adxv66@r.postjobfree.com Cell: 571-***-**** Dumfries, VA, 22026

Summary

As a cybersecurity consultant with over 5 years’ experience, my role is to provide information security, compliance, and IT risk management consulting services to clients. My general background includes extensive experience delivering information security risk and regularity assessments for Fortune 500 companies in technology and healthcare industries, transportation and retail and government spaces related to Risk Management and Assessment, 3rd Party Vendor Risk Assessment, PCI-DSS Assessment, HITRUST Compliance, HIPAA Privacy, Compliance, IT Auditing and Security Controls.

Qualifications/Skills

•Experience with Qualys Cloud Agent, Qualys API, Qualys Policy compliance, and Qualys PCI module.

•AWS cloud security and container vulnerability management process

•Experience with firewall issues preventing vulnerability management and scanners like, tenable, nessus, qualys etc.

•Auditing, Security Assessment, Risk Management, Security Related Awareness and Training and ensuring safe environments through best practices following NIST Risk Management Framework.

•Skilled in Information Security/Assurance Analysis, Compliance and Governance

•Skilled in incident response following SOC procedures in Incident Response Plan.

•Perform security assessment and audits for compliance with NIST Risk Management Framework.

•Knowledge in active directory 2008.

•Experience in password management system in cordination with service desk.

•Experience in cloud security tools like Zscaler and Qualys.

•Linux flavour like UBUNTU, DEBIAN.

•Access Control Identity Management, Vulnerability Assessment, SOC Analysis, Incident Response and Threat Mitigation.

•Finding Cyber Security vulnerabilities and Risks in computer networks and resolving those vulnerabilities.

•Skilled in risk-based approach to monitoring third-party vendor security practices and compliance.

•Risk Assessment, Threat Assessment, Incident Management, Access Control, Change management, Contingency Planning

•Risk Mitigation, Disaster Recovery, contingency planning, Cloud Computing, Networking Technologies

•HITRUST Assessment and Compliance

•Risk Management Frameworks

• NIST Family of Security Control, POAM,

Incident and Contingency Planning.

Framework/Regulations

•Health Insurance Portability and Accountability Act (HIPAA), HITRUST Act

•Federal Information Security Management Act (FISMA): Certification and Accreditation, NIST 800-53, NIST 800-60, and FIPS 199

•Vendor Risk/Third Party Risk Management, ISO 27001/27002, SOC 2 Type II, SOC 3

•Information Technology General Controls (ITGCs)

•Payment Card Industry Data Security Standard (PCI-DSS)

•Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLBA)

•NIST Cybersecurity Framework

Experience

Bozzuto Associates-VA

Information Security Consultant

April 2017-Current

Vie De France-VA

Cybersecurity Compliance Analyst

May 2014 – March 2017

•Leads audits/assessments including audit plan preparation, review of documents and evidence, evaluation of procedures and client interviews.

•Continuous profession development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area.

•Reviews documentation, evidence and security policies and procedures

•Assess client provided documentation for compliance with a variety of standards.

•Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)

•Designate systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60

•Perform Vulnerability Assessment. Make sure that risks are assessed, evaluated and a proper action have been taken to limit their impact on the Information and Information Systems

•Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.

•Assist System Owners and ISSO in preparing certification and Accreditation package for companies IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4

•Performed IT security Assessment and monitoring compliance to information security policies and procedures.

•I assessed, reviewed, evaluated, validated, and documented vendors/third party security assessment.

•Performed security assessment and ensured new and existing information technology (IT) systems meet the organization’s information assurance (IA) and security requirements.

•I ensured appropriate security controls are in place for all internal hosted applications and are working for all IT systems.

•Supported and assisted with audits engagement, assessments, and compliance activities for clients.

•I reviewed SOC 1,2 & 3 reports, especially SOC 2 reports for proper security assurance.

•I performed HIPAA security assessments to ensure compliance with OCR & HHS requirements.

•Developed information security risks and vulnerabilities assessments and applied security controls to assure confidentiality, integrity and availability of information systems and associated data.

•Developed System Security Plan (SSP), Security Assessment Report (SAR)

ITME Solutions LLC

IT Cybersecurity Analyst

01/2015 - 12/2016

•Conducted kick off meetings to collect systems information (information type, boundary, inventory, etc.) and categorize systems based on NIST SP 800-60.

•Conducted security control assessments to assess the adequacy of management, operational privacy, and technical security controls implemented. Security assessment Reports (SAR) were developed detailing the results of the assessment along with Plan of Action and Milestones (POA&M).

•Developed system security plans to provide an overview of federal information system security requirements and described the controls in place or to meet those requirements.

•Created and updated the following Security Assessment and Authorization (SA&A) artifacts; FIPS 199, Security Test and Evaluations (ST&Es), Risk assessments (RAs), Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, Contingency Plan, Plan of Action, and Milestones (POAMs).

•Prepared Security Assessment and Authorization (SA&A) packages to ascertain that management, operational and technical security controls adhere to NIST SP 800-53 standards.

•Performed vulnerability assessment, making sure risks are assessed and proper, actions taken to mitigate them.

•Conducted IT controls risk assessments including reviewing organizational policies, standards and procedures and providing advice on their adequacy, accuracy, and compliance with industry standards.

•Developed risk assessment reports. These reports identified threats and vulnerabilities. In addition, it also evaluates the likelihood that vulnerabilities can be exploited, assess the impact associated with these threats and vulnerabilities, and identified the overall risk level.

Education and Training

University of Ghana Legon Accra, Ghana

Bachelor of Science in Information Technology

ITME Solutions LLC- Virginia

Cybersecurity Training and Consulting Alexandria Virginia-USA

Certifications: CompTIA Security+, Network+, Linux+, Cisco Certified Network Associate (CCNA), NIST Cybersecurity Analyst.

Clearance Level-Clearable

Contact this candidate