Elison K. Appiah

Phone: 614-***-****, Email: adybo2@r.postjobfree.com

Dallas, TX 76247

SUMMARY

A versatile cyber security professional with repeated accomplishments investigating all types of cyber security incidents and breaches impacting service, people, and business. Adept at security assessment and authorization, risk management, and vulnerability management. Experienced in cybersecurity risk management and its impact on organization’s information Systems Confidentiality, Integrity, and Availability triad. Equally capable of collaborating effectively with high-performing teams or working independently to enhance performance and increase reliability. SKILLS

• Security Assessment & Authorization

• Third Party Risk Management

• Policy and Process Development

• Security Planning

• Incident Response

• Risk Assessments

• Vulnerability Management

• FISMA Act 2002

• NIST SP 800-Series

• Tenable Nessus Scanning

• ISO 2700X

• ServiceNow Security

• Risk Management Framework

• Cloud Security

• Business Continuity and Disaster Recovery planning

• IT general Controls (ITGC) Auditing

• Splunk/ NIST 800-53v5

Core Skills:

• Auditing, Security Assessment, Risk Management, Security Related Awareness and Training and ensuring safe environments through best practices following NIST Risk Management Framework Experience in performing risk assessment on both commercial and Federal Government information systems.

• Skilled in Information Security/Assurance Analysis, Compliance and Governance

• Experience in assessing security controls in AWS cloud environment.

• Improve the efficiency of information security processes and advance the effectiveness of the information security controls of the AWS cloud operating model.

• Participates in Incident Response activities in coordination with other teams as necessary, Reviewing and editing event correlation rules, performing triage on these alerts by determining their criticality and scope of impact, evaluating attribution and adversary details.

• Develop and conduct Security Control Assessments (formally ST&E) per NIST SP 800-53A and NIST SP 800-53R4.

• Over 5 years of experience in system security monitoring, auditing and evaluation, A&A and Risk Assessment of GSS

(General Support Systems) and MA (Major Applications)

• Performed Certification and Accreditation documentation in compliance with company standards. EXPERIENCE

CTDI – FOLWER MOUND, TX June 2021 – Present

Security Control Assessor

• Schedule kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.

• Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide.

• Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A Rev 4 Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination, and testing.

• Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.

• Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e- Authentication Assessment, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool.

• (CSAM) Request scans and later review the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.

• Develop documentation [FIPs 199, FIPs 200, PTA, PIA, e-authentication on new or existing systems.

• Provide system/equipment/specialized training and technical guidance.

• Serve as liaison with clients, participating in meetings to ensure client needs are met.

• Independently research and collaborate with teams to develop knowledge regarding the environment.

• take on lead roles within the team and effectively train team members based on inherent knowledge. SMS INFOCOMM COPAREATION – GRAVPEVINE, TX Dec 2017-June 2021 Information Systems Security Officer (ISSO)

• Conducted IT controls risk assessments that included reviewing organizational policies, standards, procedures, and guidelines.

• Developed audit plan and performed the General Computer Controls testing, identified gaps, developed remediation plans, and presented results to the IT Management team.

• Conduct IT general controls risk assessments as well as risk auditing with frameworks like HIPAA, PCI, and ISO 27001.

• Developed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and polices safeguards to maintain HIPAA compliance base on NIST SP 800-66 Rev1 and security controls (NIST SP 800-53).

• Developed a security baseline controls and test plan that was used to assess implemented security controls.

• Conducted a security control assessment to assess the adequacy of management, operational, and technical security controls implemented.

• Assisted in the development of an Information Security Continuous Monitoring Strategy (Ensure continued effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions.

• Developed a system security plan (SSP) to provide an overview of federal information system security requirements (FISMA) and describe the controls in place.

• Conducted meetings with the IT client team to gather evidence, developed test plans, testing procedures and documented test results and exceptions.

• Conducted walkthroughs, formulated test plans, documented gaps, test results, and exceptions; and developed remediation plans for each area of testing.

OFFICE MAX GROVE CITY, OHIO Oct 2014 – Nov 2017

GRC Analyst

• Performed IT operating effectiveness tests in the areas of security, operations, change management, and email authentication.

• Provided input to management on appropriate FIPS 199 impact level designation and identified appropriate security controls based on characterization of the general support system or major application.

• Performed assessments of systems and networks within the networking environments and identify where those systems and networks deviate from acceptable configurations or organization’s policy.

• Executed the preparation of Security Assessment plans, Security Assessment Reports, Contingency plan, Privacy Impact Assessment.

• Periodically conducted a complete review of each system's audits and monitored corrective actions until all actions were closed.

• Supported the SAA process of systems to verify and validate conformance to Federal and policies, regulations, FISMA compliance and standards to meet specified security requirements.

• Reviewed key reporting to validate accuracy and identify discrepancies and gaps.

• Developed strong working relationships with all vendors to ensure seamless audits/reviews. EDUCATION

• National Technical Engineering College (Accra-Ghana) - Associate of Science Telecommunication Engineering.

• CCI Training Center (Arlington, TX) - Associate of Computer and Network Administration. CERTIFACATIONS

• Certified Information Systems Auditor (CISA)

• Certified Scrum Master (CSM)

• CompTIA Sec+

Contact this candidate