Information Security System
Resume:
PRINCE OPPONG
Stafford, VA *****
571-***-**** ***********@*****.***
OBJECTIVE
Ten years demonstrated experience conducting logical approach to seek practical solution to difficult problems in Risk Management Framework (RMF), Vulnerability Management using FISMA/NIST and Sarbanes-Oxley 404 is seeking IT Security Analyst position in a well reputed organization with focus on IT Security and Risk Management, System
Security Monitoring, Auditing Engagement Control Testing, Information Security System, Privacy, Project Management and Support, System Development Life Cycle, Vulnerability Assessment etc.
CLEARANCE AND CERTIFICATIONS
Secret Clearance/Top Secret Clearance
CompTIA Security+ CE
Certified Ethical Hacker (CEH) – EC-Council, 2017
Certified Authorizing Professional (CAP), 2019
CISM-2021
CISSP – In progress
FISMA Compliance training completed
Information System Security Training completed
Assessment and Authorization Training completed
SOX 404 Compliance Training completed
Splunk Training/Nessus/ Open Vas/ Nmap
Xacta Training/ Confluence Training
ACAS-Training Completed
EMASS-Training Completed
HBSS Training Completed
Jira Training Completed
AWS Training Completed
Archangel Training Completed
Pono Aina H2 – Sr. Security Controls Analyst (40 hrs/week)
FEB 2021-PRESENT
Utilizes ArchAngel or Xacta-C tools to prepare and document activities related to RMF Steps 1 through 3.
Conducts various tasks such as creating a System Description, completing the NSS Checklist, conducting a Business Impact Analysis (BIA), assessing FIPS 199 and System Data Types (SDT), and answering the Hardware and Software Inheritance Questionnaire, Privacy Questionnaire, Records Management Questionnaire, Privacy Impact Assessment (PIA), and Privacy Act Statement (PAS).
Establishes the System Boundary and defines System User Groups within ArchAngel or Xacta-C tools.
Performs Digital Identity Risk Assessments (DIRA) and develops the Information System Contingency Plan (ISCP) and System Security Plan (SP).
Prepares Security Control Implementation Statements for the required NIST SP 800-53 control families.
Takes responsibility for documenting and preparing RMF Step 6, Continuous Monitoring activities.
Conducts Annual Controls Assessments (ACAs) and annual Contingency Plan Tests (CPTs) as part of the Continuous Monitoring process.
Handles Findings and Plan of Action and Milestones (POA&Ms) on an annual basis.
Ensures compliance with AC-6 System Owner Attestations for Account Management and completes quarterly FISMA Questionnaires.
Develops and reviews Privacy Impact Assessments (PIAs) and Privacy Act Statements (PASs), preparing them for submission to the Privacy Office.
Possesses the ability to interpret complex system/network architecture diagrams.
Performs analyses to validate established security requirements and suggests additional security requirements and safeguards if necessary.
Gathers evidence to support the implementation of system baseline security controls.
Conducts thorough analysis on gathered evidence to ensure compliance.
PHACIL, INC – Sr. Information Security/Assessor/Security Controls Analyst (40 hrs/week)
JUNE 2016 -FEB 2021
•Assess variety of assigned passport and visa systems requiring periodic review, assessment, and authorization under the NIST Risk Management Framework (RMF) methodology.
•Formal review of externally-produced materials including the system Security Plan, Contingency Plan, and related materials and artifacts.
•Develop the Security Assessment Plan and conduct the stakeholder kickoff meeting.
•Execute the security control assessment through the “examine, test, and interview” method.
•Attend demonstrations of the application and develop the means to work with stakeholders through electronic and in-person discussions.
•Request and collect artifacts from stakeholders as evidence for specific security control implementations.
•Determine the best methods and practices needed to access specific security artifacts and personnel and to execute security examinations.
•Develop standard operating procedures and practices to further the assessment mission and provide increased value to the customer.
•Applied appropriate security control for federal information system based on NIST 80037 rev 1, SP 800-53 rev4, FIPS 199, FIPS 200, and OBM 130 Appendix III.
•Conducted system and network vulnerability scan to Identify and remediate potential risk
•Prepared and submitted Security Assessment Plan (SAP) to CISO for approval.
•Updated System Security Plan (SSP), Plan of Action and Milestone (POA&M)
•Performed risk analysis that also include risk assessment
•
PROFESSIONAL EXPERIENCE
SYSTEM HIGH COPERATION-SECURITY ANALYST
JUNE 2013-2016
Assist with security assessments and audits. Monitor and report on the implementation of enterprise information security and privacy controls.
Monitor the ACAS for suspicious events and anomalous activity
Notify assigned customers of security incidents Interface with customers to provide investigatory support and additional information as needed
Develop & maintain a repository of reference documents concerning information security requirements and strategies applicable across the organization
Manage, and update software on the systems and networks they monitor.
EDUCATION
• B.SC in Mathematic/Computer Science 2008 in University of Cape Coast, Ghana
Contact this candidate