Lyndee Araba Appiah Kubi

347-***-**** (mobile) email: adyeza@r.postjobfree.com

Security Clearance: Clearable

Competent, resourceful, and accomplished information security professional with over 6 years diverse experience in Information Assurance, which includes System Security Compliance, Risk Assessment, Continuous Monitoring, Audit Engagements, and periodic self-assessment of systems security controls to achieve the security objectives of Confidentiality, Integrity, and Availability of information and information systems. Experienced in collaborating face-to-face with multiple stakeholders, interviewing, planning, and participating in a team effort to successfully complete tasks. Adept at motivating and collaborating with multifaceted teams and organizations to address Privacy and Data Security objectives through the application of concepts from the Risk Management Framework and NIST 800-SP including NIST SP’s 800-60,800-53/53A, 800- 18, 800-30, 800-137 and FIPS 199 and FIPS 200, FISMA guidelines.

EDUCATIONAL BACKGROUND

Kwame Nkrumah University of Science and Technology

(Commonwealth Executive Masters in Business Administration) CEMBA.

Ghana Institute of Management and Public Administration

(BSC Human Resource Management)

University of Ghana (Diploma in Archives Administration) CERTIFICATIONS

CompTIA Security+ CE (Sec+) – Active

CASP+ - CompTIA Advanced Security Practitioner – Ongoing CORE COMPETENCIES

RSA Archer Xacta ServiceNow RMF NIST 800-37 NIST 800-30 FISMA Information Technology Cyber Security Analysis Team Collaboration Policies & Practices FedRAMP Quality Control POA&M Management System Security Risk Acceptance and Waiver Memo Word, Excel, PowerPoint, Outlook CAREER SUMMARY

NOBLIS Inc. – Remote July 2019 –

Present

Information System Security Officer (ISSO)

Implement appropriate Assessment and Authorization (A&A) activities in strict compliance with RMF, NIST SP 800 series, FIPS series, FISMA and FEDRAMP guidance.

Review and update System Security Plans (SSP) and System Risk Assessment in accordance with FISMA, OMB, NIST SP 800 series and industry security best practices.

Author templates and coordinate with teams the development of other required system artifacts: Configuration management (CM), Contingency Plan (CP), Continuity of Operations (COOP), Disaster Recovery Plan (DRP) and Incident Response Plan (IRP), Information Security Continuous Monitoring (ISCM) Plan.

Review and update Privacy Impact Analysis (PIA), System Security Test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).

Conducted Security Control Assessment on Applications and Systems to ensure that such implementation procedures meet the security needs of the Information Systems and make recommendations for the system to operate within strong security posture according to NIST 800-53A standards. Assisted System Owners and ISSOs in preparing Certification and Accreditation packages for the agency IT systems, making sure that management, operational and technical security controls adhere to the requirements of NIST SP 800-53 R4.

Designated systems and categorized its C.I.A using FIPS 199 and NIST SP 800-60.

Performed Vulnerability Assessment. Making sure that risks are assessed, evaluated and corrective actions have been taken to limit their impact on the Information and Information Systems.

Created standard templates for required security assessment and authorization documents, including, system security plans, security assessment plans and reports, contingency plans, and Plan of action and milestone.

Conducted I.T controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance

required for compliance to NIST 800-171 and CMMC: Policies & Procedures, SSP, and POA&Ms.

Put together Authorization Packages (SSP, POA&M and SAR) for Information systems to the Authorizing Official. Carry out continuous monitoring after authorization to operate (ATO) to ensure compliance with the security requirements. Premier Alliance, LLC April 2017 – July

2019

Cybersecurity Analyst

● Manage Security Assessment and Authorization efforts, ensuring compliance with Federal Guidelines such as NIST SP 800-37 Rev2, NIST 800-53A, NIST 800-64, and NIST 800-83 to achieve and maintain annual ATO.

● Assist System Owner, Information Owner, and ISSM in recording, tracking and remediating all known security weaknesses of assigned information systems in POA&Ms IAW enterprise policy and procedures.

● Create Risk Waivers or Risk Acceptance Memos to assist in the effective management of system risks.

● Perform information type categorization and risk assessments to identify security system categorization for selecting the appropriate security controls to be applied to assigned systems.

● Create or maintain security artifacts as part of the ATO package including but not limited to; System Security Plan

(SSP), Contingency Plans (CP), Disaster Recovery Plans (DRP), Plan of Action and Milestone (POA&M), Incident Response (IR), and other security documentation.

● Create, validate and import all required documentation in Enterprise Mission Assurance Support Service (eMASS) to include hardware, software, ports, protocols, services (PPSM), boundary diagram and description, control implementation details describing the function of the systems/applications.

● Create Plan of action and milestones (POA&Ms), write mitigation statements, resources required, completion dates and ensure artifacts are attached for support of STIG results, checklist and ACAS scans.

● Conducts remediation and hardening techniques through vulnerability assessments and scans, Security Content Automation Protocol (SCAP) scans, and Security Technical Implementation Guide (STIG) checklist and policies.

● Assess vendor/Cloud Service Provider (CSP) through review of both self-attested and independently verified vendor security documentation to include: Disaster Recovery and Business Continuity Plans, SOC reports, Penetration Test Results, IT Security Plans/Policies, Risk Acceptance Recommendations, Vulnerability Scan Reports, ST&E Package including Security Assessment Report (SAR), etc. to validate effectiveness of controls.

● Arrange a kick-off meeting with stakeholders to help identify assessment scope, system boundary, and information system type prior to submitting the system to the SCA-V team to validate implemented controls.

● Use Nessus/ACAS vulnerability scanning tool to continuously monitor implemented security controls to ensure controls remain functional throughout the lifecycle of the information system. Grinox Technologies

Information Assurance Analyst Nov 2016 – April 2017

● Supported three on premise low/moderate General Support Systems (GSS) at various stages of the assessment and authorization process to receive or maintain ATO.

● Provided input to management on appropriate FIPS 199 impact level designations and identified appropriate security controls based on characterization of the general support system or major applications.

● Assisted in establishing an Ongoing Authorization (OA) program design to review the security posture of designated systems on a continual basis.

● Determined security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).

● Developed NIST Compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone

(POA&M), and addressed system weaknesses.

● Performed Information Systems Security Audits and Certification and Accreditation (C&A) Tests.

● Generated, reviewed, and updated System Security Plans (SSP) against NIST 800-18 and NIST 800-53 requirements.

● Conducted risk assessments regularly; ensured measures raised in assessments are implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37.

● Assessed existing security policies, processes, and templates against NIST guidance.

Contact this candidate