QUALIFICATIONS SUMMARY

A highly self-motivated Information Security professional with an impressive record of accomplishment of 5 years in Risk Management. Eagerly seeking an engaging opportunity at the entry to mid-level within a forward-thinking organization poised for growth. My aim is to leverage my extensive expertise in Risk Management Framework (RMF) and Vendor Risk and Controls Assessment to contribute effectively to the organization's security and compliance endeavors.

With a proven ability to navigate complex security landscapes, prepared to bring valuable insights and innovative solutions to enhance information security measures.

•Working knowledge in Risk Assessment, Risk Management Framework (RMF) which outlines the 6 Steps to Risk Management Process for Information Systems. Conduct Business Impact Analysis, Security Assessment Report (SAR) and Plans of Action and Milestones (POA&M) or Risk Register.

•Experience with NIST 800 Special Publication Series to include but not limited to NIST 800-53 & 53A, 800-60, 800-61 etc.

•Working Knowledge in NIST Cyber Security Framework (CSF), PCI DSS, and ISO to ensure adherence to industry best practices and regulatory requirements.

•Knowledgeable in Security Control Assessment (SCA), prepare Security Assessment Reports for information systems.

•Proficient in utilizing leading Governance, Risk, and Compliance (GRC) tools to streamline risk assessment, compliance management, and policy enforcement processes.

•Proficient in utilizing a diverse array of security technologies and products such as Splunk, Rapid7 Nexpose Vulnerability Scanner, Metasploit, Qualys Vulnerability Scanner (Cloud) and Veracode SAST & DAST Technologies.

•Knowledge in vulnerability scanning and monitoring like Nessus, Nmap, Wireshark and IDS/IPS.

•Experience in performing vulnerability scanning and enumeration to identify possible exploits.

•Proficient in performing Performing Security Categorization (FIPS 199), reviewing and ensuring Privacy Impact Assessment (PIA) and Privacy Threshold Assessment.

SKILLS & COMPETENCIES

Security Tools: Proficient in using a variety of security tools such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection System/Intrusion Prevention System), firewalls, antivirus software, and endpoint detection and response (EDR) tools.

Vulnerability Assessment (Nessus): Proficient in utilizing Nessus for comprehensive vulnerability assessments, identifying and prioritizing potential security weaknesses.

Compliance: Familiar with industry-specific compliance standards and regulations such as GDPR, HIPAA, PCI DSS, and the ability to ensure the organization's compliance with these standards.

Wireshark: Skilled in using Wireshark for network traffic analysis and packet capture, aiding in the detection and resolution of security incidents.

Nmap: Experienced in Nmap for network discovery and security auditing, assisting in the identification of open ports and services.

SharePoint: Proficient in managing and securing SharePoint environments, ensuring data integrity and access control.

Windows: Expertise in Windows operating systems, including security configurations, group policies, and event log analysis.

Cisco & Aruba: Familiarity with Cisco and Aruba networking equipment, enabling the implementation of robust network security measures.

Linux: Competent in Linux security administration, bolstering the protection of Linux-based systems.

Cloud Security: Knowledgeable about cloud security best practices and experienced in securing cloud environments, such as AWS, Azure, or Google Cloud.

Scripting and Automation: Skilled in scripting languages like Python, PowerShell, or Bash for automating security tasks and processes.

EDUCATION AND CERTIFICATIONS

•University of Ghana, Diploma Computer Science.

•CompTIA Security Plus

•CISA

WORK EXPERIENCE

Blue Canopy Group, LLC Reston, VA July 2023 - Present

Information Security Analyst

•Involved in conducting in-depth security investigations, utilizing root cause analysis to identify vulnerabilities and recommend corrective actions to prevent

•Evaluated compliance of U.S. House of Representatives system security plans with NIST SP 800-53 series.

•Collaborated bi-weekly with Authorization Official (AO) and system owner(s) to discuss IS security. Reported assessment status and disclosed vulnerabilities promptly.

•Identified vulnerabilities in the vulnerability assessment report and recommended corrective actions to enhance information security controls, reducing the risk of data breaches.

•Supported the preparation, coordination, and submission of materials essential for regulatory reporting, both internally and externally. Assisted in responding to audits and Requests for Information (RFIs) to maintain regulatory compliance.

•Conducted training sessions to educate teams on GRC tool functionality and usage, promoting effective risk management and compliance practices.

•Regularly monitored and updated GRC tools to reflect evolving regulatory landscapes, industry standards, and organizational changes.

•Analyzed real-time and historical security data for potential breaches and compliance violations. Took corrective actions to maintain security and compliance.

•Integrated GRC tools with other systems to facilitate data sharing and reporting, providing a comprehensive view of risk and compliance.

•Conducted evaluations to address risk, force protection, and environmental threats, enhancing operational security and support.

Walgreens Remote (WFH) May 2019 – June 2023

Security Assurance Analyst/ Security Analyst

•Performed controls assessments to ensure the system or application proposed for accreditation met the classification and sensitivity levels and applicable policies, regulations, and standards.

•Performed systems readiness assessment to ensure security controls and safeguards are adequately implemented prior to 3rd Party audits like PCI, SOC2, etc.

•Ensured the implemented security safeguards were adequate to assure the integrity, availability, and confidentiality of the information being processed, transmitted, or stored consistent with the level of sensitivity of that information.

•Supported 2nd and 3rd line of defense activities by providing evidence and other information as requested.

•Documented and monitored system flaws and vulnerabilities, meticulously tracking them in the Risk Register. This process ensured that remediation timelines were not only met but also effectively accounted for in risk management strategies.

•Supported first line defense activities including vulnerability scanning, system integrity monitoring, and access verification and validation during controls assessment activities like controls testing, stakeholder or end user interviews, etc.

•Responded to vendor information requests by filling out security questionnaires in a timely fashion

•Applied expertise in NIST SP 800-60 (FIPS 199), to evaluate information types related to the data and document this information in the Security Categorization Worksheet.

•Reviewed status of Information Systems for modifications and assessed the impact to current system accreditation.

•Participated in information-system kick of meeting and associated authorization briefings to review the assessment results.

•Worked knowledge in collaborating with stakeholders to identify gaps in information systems and find ways to remediate them.

•Served as the focal point for Information Assurance (IA) tasks, efficiently directing initial response to security incident tickets to the appropriate personnel for prompt resolution.

•Reviewed information security request to identify the necessary actions to take to accomplish requested tasks.

•Ensured all systems and applications risk management activities were processed, reported, and coordinated and documented in a timely fashion to support business goals.

•Ensured Risk mitigation and timelines were adhered to and documented any changes or exceptions that occurred.

•Reviewed status of Information Systems for modifications and assessed the impact to current system accreditation or controls.

•Validated system requirements, security policies and procedures, incident response plans, personnel security, access control mechanisms and identification and authentication mechanisms.

•Ensured the implemented security safeguards were adequate to assure the integrity, availability, and confidentiality of the information being processed, transmitted, or stored consistent with the level of sensitivity of that information.

•Ensured system Risk mitigation and timelines were adhered to and documented all changes that occurred.

Contact this candidate