Risk Management Information Security

Dennis Amoako

Clayton, DE *****

Phone: 973-***-****

******.********@*****.***

PROFESSIONAL SUMMARY:

Dynamic and results-oriented Cybersecurity and Risk management Officer with over 8 years of extensive experience in crafting and executing comprehensive business continuity and disaster recovery strategies. Demonstrated expertise in governance frameworks, risk management, and compliance standards. Proven ability to lead cross-functional teams in enhancing organizational resilience and protecting sensitive information. Exceptional communicator dedicated to cultivating a culture of security awareness and proactive risk mitigation.

CORE COMPETENCIES

Security Policy Development

Risk Management & Compliance

Incident Response & Management

Security Framework Implementation

Automation of Security Controls

Vulnerability Assessment & Penetration Testing

Security Assessment & Authorization

Data Privacy Auditing and gap analysis

Privacy by design and default strategies

FISMA Act 2002

NIST SP 800-Series

Tenable Nessus Scanning

ISO 2700X

Third Party Risk Management

Policy and Process Development

Security Planning

Risk Assessments

ServiceNow Security

Data Protection & Privacy Regulations (GDPR, PCI)

Cross-Functional Collaboration

Metrics Development & Reporting

Program Improvement Initiatives

Security Awareness Training

Industry Best Practices Awareness

Cloud Security

Business Continuity and Disaster Recovery planning

IT general Controls (ITGC) Auditing

Splunk

Core Skills:

·Orchestrated a company-wide data privacy initiative, resulting in the successful certification of the organization under the EU-US privacy shield framework, e

·Auditing, Security Assessment, Risk Management, Security Related Awareness and Training and ensuring safe environments through best practices following NIST Risk Management Experience in performing risk assessment on both commercial and Federal Government information systems.

·Skilled in Information Security/Assurance Analysis, Compliance and Governance

·Experience in assessing security controls in AWS cloud environment.

· Improve the efficiency of information security processes and advance the effectiveness of the information security control of the AWS cloud operating model.

· Participates in Incident Response activities in coordination with other teams as necessary, reviewing and editing event correlation rules, performing triage on these alerts by determining their criticality and scope of impact, evaluating attribution and adversary details.

·Develop and conduct Security Control Assessments (formally ST&E) per NIST SP 800-53A and NIST SP 800-53R4.

·Over 5 years of experience in system security monitoring, auditing and evaluation, A&A and Risk Assessment of GSS (General Support Systems) and MA (Major Applications)

·Performed Certification and Accreditation documentation in compliance with company standards.

PROFESSIONAL EXPERIENCE:

Information Security Officer (Contract)

Bayhealth Hospital, Dover, DE July 2024 – October 2024

Collaborated with cybersecurity teams to implement operational security measures for government systems.

Assessed and mitigated security risks by analyzing requirements for implementation and testing.

Monitored security controls continuously to ensure compliance with federal Assessment and Authorization activities.

Developed and maintained security checklists, templates, and tools to enhance A&A process efficiency.

Conducted security control assessments according to Agency guidelines and NIST standards, recommending necessary safeguards.

Reviewed vulnerability scans to identify system vulnerabilities and advised on compensating controls.

Prepared security authorization packages in alignment with contractual requirements, ensuring comprehensive documentation.

Developed key security documents, including System Security Plans and Incident Response Plans.

Maintained Plans of Action and Milestones to support remediation activities using IA and Risk Management tools.

Managed hardware and software inventories to ensure compliance and security across all assets.

Spearheaded the development and execution of business continuity and disaster recovery plans, ensuring alignment with organizational objectives and regulatory requirements.

Conducted in-depth risk assessments and business impact analyses, identifying vulnerabilities and implementing effective mitigation strategies.

Collaborated with IT and operational teams to seamlessly integrate cybersecurity measures into existing business processes, enhancing overall security posture.

Designed and delivered comprehensive training programs to elevate employee awareness of cybersecurity best practices and disaster recovery protocols.

Monitored compliance with industry standards (ISO 27001, NIST, GDPR) and conducted regular audits to ensure adherence to internal policies.

Acted as the primary point of contact for incident response efforts, coordinating with stakeholders to minimize downtime and data loss.

Information Security Specialist (Contract)

Norwin Technologies LLC, Richardson, TX November 2023 – March 2024

•

Implemented and managed Microsoft Defender solutions to enhance threat detection and response across multiple platforms.

Conducted security assessments and incident response drills using XDR tools to identify and mitigate vulnerabilities.

Developed and deployed serverless functions with Azure Functions to automate tasks using HTTP requests and timers.

Identified and resolved security vulnerabilities to ensure system integrity and prevent unauthorized breaches.

Conducted security risk and compliance activities in a FedRAMP cloud-enabled environment, including Microsoft Azure and Amazon AWS.

Managed security Certification and Accreditation activities utilizing common control frameworks, ensuring adherence to industry standards.

Developed and implemented security controls tailored to organizational needs, enhancing overall security posture.

Integrated security practices into the software development lifecycle, demonstrating understanding and experience with DevSecOps.

Integrated data from multiple sources to provide stakeholders with actionable insights, facilitating informed decision-making and risk assessments.

Enhanced incident detection systems, improving response times to security violations and reducing overall risk exposure.

Analyzed and recommended automation technologies to streamline security processes and improve operational efficiency.

Developed standard operating procedures for security practices, ensuring adherence to compliance and regulatory requirements.

Cybersecurity Analyst/Penetration Tester

Calian Corporation, Houston, TX August 2021 – June 2023

Assisted in migrating on-premises applications to Google Cloud Platform, ensuring minimal downtime and a seamless transition.

Managed Microsoft Azure Compute Engine infrastructure, optimizing resource allocation and reducing operational costs by 20%.

Led technical assessments for CMMC compliance within the Defense Industrial Base.

Advised on CMMC requirements to ensure adherence to federal standards, including NIST SP 800-171.

Conducted gap analyses and developed remediation roadmaps to assist clients in achieving CMMC certification.

Maintained client-specific Plans of Action and Milestones (POA&Ms) and supported remediation activities using Information Assurance and Risk Management tools.

Managed an inventory of hardware and software for information systems, ensuring compliance and security across all assets.

Designed, tested, and trained personnel on Contingency and Incident Response planning, enhancing organizational readiness.

Collaborated with engineering and operations teams to remediate the security posture of General Support Systems and Major Application systems.

Executed comprehensive security assessments, including penetration testing and vulnerability assessments, to identify and remediate security weaknesses.

Collaborated with cross-functional teams to prioritize vulnerabilities and implement robust security controls, significantly enhancing the organization’s security posture.

Managed incident response activities using SIEM tools (SPLUNK and CLARITY), ensuring timely detection and resolution of security events.

Led initiatives to achieve and maintain PCI-DSS compliance, ensuring secure handling of sensitive data through regular audits and assessments.

Assisted in the development and maintenance of the organization's information security policies and procedures, fostering a secure operational environment.

Supported the implementation of cutting-edge security technologies, including firewalls and intrusion detection systems.

Information Security Engineer

Robert Wood Johnson University Hospital, New Brunswick, NJ Dec. 2016 – Sept. 2021

Conducted regular security assessments and incident response drills using XDR tools to identify vulnerabilities and mitigate risks.

Facilitated communication with stakeholders to ensure understanding of CMMC certification timelines, requirements, and best practices.

Developed technical documentation, including System Security Plans (SSPs) and Plan of Action & Milestones (POA&M), for CMMC assessments.

Served as a liaison between clients and third-party CMMC assessors for successful completion of certification audits.

Provided advisory services on compliance requirements, including DFARS, FAR clauses, and ITAR.

Conducted penetration testing and security audits, identifying critical security gaps and briefing executive leadership on findings and remediation strategies.

Managed the POA&M process, facilitating reviews and coordinating with system owners for timely remediation of vulnerabilities.

Prepared System Authorization documentation, presenting risk assessments and mitigation strategies to the Authorizing Official for accreditation decisions.

Reviewed and updated security policies, ensuring compliance with federal and industry standards through security control assessments.

Conducted thorough risk assessments to identify vulnerabilities, recommending mitigation strategies to ensure compliance with established standards.

Developed and documented security policies, standards, and procedures, significantly enhancing the organization’s security framework.

Managed the incident response program, ensuring timely detection and resolution of security incidents and breaches.

Collaborated with system owners and security officers to remediate identified vulnerabilities, maintaining compliance with NIST, PCI DSS, and FISMA.

Monitored network traffic for suspicious activity and responded to security incidents promptly, minimizing potential risks.

Assisted in the development of disaster recovery plans and conducted regular testing to ensure their effectiveness.

EDUCATION:

University of Ghana, Legon, Ghana

BSc Information Technology

CERTIFICATIONS:

Certified Information Security Manager (CISM)

Certified Ethical Hacker (CEH)

CompTIA Advanced Security Professional (CASP)

Cisco Certified Network Associate (CCNA)

PROFESSIONAL AFFILIATIONS

Member, Information Systems Security Association (ISSA)

Member, Information Systems and Control Association (ISACA)

INDUSTRY AWARENESS

Actively participate in industry conferences and workshops to stay informed about emerging trends, security best practices, and regulatory changes.

REFERENCES

Available upon request.

Contact this candidate