Information Security Risk Management

Charles K Owusu

240-***-**** • ***************@*****.*** • Remote

An Information Security Professional with 8+ years of experience in IT compliance, vulnerability assessments and management. I have specialties in Risk Management, Certification & Accreditation (C&A), Information Assurance, National Institute of Standards & Technology (NIST), Federal Information Processing Standards (FIPS) and SP-800 Series Guidance, Federal Information Security Management Act (FISMA), System Security Continuous Monitoring and, Audit engagements, Testing of Information Technology controls and developing Security policies, procedures and guidelines. I also possess strong problem-solving skills, grounded knowledge in Risk Management Framework (NIST-RMF) and Systems Development Life Cycle (SDLC).

CERTIFICATION AND TRAINING

COMPTIA Security+

Certified Authorization Professional (CAP)

Certified Information Security Manager (CISM)

SOFTWARE, PLATFORMS & TOOLS

Retina Network Security Scanner, NESSUS, NMAP, NSAT, CSAM

Unix-Based Systems, Windows XP, 7, 10 MAC OS X

MS Office 360 (Word, Excel, PowerPoint, Access, Outlook)

EDUCATION

Bachelor of Science: Business & Mgmt. August 2012-December 2016

Morgan State University

IT EXPERIENCE

Tightech Consulting, MD October 2018-Present

Information Security Analyst

Ensure Implementation of appropriate security control for Information System based on NIST Special Publication 800-53 rev 4, FIPS 200, and System Categorization using NIST 800-60, and FIPS 199.

Collaborate with system administrators to remediate (POA&Ms) findings.

Ensure vulnerabilities and risks are efficiently mitigated in accordance with the organization continuous monitoring Plan.

Monitor controls post authorization to ensure continuous compliance with the security requirements.

Identify new, maintain and disposal of information system inventory in accordance with established policies and procedures, ensure accurate configuration management and property accountability.

Modify and maintain procedures, operational process document, change control document, operational checklist, detailed system specifications and procedures.

Develop training materials for employees on data protection.

Conduct security assessment interviews to determine the Security posture of the System and to develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company “Authorization to Operate” (ATO), the Risk Assessment, System Security Plans, and System Categorization.

Perform information security risk assessments and assist with the internal auditing of information security processes.

Assess threats, risks, and vulnerabilities from emerging security issues, while also identifying mitigation requirements.

Capital One Bank, VA December 2016 – October 2018

Information Security/Compliance Analyst

Participate in client interviews to determine the security posture of the System.

Prepare and submit Security Assessment Plan (SAP) for approval.

Conducted initial assessment, and performed continuous monitoring of security control post assessment.

Worked with System Owner to develop and perform periodic testing of contingency and disaster recovery plan.

Develop and update Security Plan, Plan of Action and Milestones (POA&M).

Monitor controls post authorization to ensure continuous compliance with the security requirements.

Prepare and update the Security Assessment Report (SAR)

Analyze and perform technical and non-technical security risk assessments of computer and network systems via network scans, interviews, documentation review and walk-through of both new and existing federal information systems for FISMA compliance using NIST guidelines and controls.

Conduct Risk Assessment on all system changes.

Re-assess remediated controls for effectiveness.

Paradyme Management, MD June 2016 – December 2016

Information Technology Corporate Intern

Assigned issues to appropriate support group for thorough support and prompt resolution.

Researched and analyzed Business, Technical, Functional and User Interface requirement of a project.

Created test scenarios, test conditions and expected results and test cases.

Executed test scripts and document results.

Logged defects and verify defect fixes.

Monitored network performance and troubleshoot problem areas as needed.

Cross-trained and provided back-up for other IT support representatives when needed.

Contact this candidate