Security Analyst Life Cycle

**** ****** ***** **

Upper Marlboro, MD *****

732-***-****

******************@*****.***

JEFFERY AMPONSAH

SUMMARY

Accomplished, passionate and analytical cybersecurity professional with 7 years’ experience in Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), security life cycle, and vulnerabilities management using FISMA, and applicable NIST standards. Organized, Solutions-focused, deadline-focused, team oriented, work well independently, or in a team providing all facets of computer support with in-depth knowledge and understanding of numerous software packages and operating systems. Monitoring security systems for potential breaches or suspicious activity, analyzing security logs, and responding to incidents. Identifying vulnerabilities, conducting risk assessments, and developing strategies to mitigate risks. Managing and configuring security tools such as SIEM (Security Information and Event Management), firewalls, and antivirus software. Ensuring compliance with industry standards and regulations and performing regular security audits and assessments. Educating employees on best security practices to reduce the risk of human error leading to breaches (e.g., phishing attacks). Documenting security incidents, vulnerabilities, and audit results, providing recommendations for improvements.

EXPERIENCE

ATRIA WEALTH SOLUTIONS

IT Security Analyst

July 2023 – Present

Performs and monitors internal and external penetration/vulnerability scans to minimize risk across all systems.

Audits access/entitlements to Company data and applications and reports findings to upper management.

Assists in developing, testing, implementing, and maintaining security plans, products, control techniques, cloud controls, and procedures in accordance with Company security policies.

Monitors security systems and documents possible threats or vulnerabilities. Evaluates risk and recommends corrective actions to ensure data security.

Maintains all security policies and researches, recommends, and implements changes to procedures and systems to enhance data security.

Reviews and tests of all new system implementations to ensure they have met all security policies and standards.

Monitor and resolve security ticket queue within Service Level Agreement.

Maintains awareness of up-to-date threats and vulnerabilities and their respective countermeasures

Updates and maintains virus and spyware/malware protection systems.

Maintains and reviews system log files.

Reviews employee access to various systems to ensure job relatedness.

Responds to reported security violations and assistance in Company-wide security awareness.

Tests, documents, and reports on security risks in new systems and applications prior to deployment.

Assists in reviewing and completing audit/legal requests.

Provide security support for the Tec Assist program.

Review and provide guidance on Vendor management process.

Requirement to respond to, troubleshoot, and fix security incidents on a 24x7 on-call basis including late-night change windows.

Performs additional tasks as they apply to specific areas of responsibility.

Provides level III user support that at times includes working non-scheduled hours.

ATRIA WEALTH SOLUTIONS

IT Data Security Analyst

July 2022 – July 2023

•Configure and monitor email security controls to detect and mitigate potential security threats such as phishing attacks, business email compromise (BEC), and malware.

•Collaborate with security operations teams to investigate and respond to email-based incidents, such as suspicious emails, phishing campaigns, or malware outbreaks.

•Oversee the implementation of encryption technologies to protect sensitive email communications, both in transit and at rest.

•Educate and train employees on best practices for securely exchanging sensitive information via email and ensure adherence to organizational encryption standards.

•Design, implement, and maintain email archiving solutions to meet regulatory requirements and ensure secure, long-term storage of email communications.

•Design, implement, and continuously improve data loss prevention strategies to safeguard sensitive information from unauthorized sharing, both internally and externally.

•Configure DLP policies to monitor and control the movement of sensitive data through email systems, file transfers, and cloud applications.

•Monitor DLP alerts and logs to detect, investigate, and remediate any incidents of data leakage or policy violations.

•Take a lead role in investigating and remediating email-related security incidents, working closely with internal stakeholders, such as IT operations, legal, and compliance teams.

•Provide detailed incident reports, outlining cause, impact, mitigation strategies, and lessons learned to senior leadership.

•Act as the subject matter expert (SME) for email security, encryption, archiving, and DLP, providing guidance and support across the organization.

•Collaborate with IT teams to ensure that email security is integrated with broader cybersecurity measures, such as endpoint protection and network security.

•Provide training and awareness programs for staff on best practices related to email security, encryption, and data protection.

WB MASON COMPANY SOUTH BRUNSWICK NJ 08512

Cyber Security Specialist

October 2019 - Nov 2022

Develop, implement, and manage the organization's information security program, policies, and procedures.

Identify and assess information security risks and vulnerabilities and develop strategies to mitigate them effectively.

Design and implement security controls and measures to protect the organization's sensitive data, systems, and networks.

Investigated malicious phishing emails, domains and Ips using open-source tools and recommended props analysis.

Conduct log- based and endpoint -based threat detection to detect and protect against threats coming from multiple sources.

Conduct regular security assessments, audits, and vulnerability assessments to ensure compliance with industry standards and regulations.

Manage incident response and recovery efforts in the event of security breaches or incidents.

Implement and oversee security awareness and training programs to educate employees about security best practices.

Work with third-party vendors to evaluate their security practices and ensure they meet the organization's standards.

Prepare and present reports to senior management and stakeholders on information security performance and risks.

Collaborate with legal and compliance teams to ensure the organization's compliance with relevant laws and regulations.

Provide guidance and support during the design and implementation of new technologies and systems to ensure security requirements are met.

Ensure compliance with relevant laws, regulations, and industry standards such as SOC 2, ISO 27001, ISO 27701, GDPR, and CCPA, etc.

Information Security Analyst

May 2016 – October 2019

•Performed information security risk assessments and assisted with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues.

•Reviewed information systems security environments to include all aspects of physical, technical, and administrative security measures

•Monitored and evaluated systems compliance with Information Technology security requirements in accordance with NIST 800 series

•Assisted with the development, implementation, and administration of information security policies, standards, and procedures adhering to industry best practices

•Provided analysis of system requirements relating to security/ Vulnerability reviews, risk, and contingency planning

•Developed plans of actions and milestones (POA&M’s) and/ or risk assessments for identified vulnerabilities and worked with multiple teams to track the execution of POA&M items to completion.

•Supported C&A activities, including conducting ongoing Continuous Monitoring on compliance with required IA controls

•Tracked and documented reports relating to the information systems audit functions.

•Evaluated and assessed Security Plans, Security Assessment Plans, Cybersecurity Strategy, Program Protection Plan, Security Assessment Reports, RMF Plan of Action and Milestones, Security Authorization Package and Authorization Decision.

EDUCATION

University of Cape Coast

Ghana

Bachelor of Education

August 2009 - August 2013

TECHNICAL COMPETENCES

•Operating Systems: Win (10, 7,11 Vista, XP)

● Microsoft Office Suite: Word, Excel, PowerPoint, Outlook

● Security Tools: Nessus, CrowdStrike, Alert Logic, True Fort, Jira, Zendesk, Netskope, Proofpoint, KnowBe4, Ninja One, Azure

CERTIFICATION

CISA

CompTIA Security+

SKILLS

Information Security

Incident Response

Information Security Awareness

Security Analysis

Information Assurance

Vulnerability Scan

Risk Assessment

Data Loss Prevention (DLP)

Azure

Email Security

Contact this candidate