Security Officer System
Resume:
BERNARD ADUSE-POKU
Jersey City, NJ 917-***-****) *************@*****.*** US Citizen
Governance, Risk & Compliance Analyst/ Information System Security Officer/ Security Controls Assessor
A detail-oriented and results-driven cybersecurity professional with extensive experience in governance, risk, and compliance (GRC). Skilled in analyzing cyber threats, implementing security controls, and ensuring adherence to regulatory frameworks such as NIST, FISMA, and FedRAMP. Adept at collaborating with stakeholders to enhance organizational security posture and mitigate risks effectively.
CORE COMPETENCIES
Security Assessments & Regulatory Compliance (NIST 800-53, RMF, FISMA, FedRAMP)/Risk-Based Decision Making & Cyber Risk Management /Vulnerability & Threat Analysis /Identity & Access Management (IAM) /Incident Response & Contingency Planning /Security Documentation & Reporting (SSP, POA&M, BIA)
Tools: CSAM, eMASS, ServiceNow, SharePoint, Nessus, Tenable Security Center.
PROFESSIONAL EXPERIENCE
Information System Security Officer, Lead ISSO, Federal Communication Commission, Washington DC[ April, 2024 – December, 2024]
Conducted security evaluations for 47 system/application boundaries and developed risk mitigation strategies.
Managed Plans of Action and Milestones (POA&Ms) to address security findings and compliance gaps.Responsible for selecting baseline security controls based on the level of categorization using the NIST SP 800-53 Rev. 4 Appendix D as a guide.
Enhanced governance processes by coordinating with Privacy and Security Engineering teams. Develop, maintain, and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, and other relevant security documentation for existing and new systems.
Utilized CSAM and ServiceNow for tracking security controls implementation. Developing and updating security authorization packages in accordance with the client requirements and compliant with FISMA
Recognize and examine potential security violations to determine impact to security posture, assess the impact, preserve evidence, and take appropriate action to report the incident as required by regulation
Perform validation assessments of implemented controls and maintain required documentation per RMF guidelines
Assist in developing, maintaining or reviewing accreditation and authorization documentation such as the security plan, security assessment plan, and hardware and software diagrams
Assist in developing, maintaining or reviewing business plans and procedures such as IT strategic plan, contingency plan, incident response plan, and standard operating procedures.
Information System Security Officer ISSO, Milden Systems, Laurel, MD [ September, 2020 – December, 2023]
Review and analyze Tenable Security Center and Nessus Assured Compliance Assessment Solution (ACAS) vulnerability scans
Support decision-making authority affecting the availability and function of mission-criticasystems.
Supported federal agency compliance through risk assessments and audits using NIST frameworks.
Authored security authorization packages (SSPs, POA&Ms) and monitored vulnerabilities with Nessus.
Ensured FISMA compliance by implementing robust risk remediation strategies.
Risk Management Assurance Analyst, Forever Solutions Group [FSG], New York, New York ( August 2016 – July, 2020)
Provide cybersecurity/information assurance support for DoD Managed Service Provider, particularly conducting NIST 800-37 Risk Management Framework (RMF)/NIST 800-53 security control implementation activities/tasks to obtain and maintain an Authorization to Operate (ATO)
Prepare and review system documentation to include Policies, Standard Operating Procedures (SOPs), Assessment & Authorization (A&A) packages, architecture diagrams, contingency plan, incident response plan, and other documentation
Ensure security processes and procedures are developed and followed to maintain operational security posture with minimal risk for SaaS system(s)
Coordinate with engineers/system administrators to perform vulnerability scanning and risk assessment using vulnerability management tools (ACAS) and prepare responses to Plan of Action and Milestones (POA&Ms) for IA compliance
Maintain eMASS records and RMF artifacts to support systems’ ATO
Develop and manage the POA&M tracker and Risk-Based Decisions (RBDs)/ Waivers documents for deficiencies
Evaluate system’s risk in respect to operation at the network, system, and at application level
Develops, reviews, and maintains policy/guidance documents, Scan Results, and test result artifacts
Conducts regular assessments of continuous monitoring activities and the security controls that have been implemented to support those activities
Demonstrates an understanding of vulnerability management specifically, how to respond to vulnerability reports and which remediation actions are appropriate to take
Reviewed and analyzed Nessus Vulnerability and Compliance scan results for remediation
Understands the process of information system categorization and how to use that process to select security controls to create system and accreditation documentation
Maintains knowledge of relevant network and security technologies and trends.
Security Controls Assessor, Cyberrisk Beyond Solutions, AL (February, 2014 – July, 2016)
Plan and / or perform security controls assessments for customer systems in accordance with NIST SP 800-53 and NIST SP 800-53A, using processes, guidance and methods to support the customers authority to operate process, or its annual assessment process.
Activities include control assessment (Interview & Examination, physical security walkthroughs and / or technical vulnerability testing), interagency participation, and table-top scenarios.
Document the results of these assessments in Security Assessment Reports (SAR) and Plan of Action and Milestone (POA&M) documents.
Conduct and review system scans using the Assured Compliance Assessment Solution (ACAS) and provide documented results to appropriate stakeholders for review.
Conduct Security Technical Implementation Guide (STIG) validation assessments on information systems in preparation for authorization activities.
Develop and conduct detailed security assessment briefs, providing cyber security risk recommendations to the Authorizing Official Designated Representative (AODR) and Authorizing Official (AO).
Develop and maintain standard processes to assist Information System Security Officers (ISSO) and Information System Owners (ISO) with security control implementation for information syste
Assist with identification and remediation of related security Plan of Action & Milestones (PO&MS).
Identify existing and / or potential system security weaknesses as a result of the assessments, including personnel controls, training, incident and emergency response, logical security controls, physical security controls, operational security and integrity of software applications and data.
Develop and deliver reports and presentations required for communicating findings of the security control assessments.
Conduct vulnerability assessments as directed by program requirements, and to assist with other related assessment activities.
Assess, review, update, develop, and deliver documentation to support program in their security controls assessment activities.
Support the maintenance of assessment tools, and upkeep of testing data.
IT Security Analyst, Alpha and Omega Publications, Kumasi, Ghana (March, 2010 - June 2013)
Analyzed suspicious account activity and properly report.
Assisted in updates of IT security policies, procedures, standards, and guidelines according to requirements
Helped with updating IT security policies, procedures, standards, and guidelines per the respective
Supported cyber security analysis by conducting Vulnerability Management, Security Engineering,
Certification and Accreditation, and Computer Network Defense.
Monitored controls post authorization to ensure constant compliance with the security requirements.
Monitored security tools and correlated reporting and other appropriate information sources to identify
incidents, issues, threats, and vulnerabilities.
Provided daily anomaly and alert reporting from all reviewed tools and sensors.
Provided Security and Privacy expertise to assist with research and response to security and privacy incidents
EDUCATION
- BSc. Computer Science, Kwame Nkrumah University of Science and Technology, Kumasi, Ghana.
- The Technical Institute of America, New York, New York
- CompTIA Security+
- Certified Information System Auditor (CISA)
Contact this candidate