Security Officer Compliance Specialist
Resume:
tobias essuah-mensah
Elkridge, MD
443-***-**** ******************@*****.*** LinkedIn
Senior Information System Security Officer (ISSO)/Compliance Specialist
A certified and experienced Senior Information System Security Officer (ISSO) with over 9 years of expertise in the implementation of cybersecurity frameworks, particularly the NIST Risk Management Framework (RMF). Adept in FISMA and FedRAMP compliance, risk assessments, and the development of security documentation to ensure the integrity and security of IT systems. Proven ability to lead teams, secure Authorization to Operate (ATO), and maintain compliance through effective monitoring and security controls. Recognized for attention to detail, strong leadership, and collaborative problem-solving in high-pressure environments.
CAREER HIGHLIGHTS
Led the Authorization to Operate (ATO) process for the Collibra System, bringing it online within sixty days by ensuring compliance with federal security standards.
Drove change management and documentation efforts, efficiently managing the tracking of over five hundred Change Requests and CIMs, ensuring accurate uploads into CSAM and FootPrints.
Provided monthly security reports on system risk levels and POA&Ms, supporting critical decision-making for CFTC stakeholders.
CORE COMPETENCIES
Cybersecurity Leadership Risk Management & Assessment FISMA & FedRAMP Compliance Vulnerability Assessment & Mitigation Incident Response & Recovery Security Control Testing & Evaluation (ST&E) Auditing
NIST RMF Implementation Security Documentation Continuous Monitoring & Audits Regulatory Compliance
PROFESSIONAL EXPERIENCE
Information System Security Officer (ISSO)/Compliance Specialist
OMNIA CYBER SOLUTIONS LLC, Elkridge, Maryland June 2024 - Present
●Developed and maintained security policies, standards, and procedures.
●Ensured compliance with relevant regulations and standards.
●Implemented and enforced security policies and procedures.
●Conducted risk assessments to identify vulnerabilities and potential threats.
●Developed and implemented risk mitigation plans.
●Managed emerging and defined risks associated with information systems.
●Prepared and reviewed documentation, such as Systems Security Plans (SSPs), Risk Assessment Reports, and Certification and Accreditation (C&A) packages.
●Supported security authorization activities in compliance with relevant frameworks.
●Ensured audit records are collected, reviewed, and documented.
Information System Security Officer (ISSO)/Compliance Specialist
XOR Security – CFTC, Washington D.C. April 2022 – June 2024
●Spearheaded the review and analysis of all system artifacts to ensure compliance and accuracy, supporting Authorization to Operate (ATO) requests.
●Led the continuous monitoring activities using CFTC's Governance Risk and Compliance (GRC) tools, safeguarding network security through operational and technical controls.
●Directed the drafting and review of security documents, applying extensive expertise in the NIST SP 800 family of publications and FedRAMP standards to ensure full system compliance.
●Produced monthly risk assessment reports for senior stakeholders, effectively communicating Plan of Action and Milestones (POA&Ms) and security scan results.
●Enhanced the organization's security posture by implementing robust controls and ensuring the accuracy of audit and compliance reports in the Compliance and Security Assessment Management (CSAM) tool.
●Ensured information systems meet security requirements before they go live (FISMA).
●Regularly monitor, test, and evaluate the effectiveness of security controls (FISMA).
IT Security Control Assessor
Grey Tier Technologies, Alexandria, VA March 2020 – April 2022
●Conducted thorough risk compliance and assurance efforts aligned with NIST SP 800-53A to strengthen organizational cybersecurity resilience.
●Identified security gaps through detailed reviews and assessments, offering actionable recommendations for security risk mitigation strategies.
●Developed and maintained system assurance and accreditation materials, leading the verification of security postures for applications and network systems.
●Led security authorization reviews, ensuring major system changes met regulatory requirements through comprehensive risk analyses and control testing.
●Collaborated cross-functionally to ensure security controls were integrated throughout the system’s lifecycle, driving compliance with IT resilience and dependability standards.
IT Security Control Assessor
Jacobs, Washington D.C. January 2017 – March 2020
●Executed structured security Certification & Accreditation (C&A) activities under the Risk Management Framework (RMF), ensuring compliance with FISMA requirements.
●Enhanced IT security controls by updating Security Test & Evaluation (ST&E) reports and Security Assessment Reports (SAR), contributing to continuous system monitoring and improvement.
●Led system testing and validation efforts, ensuring the accuracy of security controls and compliance with NIST standards.
●Developed test plans and scripts, coordinating with technical teams to execute comprehensive security reviews and vulnerability assessments.
●Communicated technical security information to non-technical stakeholders, ensuring clear understanding of risk levels and security strategies.
Information Assurance Analyst
Robert Half, Washington D.C. June 2015 – January 2017
●Validated system security compliance, ensuring adherence to organizational policies and regulatory standards for data protection.
●Conducted IT risk assessments to verify the confidentiality, integrity, and availability of critical systems, protecting sensitive information from potential threats.
●Reported security control violations, working with risk management teams to implement corrective actions and maintain system integrity.
●Assessed the effectiveness of operating systems and hardware configurations, ensuring compliance with federal security standards.
IT Specialist (SCA Assessor)
Aerotek (Lash Group), Columbia, MD September 2013 – June 2015
●Performed comprehensive IT risk assessments and security control evaluations following NIST standards.
●Conducted security tests and evaluations, identifying vulnerabilities and recommending solutions to mitigate security risks.
●Guided the organization in adopting cybersecurity best practices and regulatory requirements, ensuring compliance across all IT systems.
IT Help Desk Support
Real News Network, Baltimore, MD August 2010 – September 2013
●Provided technical support by managing twenty five help desk tickets per day and troubleshooting workstation configurations, improving operational efficiency.
●Developed Standard Operating Procedures (SOPs) and process flows to streamline onboarding for help desk colleagues.
●Installed and configured new workstations and peripheral devices, ensuring optimal performance and system security.
EDUCATION
Master of Science in Information Technology/Informatics Administration
University of Maryland Global Campus – Adelphi, MD
Bachelor of Science in Media & Communications Studies
University of Maryland Baltimore County – Baltimore, MD
Associate of Arts in General Studies/Business Technology Administration
Howard Community College – Columbia, MD
CERTIFICATIONS
●AWS Certified Developer Associate – Amazon (2018)
●Certificate of Cloud Security Knowledge (CCSK) – Cloud Security Alliance (2017)
●CompTIA Security+
●Certified Information Security Manager (CISM)
●Certificate in Information Assurance – University of Maryland Global Campus (2020)
PROFESSIONAL DEVELOPMENT
●MS Office Suite (Word, Excel, PowerPoint, Access, Visio, Teams, SharePoint)
●Security Tools: Risk Vision, eMass, Archer GRC, Splunk, CSAM
●Cybersecurity Frameworks: Risk Management Framework (RMF), COSO, COBIT, ISO 27002, PCI-DSS, HIPAA, HiTRUST
●Vendor Risk Management, FedRAMP, FIPS 199 & FIPS 200, SORN, E-Authentication
●Security Documentation: Business Impact Analysis (BIA), Contingency Planning (CP), Incident Response Planning (IRP), Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Risk Assessment (RA), Security Assessment Reports (SAR), Plans of Action & Milestones (POA&M)
●Compliance Standards: NIST SP 800 family, FedRAMP, FISMA
Contact this candidate