Post Job Free
Sign in

Secret Clearance Information Security

Location:
Suwanee, GA, 30024
Posted:
September 04, 2025

Contact this candidate

Resume:

NANA OWUSU

Lawrenceville, GA

770-***-****

Active Secret Clearance

https://www.linkedin.com/in/nana-owusu-0b6497288/

SUMMARY

Accomplished Cybersecurity and Governance, Risk & Compliance (GRC) leader with 10+ years of experience driving enterprise security programs for high-stakes federal environments, including 4 years safeguarding CDC systems. Proven success in security control assessments, risk management, compliance audits, and remediation management within FISMA, HIPAA, FedRAMP, and NIST RMF/CSF frameworks & Zero Trust security. Recognized for bridging technical expertise with business objectives to enhance security posture, reduce vulnerabilities, and ensure regulatory compliance. Active Secret Clearance.

QUALIFICATIONS SUMMARY

CISM and CEH certified, backed by additional credentials including CompTIA Security+, CASP, CNDA, and Server+.

Demonstrated expertise in audit readiness, remediation planning, and vendor/third-party risk assessments.

Proficient in EMASS, CSAM, and DISA ACAS v5.3 for comprehensive security testing and compliance validation.

Proven leadership with 2 years managing cybersecurity teams and projects.

Deep working knowledge of federal and state regulations, including HIPAA and NIST 800-53 security controls.

Skilled in applying CIS Critical Security Controls, DISA standards, ISO/IEC frameworks, and FedRAMP requirements to enterprise systems.

Advanced experience in risk assessments, security posture evaluations, and remediation management that consistently close audit gaps and strengthen compliance readiness.

Hands-on with AWS security controls, HIPAA Final Security Rule, and HITRUST compliance standards.

Education and Certifications

The Wayne State University – Bachelor of Science Computer Science, 2011

Certified Information Security Manager (CISM)

CompTIA Advanced Security Practitioner (CAPS)

Certified Ethical Hacker (CEH)

CompTIA Security Plus (SEC +)

Certified Network Defense Architect (CNDA)

CompTIA Server+

Professional Experience:

Information Security Engineer- Senior, CDC/Credence- June 2021 - June 2025

Developed, communicate, and maintain cybersecurity policies, standards, and procedures, ensuring alignment with federal mandates such as FISMA.

Facilitated the annual review of cybersecurity policies and oversee the distribution and training on updated procedures.

Interpreted regulations and create decision papers to guide CDC's cybersecurity initiatives and ensured compliance across various operational levels.

Engaged with stakeholders to respond to Requests for Information (RFIs), Requests for Comments, and data calls pertinent to cybersecurity guidance.

Leased with CSPO staff and CDC Program stakeholders to coordinate the documentation, planning, assessment, and mitigation requirements necessary to complete the system Security Assessment and Authorization (SA&A) process, for approximately 700 CDC systems, based upon FISMA requirements using required SA&A management systems and tools such as RSA Archer, Trusted Agent, SharePoint, and Excel

Provided senior-level expertise in Cybersecurity Governance, Risk, and Compliance (GRC), supporting CDC programs and partners in navigating complex GRC requirements.

Served as the primary system assessor, the assessor shall design, develop, and implement an assessment and authorization validation process that tests systems and applications to validate implementation and function of security controls for CDC Infrastructure, Platform and Software implementations.

Reviewed and update CDC IT system security control assessments and plans (SAP) to reflect accurate system information as part of the System Assessment and Authorization (SA&A) process as well as for required system annual assessments.

Conducted reviews and assessments in accordance with the assessment procedures defined in the security assessment plan (SAP)

Conducted manual and automated testing on existing and new CDC IT systems to identify system weaknesses and design flaws requiring remediation to reduce potential attack vectors as part of the System Assessment and Authorization (SA&A) process as well as during system annual assessments.

Documented the assessment and authorization validation process that tests systems and applications to validate implementation and function of security controls at the infrastructure, platform, and software levels.

Documented CDC IT system findings using designated GRC tool(s) such as RSA Archer, Trusted Agent and shall generate, review and update Security Assessment Reports (SAR) and submit reports to the SA&A Team Lead

Participated in continuous monitoring and risk assessment of key business processes to drive risk-based audit plan.

Conducted IT controls risk assessment including reviewing organizational policies, standards, and procedures and providing advice on their adequacy, accuracy, and compliance with industry standards.

Provided IT Audit expertise involving Governance Risk Compliance GRC involving Capability Maturity Model CMM, ISO/IEC standards.

Monitored all CDC IT system compliance and support activities submitted to CSPO SA&A mailboxes, MS SharePoint solutions, or the OCIO Tracking Tool and Enterprise Reporting (OTTER) system for SA&A, Self-Assessments, and Contingency Plan correspondence, ensuring appropriate actions are initiated and recorded based on established timeframes and much more.

Conducted IT compliance testing to assess risk, evaluate internal controls, safeguard assets, and analyze controls supporting and operating procedures. Audit planning, testing, and reporting.

Evaluated IT Compliance gaps and collaborated with management on remediation.

Performed audit of IT General Controls such as, Access Control, Change Management, IT Operations, Disaster Recovery and Platform Reviews (Windows and UNIX OS) using applicable frameworks like COSO, COBIT and PCI DSS.

Liaised with external auditors to streamline audits, improving regulatory compliance efficiency.

Enhanced the control environment through control gap analysis and remediation plans

Reviewed Authorization to Operate (ATO) packages (i.e., SSP, RA, CMP, ISCP, DRP, IRP

and PIA) for seven systems and facilities using NIST publications.

Worked closely with system owners to oversee the preparation of Comprehensive and Executive Certification & Accreditation (C&A) packages for approval of an Authorization to Operate (ATO); generate, review and update System Security Plans (SSP) against NIST 800-18 and NIST 800-53 requirements.

Developed, communicated, and maintained cybersecurity policies, standards, and procedures in alignment with FISMA and other federal mandates.

Facilitated annual review of cybersecurity policies and delivered training on updated procedures.

Led Security Assessment & Authorization (SA&A) process for ~700 CDC systems, ensuring compliance with NIST 800-53 controls and documentation requirements.

Designed and implemented assessment validation processes to verify control effectiveness across infrastructure, platform, and software layers.

Conducted manual and automated security testing to identify system vulnerabilities, tracked findings, and oversaw remediation to closure.

Performed risk-based audits leveraging NIST, CIS Controls, FedRAMP, and ISO/IEC frameworks to ensure operational compliance and minimize security exposure.

Produced Security Assessment Reports (SARs) and collaborated with stakeholders for mitigation planning.

Enhanced security posture by identifying control gaps, conducting remediation planning, and validating effectiveness of implemented controls.

Implemented data encryption solutions for data at rest and in transit.

Cybersecurity Analyst, Vectrus Afghanistan- March 2015- March 2020

Provided key government US TAAC SOUTH MILITARY) personnel with policy coordination and interpretation support, general information security support, and assisting with the development and implementation of a defensive security program that protects Information systems and documents.

Drafted POA&M’s and tracked theses POA&Ms to make sure vulnerabilities were remediated, and the POA&M was closed.

Experienced with Zscaler or Cisco SASE demonstrates strong skills in implementing Zero Trust security models for modern, distributed workforces. This expertise is highly valuable for securing access to applications and data across various environments, from on-premises to multi-cloud setups.

Determined how the TAAC South Military systems will be impacted if security controls were not implemented.

Assisted with defining security objectives and system-level performance requirements.

Researched and stayed abreast with tools, techniques, countermeasures, and trends in computer network vulnerabilities.

Spearheaded risk-based audit plans by leveraging frameworks such as NIST 800-53 and COBIT to evaluate IT environments.

Developed and conducted ST&E (Security Test and Evaluation) per NIST SP 800-53A and perform on-site security testing using vulnerability scanning tools such as Nessus, after which an assessment report is created.

Supported US TAAC South Military operations with security policy interpretation, compliance support, and defensive security program implementation.

Confirmed and ensuring the appropriate DoD RMF (Risk Management Framework) process is met and the adequate input of documentation, such as ACAS scans, STIGs.

Utilized vulnerability scanning tools such as Nessus and ACAS to identify weaknesses and prepared assessment reports with remediation recommendations.

Evaluated risk impacts of unimplemented controls and developed mitigation strategies.

Applied NIST, COBIT, and CIS frameworks in risk assessment activities to ensure mission-critical system security.

Conducted vulnerability scanning and remediation using Nessus/ACAS and supported incident response and forensics

System Administrator, LexisNexis Alpharetta, GA-June 2007- March 2015

Provided PKI engineering support in the areas of Public Key Enabling, logical access, encryption, and other ID management initiatives.

Installed, configured, and troubleshoot Windows Operations systems.

Organized lab sessions for Cisco router and switch installation, configuration and troubleshooting

Provided technical support at Level II to LexisNexis External customers.

Desktop/Laptops and Wireless & LAN related issues. As a senior technical support team member, also provide hands on mentoring and leadership to other team members.

Provided network support and management utilizing Cisco Works, Open view, AR-Remedy Ticketing System and Nortel Device Manager while effectively interacting with internal, external users and clients to maintain customer satisfaction.

Configured and managed Active Directory environments, enforcing access controls with MFA/SFA.

Administered and maintained endpoint protection tools (e.g., Symantec, CrowdStrike) across enterprise endpoints.

Implemented firewall rules, VPN solutions, and network segmentation to strengthen perimeter defenses.

Deployed and maintained SIEM/logging tools (Splunk, ELK) to detect and respond to security incidents.

Created and enforced application security policies (AppLocker, allowlisting) to control execution environments.



Contact this candidate