Candidate Information Name Available: Register for Free Title Information Security Risk Management Target Location US-MD-Damascus Email Available with paid plan	20,000+ Fresh Resumes Monthly     View Phone Numbers     Receive Resume E-mail Alerts     Post Jobs Free     Link your Free Jobs Page     ... and much more Register on Jobvertise Free
Search 2 million Resumes Keywords: City or Zip:	Related Resumes Information Security Risk Management Silver Spring, MD Risk Management Information Security Washington, DC Information Security Risk Management Pikesville, MD Information Security Risk Management Waldorf, MD Information Security Risk Management Baltimore, MD Risk Management Information Security Elkridge, MD Information Security Risk Management Herndon, VA

Candidate's Name ,EMAIL AVAILABLEOBJECTIVEA dedicated and detailed oriented IT information and security analyst with 6plus years of professional experience. Knowledgeable in Information Assurance, Audit and Evaluation, Testing and Monitoring, FISMA/NIST, FedRAMP, HIPAA, and Risk Assessment of General Support Systems(GSS), Major and Minor Applications. Excellent knowledge of security tools, technologies and best practices in Risk management framework (RMF). Possess an in-depth ability in performing information security risk assessments and analysis, risk mitigation in large-scale networked application environments. Performed risk analysis, assessment testing and analysis. Working knowledge of Network Infrastructures, Data Warehouses, Web Applications, Servers, Windows systems. I possess a strong managerial skill, excellent in relationship building and developing strategic partnership. I am an expert in FISMA compliance. I am highly adaptive and have superior analytical and organizational skills as well. I am a fast learner, can multi-task. I can also work independently and as a contributing team member. SKILLS, ABILITIES & FRAMEWORKSAbility to work effectively in teams, both as a team lead or as a member. Excellent written and verbal communication with strong analytical skills. RMF, FISMA, FedRAMP, NIST 800 -53, NIST 800-37, Archer, CSAM, Nessus, Nexpose, Splunk, DISA STIG Viewer, SCAP Tool, ServiceNow, BMC Remedy Ticketing System, Cloud Security, Jira.TRAININGS Anti-Phishing Awareness Training Incidence Response & Information Security Awareness Training FISMA Compliance Certification Risk Management Framework Third Party Risk ManagementCERTIFICATIONCompTIA Security +, CISA, GCPDEEDUCATIONCybersecurity specialist program  2006National Institute of Information Technology, Ghana Accra, GhanaPolitical Science and Geography 2010Kwame Nkrumah University of Science and Technology Kumasi, GhanaBachelor of Laws Degree -- 2015Ghana Institute of Management and Public Administration (GIMPA) Accra, GhanaInternational legal studies program (Data Privacy Law) -- 2018 American University, Washington College of LawProfessional Law Certificate -- 2019Ghana School of LawAccra, GhanaCybersecurity  2021Eretmis Academy, New YorkPROFESSIONAL EXPERIENCECyber Security Analyst, Jan 2020- PresentCylioc Solutions Conduct kick off meetings to collect systems information (information type, boundary, inventory etc.) and categorize systems based on NIST SP 800-60. Conduct IT controls risk assessments including reviewing organizational polices standards and procedures and providing advice on their adequacy, accuracy, and compliance with industry standards. Assist with the development of System Security Plan (SSP) to provide an overview of federal information system security requirements and described the controls in place to meet those requirements. Create documentation to support information system authorization/accreditation packages, Conduct and document reviews of NIST, FISMA and other policy documents and vendor publications related to enterprise technologies and recognize, modify and update procedures resulting from the new guidance. Assist System Owners in preparing certification and Accreditation package for companys IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800- 53 R4. Research verifies and document information security controls using Federal Certification and Accreditation (C&A) and FEDRAMP processes. Initiate coordinate and track the patching and remediation of security weaknesses as they are discovered, via a "Plan of Actions and Milestones"(POAM). Provide continuous monitoring support for information systems. Develop IT architecture deliverables, specific to information security countermeasure implementations, for operational systems and systems under development. Conduct follow up meetings to assist information system owners to close/remediate POA&M items. Involved with reviewing, maintaining, and ensuring all assessments and authorization(A&A) documentation are included in the system security package. Interface directly with all levels of federal management, system owners, administrative personnel, and highly technical cyber analysts to monitor and assess all phases of C&A. Utilize vulnerability scanner results to identify and mitigate any security loopholes. Performed Information Security Risk analysis, vulnerability assessment, and regulatory compliance assessment service with a focus on the Federal Information Security Management Act (FISMA) and National Institute of Standards and Technology (NIST). Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)Associate Attorney, Nov 2020- June 2022Ankomah-Sey, Apatu-Plange & Partners Review of legal agreements and contracts including service level agreements, vendor contracts etc. Drafting of legal memoranda and opinions for local and international corporate clients. Conducted due diligence regarding large-scale business transactions. Represented individual and corporate clients in legal proceedings in courts. Provided corporate advisory services and company secretarial services as required by the Companies Act of Ghana.Associate Attorney, Nov 2019- Oct 2020Freshfields Law Consult Review of legal agreements and contracts, including service level agreements, vendor contracts etc. Drafting of legal memoranda and opinions for local and international corporate clients. Conducted due diligence regarding large-scale business transactions. Represented individual and corporate clients in legal proceedings in courts. Provided corporate advisory services and company secretarial services as required by the Companies Act of Ghana.Law Lecturer, September 2018- May 2022University of Professional Studies, Accra (UPSA) Law School Taught Introduction to Data Privacy Law Taught Intellectual Property Law Taught Immovable Property Law Taught Introduction to Cybersecurity LawInformation Security Analyst, Aug 2017- Nov 2019TestPros, Inc Involved in the utilization of the Risk Management Framework phases starting from categorization, control selection, control implantation, control assessment, authorization and continuous monitoring processes. Conducted kick off meetings with key stake holders to collect systems (information type, boundary, inventory, etc.) and categorized system based on NIST SP 800-60 and FIPS 199 Conducted Risk Assessment and came out with Risk Assessment Report (RAR). Assisted in tailoring security control baseline with the ISSO while adhering to a formal and well-established security requirement authorized by NIST SP 800-53. Performed rigorous assessments of security controls using industry-standard guidance and leading practices to assess the adequacy of management, operational, privacy, and technical security controls implemented. Assisted the ISSO in the development of System Security Plan (SSP), Configuration Management Plan (CMP), Contingency Plan (CP), Incident Response Plan and change control implementation process. Performed walkthrough interviews and maintained communication with a variety of client stakeholders, including system personnel such as database administrators to ensure the security of the system. Professionally documented the results of security controls in a consistent and high-quality manner. Summarized and communicated security control assessment results to senior leadership personnel. Worked with client personnel to understand and analyze known security control weaknesses, identify root causes, and develop robust remediation plans. Conducted Business Impact Analysis (BIA) to analyze critical system assets and quantify the impact to the system if interrupted. Involved in the companys security awareness program to educate employees and managers on current threats and vulnerabilities. Managed existing POA&Ms and provided quarterly POA&M status updates. Performed continuous monitoring strategy of all assigned information systems. Security Control Assessor, Feb 2016 - July 2017Sky Solutions Perform technical analysis and review of cyber security artifacts (System Security Plans(SSP), Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), Contingency Plan and Contingency Plan Test, Security Test and Evaluations (ST&E) and the Plan of Actions and Milestones (POA&M). Conduct security control assessments based on NIST SP 800-53A to identify system threats, vulnerabilities, and risks. Conduct meetings to discuss vulnerabilities and potential remediation actions with system owners. Identified weaknesses from vulnerabilities scans are remediated in accordance with the companys approved timeline. Develop Security Assessment Reports (SAR), detailing the results of the assessment along with Plan of Action and Milestones (POA&M). Prepare Security Assessment and Authorization (SA&A) packages for organization to ascertain ATO. Conduct follow up meetings to assist information system owners to close/remediate POA&M items. Prepare recommendation reports that are made available to system owners to remediate identified vulnerabilities during the risk assessment process. REFERENCESReferences will be furnished upon request.