Summary
Overview
Work History
Education
Skills
Affiliations
Certification
Secret Clearance
Core Technical Skills
Timeline
Generic

Christina B. Asiedu-Akrofi

Summary

Senior cybersecurity professional with 9+ years of experience supporting federal and cloud environments through NIST RMF, FISMA, and FedRAMP compliance. Proven expertise in ISSO operations, security control assessments, authorization packages, continuous monitoring, POA&M management, and incident response. Extensive experience supporting ATO lifecycle activities across civilian and DoD agencies. Highly skilled in translating technical risk into actionable compliance outcomes while partnering with system owners, engineers, and leadership. Meticulous, mission-driven, and client-focused with a strong record of sustaining audit-ready security programs.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Cyber Security Analyst/ISSO/ Technical Writer

Delviom
01.2024 - 08.2025
  • Led ISSO support activities across FEMA systems, supporting ATO issuance and sustainment under NIST RMF.
  • Developed and maintained SAPs, SARs, SSPs, POA&Ms, SOPs, and security policies aligned with NIST SP 800-53 and FedRAMP.
  • Reviewed security control implementation statements and supporting evidence to validate compliance and document findings.
  • Supported Security Control Assessments (SCAs), including kickoff meetings, coordination, assessor support, hot washes, and out-briefs.
  • Performed continuous monitoring activities, validating ongoing compliance post-authorization.
  • Compiled and analyzed assessment data from CSAM, system artifacts, and scan reports to produce accurate risk documentation.
  • Conducted cloud security assessments (AWS, Azure, GCP) against FedRAMP Moderate/High baselines.
  • Tracked remediation activities and ensured POA&M items met SLA requirements.
  • Collaborated with CSPs, system owners, and stakeholders to resolve security findings and reduce risk posture.
  • Authored technical narratives and compliance documentation supporting executive-level decision-making.

IT Support for Presidential Transition Team

Delviom
03.2024 - Current
  • Supported RMF assessment and authorization efforts for Presidential Transition Team IT systems.
  • Conducted control risk assessments against NIST SP 800-53 Rev. 5 Moderate requirements.
  • Developed SAPs, SARs, and POA&Ms, documenting findings and remediation strategies.
  • Reviewed system architectures, vulnerabilities (Qualys), and defense-in-depth strategies.
  • Coordinated with system owners to validate system documentation, data flows, ports, protocols, and services.
  • Facilitated stakeholder meetings and conducted QA reviews of assessment deliverables.

Senior Security Control Assessor (SCA)

Delviom
12.2022 - 09.2023
  • Reviewed and updated USAGM IT Security Program policies and procedures, ensuring CISO approval.
  • Supported ISSOs with continuous monitoring, POA&M tracking, vulnerability analysis (Qualys), and documentation updates.
  • Conducted independent ST&Es for FISMA Moderate and cloud systems.
  • Developed and reviewed SSPs, FIPS 199s, ConMon Plans, IRPs, DR/CPs, CMPs, and PIAs.
  • Produced weekly status reports outlining assessment progress and risks.
  • Monitored changes in NIST, OMB, and FISMA guidance and updated security procedures accordingly.

Information System Security Officer

MindPoint Group
10.2021 - 05.2023
  • Select security controls using Confidential 800-53 Rev 4 as guidance based on system security categorization.
  • Provided practical guidance in investigating security incidents and troubleshooting computer operational problems following SP 800-86.
  • Conduct risk management by identifying, assessing, responding, and monitoring risk, respectively.
  • Take part in the Assessment meetings per Confidential SP 800-53A.
  • Exposure to POA&M tracking tools like Cyber Security Assessment and Management, Excel spreadsheet to ensure POA&M is not in a delayed status.
  • Prepare Security Assessment Reports (SAR) in which all the weaknesses are reported.
  • Assists in the preparation of assurance documentation to support the evaluations.
  • Experience with tools like Splunk, Service Now, and data for reporting.
  • Record accurate assessment results, identifying findings and recommendations to mitigate them.
  • Execute examine, interview, and test procedures in accordance with applicable compliance framework (NIST SP 800-53A and FedRAMP).
  • Conducted assessment on Management, operational, and technical Security Controls.
  • Knowledgeable/application of FISMA, FedRAMP, and NIST Risk Management Framework.
  • Determine threat sources and apply security controls to reduce risk impact.
  • Develop mitigation and remediation plans because of vulnerability assessment findings.
  • Use Confidential 800-60 vol. 2 as an information guide for security categorization.
  • Validate respective information system security plans to ensure NIST control requirements are met.
  • Author recommendations associated with assessment findings on how to improve the customer’s security posture in accordance with NIST controls.
  • Ensure cybersecurity policies are adhered to and that required controls are implemented.
  • Develop resultant SCA documentation, such as Security Assessment Plan (SAP) and Security Assessment Report (SAR).
  • Develop and maintain a Continuous Monitoring program for the CSP solutions in line with the organization's ISCM policies, FISMA, and FedRAMP requirements.

Information System Security Officer (ISSO)

Superlative Technologies (dba SuprTEK), Inc.
03.2020 - 12.2022
  • Implemented the seven steps of RMF by NIST 800-53 rev 4 and secured an A&A package for systems.
  • Prepared packages A&A, including System Security Plan, Security Assessment Report, POA & M, and Authorization to Operate letters.
  • In collaboration with system owners, the Chief Information Officer, and other internal stakeholders, conduct a systematic analysis of systems architecture and posture and develop System Security Plans, Privacy Impact Assessments, Annual Assessments, Contingency Plans, and Incident Response Plans.
  • Performed Information Systems Security Audit, Certification, and Accreditation (C&A) test in compliance with the NIST 800 series standard.
  • Managed POA&M and tracked remediation of vulnerabilities to ensure confidentiality, integrity, and availability of information, systems, and operations.
  • Created Requirement Traceability Matrix (RTM) and documented the status of assessed controls as satisfied or other than satisfied using NIST SP 800-53A as a guide.
  • Performed ongoing continuous monitoring of security systems using NIST 800-18 and NIST 800-53 requirements.
  • Developed security policies and procedures, security assessment and authorization (A&A) packages using NIST 800 series SP for FISMA compliance.
  • Maintain all required risk management-related databases (i.e., eMASS, DITPR, PPSM, ESPS, etc.).
  • Utilized the GRC tool to record, manage, and assess common threats and vulnerabilities.
  • Tracked and managed POA&M in eMASS.
  • Performed evaluation of policies and procedures, and analyzed penetration testing and vulnerability scan results, to address controls deemed insufficient during Assessment and Authorization (A&A).
  • Monitored controls post authorization to ensure continuous compliance with FISMA guidelines.
  • Documented and reviewed the System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), and Authorization letter/memorandum (ATO).

Compliance Analyst

Alation
10.2019 - 03.2020
  • Conducted SOC 2 Type I and Type II assessments, evaluating control design and operating effectiveness across Security, Availability, and Confidentiality trust principles.
  • Performed PCI DSS assessments, validating compliance with cardholder data environment (CDE) requirements, including access control, encryption, logging, and vulnerability management.
  • Executed control testing procedures (examine, interview, and test) and documented assessment results, findings, and remediation recommendations.
  • Reviewed and validated security policies, procedures, and technical evidence to support audit readiness.
  • Identified control gaps, assessed risk impact, and developed remediation plans to address SOC 2 and PCI deficiencies.
  • Tracked findings and remediation activities to closure, ensuring alignment with compliance timelines.
  • Collaborated with engineering, compliance, and business stakeholders to clarify requirements and support successful audits.

Security Compliance Analyst/ Governance Support Compliance Analyst

Falconwood Inc
09.2016 - 02.2020
  • Developed, reviewed, and updated Information Security System Policies, and established security baselines per NIST, FISMA, FIPS, and industry best security practices.
  • Performed risk assessments, reviewed, and updated Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and other tasks and specific security documentation.
  • (SA&A) Security Assessment and Authorization using NIST SP 800-53 rev4/FIPS 200 (Security Controls), NIST SP 800-53A rev4 (Assessing Security Controls).
  • Monitored controls post authorization to ensure constant compliance with the security requirements.
  • Map Navy ERP and SLDCADA Systems Standing Operating Procedure/Policy/Guide to corresponding NIST 800-53 r4.
  • Conduct kick-off business process re-engineering working sessions with System Owners regarding RMF document creation revisions and review process.
  • Review Plans of Action and Milestones (POA&M) for identified vulnerabilities and perform compliance monitoring.
  • Ensured the implementation and maintenance of security controls under the SSP and assisted with both external and internal audits for designated systems.
  • Developed a formal process for maintaining major or minor applications on an ongoing Authorization (OA) ATO.
  • Collaborated with stakeholders to ensure the identified weaknesses from vulnerability scans were remediated.

Project Delivery Senior Analyst/ Cyber Risk Consultant

Deloitte Consulting
09.2014 - 01.2016
  • Conducted and documented vulnerability assessments, including development and review of SSPs, POA&Ms, and Security Control Assessments.
  • Applied knowledge of and experience with NIST SP 800-115, 800 53 Rev. 4, 800-53A, 800-137, and 800-37 Rev. 1 in security assessments and compliance efforts.
  • Led and participated in customer-facing meetings to communicate security posture, risks, and remediation strategies.
  • Authored, updated, and reviewed security documentation, including System Security Plans (SSPs), Standard Operating Procedures (SOPs), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Configuration Management Plans (CMPs), and Waivers.
  • Assisted in evidence collection, compliance monitoring, and evaluation criteria updates to support security control assessments and audits.
  • Monitored and tracked remediation of compliance issues, ensuring corrective actions were implemented and deficiencies resolved.
  • Supported the implementation and validation of security controls, including applying system hardening, security patches, and configuration updates.
  • Analyzed and reviewed vulnerability scan results using Nessus to identify, validate, and report security risks.
  • Maintained system documentation for hardware/software revisions, patch management, and secure baselines in accordance with organizational policies.
  • Recognized for strong initiative, teamwork, and ability to work independently while engaging effectively with stakeholders at all organizational levels.

Education

Business Administration -

University of Maryland Global Campus

AAS -

Prince George Community

Master's in Cybersecurity Management -

University of Maryland Global Campus

Skills

  • NIST Risk Management Framework (RMF)
  • FedRAMP (Moderate / High)
  • FISMA Compliance
  • Information System Security Officer (ISSO) Operations
  • Security Assessment & Authorization (ATO)
  • Continuous Monitoring (ConMon)
  • POA&M Development & Management
  • System Security Plans (SSP)
  • Security Assessment Plans / Reports (SAP / SAR)
  • Security Control Assessments (SCA)
  • Incident Response & Risk Analysis
  • Privacy (PII, PTA, PIA)
  • Security Governance & Policy
  • SOC 2
  • PCI-DSS
  • Knowledge of Microsoft Office Programs
  • Navy ERP system
  • DISA Systems
  • Microsoft Active Directory
  • STIGs
  • STIGs Viewer
  • Nessus Tenable
  • Splunk
  • ACAS
  • SCAP
  • SharePoint
  • EMASS
  • PPSM
  • SNAP
  • ESPS
  • XACTA
  • CSAM
  • JIRA

Affiliations

  • Distinguished alumni of the University of Maryland Global Campus
  • Member of The National Society of Leadership and Success (NSLS)

Certification

  • Certified Information Security Manager (CISM), 01/31/27
  • Certified Information Systems Security Professional (CISSP), 12/31/27

Secret Clearance

True

Core Technical Skills

  • NIST Risk Management Framework (RMF)
  • FedRAMP (Moderate / High)
  • FISMA Compliance
  • Information System Security Officer (ISSO) Operations
  • Security Assessment & Authorization (ATO)
  • Continuous Monitoring (ConMon)
  • POA&M Development & Management
  • System Security Plans (SSP)
  • Security Assessment Plans / Reports (SAP / SAR)
  • Security Control Assessments (SCA)
  • Incident Response & Risk Analysis
  • Privacy (PII, PTA, PIA)
  • Security Governance & Policy
  • SOC 2
  • PCI-DSS

Timeline

IT Support for Presidential Transition Team

Delviom
03.2024 - Current

Cyber Security Analyst/ISSO/ Technical Writer

Delviom
01.2024 - 08.2025

Senior Security Control Assessor (SCA)

Delviom
12.2022 - 09.2023

Information System Security Officer

MindPoint Group
10.2021 - 05.2023

Information System Security Officer (ISSO)

Superlative Technologies (dba SuprTEK), Inc.
03.2020 - 12.2022

Compliance Analyst

Alation
10.2019 - 03.2020

Security Compliance Analyst/ Governance Support Compliance Analyst

Falconwood Inc
09.2016 - 02.2020

Project Delivery Senior Analyst/ Cyber Risk Consultant

Deloitte Consulting
09.2014 - 01.2016

Business Administration -

University of Maryland Global Campus

AAS -

Prince George Community

Master's in Cybersecurity Management -

University of Maryland Global Campus

Similar Profiles

  • ASIF SAIYEDASIF SAIYED

    Business Intelligence Analyst at Delviom LLC/Fidelity InvestmentsBusiness Intelligence Analyst at Delviom LLC/Fidelity Investments

  • CAMILLE L. ALEXANDERCAMILLE L. ALEXANDER

    Cyber Security Analyst/Technical Writer at Strategic Staffing Solutions – DTE EnergyCyber Security Analyst/Technical Writer at Strategic Staffing Solutions – DTE Energy

  • Ivan Claudio AmbaIvan Claudio Amba

    Cyber Security Analyst (ISSO) at DelTaah-Tech ConsultingCyber Security Analyst (ISSO) at DelTaah-Tech Consulting

  • null null

    Cyber Security Analyst/ ISSO at Intellect SolutionsCyber Security Analyst/ ISSO at Intellect Solutions

  • Theresa AdjapongTheresa Adjapong

    Senior Cybersecurity Analyst at OptumServeSenior Cybersecurity Analyst at OptumServe

CREATE PROFILE
Christina B. Asiedu-Akrofi