DAVID OPOKU-MENSAH

· Conducted Kick-off meetings with system owners, security staff and other stakeholders in efforts to understand the established information system

· Documented and conducted a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system

· Created/updated security assessment plan to present the intended schedule, outline the control being evaluated and acknowledge rules of engagement during assessment

· Coordinated with team on reviewed assessment procedures in order to develop a symmetric overall company system

· Determined the overall control effectiveness through documentation review, inspections, testing and interviews. Provide an assessment of the severity of weakness or deficiencies and recommend corrective actions to address identified vulnerabilities

· Drafted and validated plan of action Plan of Action & Millstone to ensure non-compliant controls are identified, updated and addressed within an accepted timeframe

• Managed user authentication and authorization of data access.

· Leveraged Risk Management Framework to assign impact levels to systems, selected applicable controls, assessed controls effectiveness and performed continuous monitoring activities

· Categorized Information system using NIST 800-60 and assigned the appropriate impact levels as required

· Performed required adjustments of impact levels of the information system using FIPS 199 to align with the overall systems objectives

· Selected appropriate security controls as per NIST 800-53 for the information systems and collaborated with engineering teams to implement the selected controls

· Developed System Security Plan to capture system purpose, security requirement and outlined systems interconnections and all implemented security controls

· Prepared required documentation for Information System including Contingency Plan, Configuration Management Plan and Risk Assessment in collaboration with System Owner

· Analyzed and reviewed evidence of implemented controls to ensure each assessment objective was achieved

· Prepared for and conducted in-person interviews and witnessed implementation to ascertain control effectiveness

· Evaluated exposed threats and vulnerabilities to assess whether further safeguards are recommended.

· Collaborated with Information System Security Officer to evaluate Security System report and develop Plan of Action & Milestone that highlights the assessed controls including the satisfactory and unsatisfactory controls with suggested remediation

· Supported and documented security controls tests and assisted in remediation to ensure that POAMs are being appropriately managed

• Managed user authentication and authorization of data access.
• Supported users with in-person and remote technical assistance.
• Provided training and support to users for both hardware and software needs.
• Promoted security awareness among employees and clients to alleviate risks and breaches.
• Learned about latest security threats from blogs and online publications.
• Designed, implemented and maintained security systems and controls.