Jerry Mensah
Information Systems Security Officer
El Paso,TX
Work Preference
Summary
A well detailed individual with over 10 years of experience as an Information Assurance Analyst, Cyber Security analyst/IA, ISO, Security Auditor, ACAS,SCA, Privacy and Data Analyst/Protection. Offers a diverse background of systems security support and network security support, with extensive knowledge in Vulnerability Scanning, RMF, ISO Computer security professional with [Number] years of progressive experience in [Industry] industry. Demonstrated skill identifying business risks and compliance issues and designing proactive solutions. Background designing and implementing layered network security approaches.
Overview
10
10
years of professional experience
7
7
Certifications
Work History
Information System Security Officer
William Beaumont Army Medical Center, WBAMC
El Paso, TX
09.2022
- Utilizing one or more Risk Management Framework implementation methods to include but not limited to; NIST SP 800-53, NIST SP 800-171, DoDM-5220-22 (NISPOM)
- Provide cybersecurity/information assurance support for DHA Managed Service Provider, particularly conducting NIST 800-37 Risk Management Framework (RMF)/NIST 800-53 security control implementation activities/tasks to obtain and maintain an Authorization to Operate (ATO)
- Prepare and review system documentation to include Policies, Standard Operating Procedures (SOPs), Assessment & Authorization (A&A) packages, architecture diagrams, contingency plan, incident response plan, and other documentation
- Ensure security processes and procedures are developed and followed to maintain operational security posture with minimal risk for SaaS system(s)
- Coordinate with engineers/sysadmin to perform vulnerability scanning, risk assessment analysis using vulnerability management tools (Tenable Security Center/Nessus/ACAS) and prepare responses to Plan of Action and Milestones (POA&Ms) for IA compliance
- Maintain eMASS records and RMF artifacts to support systems’ ATO
- Develop and manage the POA&M tracker and Risk-Based Decisions (RBDs)/ Waivers documents for deficiencies
- Evaluate system’s risk in respect to operation at the network, system, and at application level
- Develops, reviews, and maintains policy/guidance documents, Scan Results, and test result artifacts,
- Conducts regular assessments of continuous monitoring activities and the security controls that have been implemented to support those activities
- Demonstrates an understanding of vulnerability management; specifically, how to respond to vulnerability reports and which remediation actions are appropriate to take
- Understands the process of information system categorization and how to use that process to select security controls to create system and accreditation documentation
- Maintains knowledge of relevant network and security technologies and trends
- Assist in preparation and review documentation to include System Security Plans (SSPs), Risk Assessment Reports (RAR), Security Controls Traceability Matrix (SCTM), and other Assessment & Authorization (A&A) or (RMF) artifacts
- Support efforts for vulnerability/risk assessment analysis to support Assessment & Authorization (A&A), including system self-assessments
- Learn and conduct independent scans of the operating systems, applications, networks, and databases with tools such as DISA STIGS and SCAP (SCC) tool, Tenable Security Center/Nessus, and other vulnerability/compliance verification tools that are required
- Assist in the research and address information security issues as required, and develop and maintain the Plan of Action and Milestones (POA&M) and support remediation activities
- Provide continuous monitoring, security reviews, and technical inspections to enforce security policies, controls and procedures and mitigate identified vulnerabilities and weaknesses
- Responsible for conducting system account management, training tracking and audit log reviews and recording and reporting results
- Provide direction and guidance to other employees about computer security issues via security education and awareness, conduct Information Systems Security briefings, participate in self-inspections and audits, and investigate security incidents
- Ad hoc duties as assigned.Implement and develop Infosec tools to improve the cybersecurity posture of the unclassified and classified computing systems within the IMD.
Network Engineer Administrator
White Sand Complex
Las Cruces, NM
02.2022 - 09.2022
- Proficiency in a privacy information management system (e.g., OneTrust) required, tool certifications preferred
- Lead and manage ISO 27001, 27017, 27018, 27701 audit and certification
- Review ISO 27001, 27017 controls testing and handle communications with control owners and business partners
- Coordinates and collaborates with business units on the identification of risks/gaps to ensure alignment with established control environments
- Partner with business unit management (business owners and technical owners) to design and implement and test corrective action plans resulting from the ISO 27001 readiness assessment
- Provides technical expertise to the teams and uses sound security and audit practices
- Work with Security Operation, Engineers and Privacy teams to understand the information security and privacy risk profile and use this knowledge for ISO audit planning and execution
- Partner with security and engineering teams to review, assess, and evaluate the effectiveness and the results of the enterprise cybersecurity threat, vulnerability monitoring campaign and management plan
- Design, lead and execute audit programs, including applicable controls from the SOA, operational process reviews, system implementation reviews, application and other IT-related risk areas
- Ability to identify gaps (through Gap Analysis) in policies and policy documentation, then create the appropriate policy and/or bridge identified gaps
- Work with management and users to interpret the significance of audit findings, conclude on findings, make practical recommendations, and verify that remediation plans are implemented
- Strong written and verbal skills with experience preparing work papers, audit reports, and presentations
- Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the “stack,” and monitor to see that vulnerabilities are remediated as appropriate
- Assess and document encryption standards for encryption at rest and in transit
- Promote Information Security Awareness and provide training
- Identifying and solving any problems that arise with computer networks and systems
- Maintained a high level of expertise in networking technologies through continuous professional development initiatives.
Senior Systems Analyst
TiSTA Science & Technology
Remote, TX
05.2024 - 11.2024
- Collaborated with cross-functional teams to develop and implement effective IT solutions for business needs.
- Provided comprehensive user support, resolving technical issues quickly to minimize disruptions.
- Proactively identified potential risks associated with system changes by conducting thorough impact assessments.
- Designed robust database structures that supported efficient data management and reporting capabilities.
- Managed multiple projects simultaneously, consistently meeting deadlines while maintaining high-quality results.
Field System Support Administrator
Offutt Air Force Base
Omaha, NE
04.2018 - 02.2022
- Performed technical assessments to ensure the system or application proposed for accreditation or connection met the classification and sensitivity levels of the systems and applicable policies, regulations, and standards
- Ensured the implemented security safeguards were adequate to assure the integrity, availability, and confidentiality of the information being processed, transmitted, or stored consistent with the level of sensitivity of that information
- Ensured system POA&M mitigations and timelines were adhered to and documented all changes that occurred
- Communicating with end-users to explain technical information in a non-technical manner, resolved complaints, and assisted clients via email, phone, website, live chat, and over forums
- Knowledge in configuring and troubleshooting desktop, workstations, and Network issues including, mobile systems and role-based access controls
- Evaluating compliance against security and assessing the effectiveness of security plans and controls
- Resolving complex network and application issues for customers
- Document actions in tickets to effectively communicate and track information with team members in internal customers
- Monitoring system activity which identifies unauthorized activity and malware on classified networks, utilized intrusion detection software to detect and report attempted system access, and reported suspicious activity
- Identified opportunities for IT solutions to reduce the cost for Integrated Defense System (IDS) programs
- Demonstrate knowledge of Network security concepts and information security best practices, TCP/IP networking, Unix/Linux operating systems and Windows logging and Active Directory
- Providing help desk support for end end-user service requests which ensured server & application compliance with Department of Defense security requirements
- Assisting units with planning, Setups, deployment, upgrade maintenance, and migration of network monitoring capabilities on large network enterprises
- Ability to utilize report out functions in business software to yield informative reports, manipulate simple spreadsheets, develop tables/graphs, and combine into presentation style format
- Knowledge of configuring, managing, and monitoring a TCP/IP network utilizing standard Linux tools
- Scopes, plans, manages and executes SOC, ISO, and Healthcare advisory service engagements
- Facilitates client workshops and ongoing strategy sessions for comprehensive security, privacy, and quality program implementation
Physical Security Officer
Department of Veterans Affairs
Atlanta, GA
03.2015 - 04.2018
- Ensured POA&M mitigations and timelines were adhered to and documented any changes that occurred
- Reviewed status of Information Systems for modifications and assessed the impact to current system accreditation
- Develop kickoff meeting slides and email
- Validated system requirements, security policies and procedures, contingency plans, incident response plans
- Performed technical assessments to ensure the system or application proposed for accreditation or connection met the classification and sensitivity levels of the systems and applicable policies, regulations, and standards
- Assisted in the review of SP 800-171 SSP, SAP and other deliverables from vendors
- Assisted in drafting “Authorization to Operate” (ATO) packages for new and existing systems
- Complied with cyber security program implementation plan and ensured compliance with organization management policies
- Ensured compliance with data security policies and relevant legal and regulatory requirements in accordance with organization directives and applicable Risk Management Framework (RMF) requirements
- Review and updated annual deliverables such as SSP, CM Plan, CP Plan etc
- With the program office
- Uploaded artifacts such as PTA, PIA, CM Plan, CP Plan, SAR, POA&M, SSP in Archer
- Completed SIA prior to changes to information systems
- Completed monthly ISSO Checklist in Archer
- Conducted Contingency Plan Test for assigned information systems
- Responded effectively to various types of emergencies including medical issues, fires, or natural disasters, prioritizing the safety of all individuals involved over property preservation when necessary.
- Maintained detailed logs of all incidents and activities within the facility, providing valuable data for future improvements in security measures.
Education
Bachelor of Science - Information Security
Western Governors University
Salt Lake City, UTISO 27002, ISO 27017, NIST SP 800-53 rev4 and NIST SP 800-37 rev 2, NIST SP 800-18, NIST SP 800-34, NIST SP 800-60 Vol1&2, NIST SP 800-30, NIST SP 800-137, NIST SP 800-61, NIST SP 800-83, FIPS 199/200, FISMA, NIST Family of Security Control, POA&M, Incident, PCI - undefined
Skills
Implementing security programs
Wireshark software
Erecting firewalls
Data security
Symantec Endpoint Protection
Interpersonal Communication
Google Workspace
Information security integration
Management Information Systems expertise
System information
Information Protection /Security
Certification
Certified Information Security Auditor (CISA)
Affiliations
- Project Management Institute
- ISACA
- ISC2
ISACA
ISACA stands for Information Systems Audit and Control Association. It is a global professional association that focuses on IT governance, security, risk management, and audit. ISACA provides education, certification, and networking opportunities to its members.
ISACA was founded in 1969 and has grown into a worldwide organization with over 150,000 members in more than 180 countries. The organization is known for its globally recognized certifications, such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and Certified in the Governance of Enterprise IT (CGEIT).
ISACA also publishes research and best practices in the field of information technology, and hosts events and conferences for IT professionals to share knowledge and network with peers.
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Accomplishments
- Collaborated with team of 8 in the development of Scan
Quote
There is a powerful driving force inside every human being that, once unleashed, can make any vision, dream, or desire a reality.
Tony Robbins
Timeline
Senior Systems Analyst
TiSTA Science & Technology
05.2024 - 11.2024
Information System Security Officer
William Beaumont Army Medical Center, WBAMC
09.2022
Network Engineer Administrator
White Sand Complex
02.2022 - 09.2022
Field System Support Administrator
Offutt Air Force Base
04.2018 - 02.2022
Physical Security Officer
Department of Veterans Affairs
03.2015 - 04.2018
Bachelor of Science - Information Security
Western Governors University