Summary
Overview
Work History
Education
Skills
Certification
Affiliations
ISACA
Work Availability
Timeline
Generic

Jerry Mensah

Information Systems Security Officer
El Paso,TX

Summary

A well detailed individual with over 10 years of experience as an Information Assurance Analyst, Cyber Security analyst/IA, ISO, Security Auditor, ACAS,SCA, Privacy and Data Analyst/Protection. Offers a diverse background of systems security support and network security support, with extensive knowledge in Vulnerability Scanning, RMF, ISO Computer security professional with [Number] years of progressive experience in [Industry] industry. Demonstrated skill identifying business risks and compliance issues and designing proactive solutions. Background designing and implementing layered network security approaches.

Overview

11
11
years of professional experience
7
7
Certifications

Work History

Information System Security Officer

William Beaumont Army Medical Center, WBAMC
El Paso, TX
09.2022
  • Utilizing one or more Risk Management Framework implementation methods to include but not limited to; NIST SP 800-53, NIST SP 800-171, DoDM-5220-22 (NISPOM)
  • Provide cybersecurity/information assurance support for DHA Managed Service Provider, particularly conducting NIST 800-37 Risk Management Framework (RMF)/NIST 800-53 security control implementation activities/tasks to obtain and maintain an Authorization to Operate (ATO)
  • Prepare and review system documentation to include Policies, Standard Operating Procedures (SOPs), Assessment & Authorization (A&A) packages, architecture diagrams, contingency plan, incident response plan, and other documentation
  • Ensure security processes and procedures are developed and followed to maintain operational security posture with minimal risk for SaaS system(s)
  • Coordinate with engineers/sysadmin to perform vulnerability scanning, risk assessment analysis using vulnerability management tools (Tenable Security Center/Nessus/ACAS) and prepare responses to Plan of Action and Milestones (POA&Ms) for IA compliance
  • Maintain eMASS records and RMF artifacts to support systems’ ATO
  • Develop and manage the POA&M tracker and Risk-Based Decisions (RBDs)/ Waivers documents for deficiencies
  • Evaluate system’s risk in respect to operation at the network, system, and at application level
  • Develops, reviews, and maintains policy/guidance documents, Scan Results, and test result artifacts,
  • Conducts regular assessments of continuous monitoring activities and the security controls that have been implemented to support those activities
  • Demonstrates an understanding of vulnerability management; specifically, how to respond to vulnerability reports and which remediation actions are appropriate to take
  • Understands the process of information system categorization and how to use that process to select security controls to create system and accreditation documentation
  • Maintains knowledge of relevant network and security technologies and trends
  • Assist in preparation and review documentation to include System Security Plans (SSPs), Risk Assessment Reports (RAR), Security Controls Traceability Matrix (SCTM), and other Assessment & Authorization (A&A) or (RMF) artifacts
  • Support efforts for vulnerability/risk assessment analysis to support Assessment & Authorization (A&A), including system self-assessments
  • Learn and conduct independent scans of the operating systems, applications, networks, and databases with tools such as DISA STIGS and SCAP (SCC) tool, Tenable Security Center/Nessus, and other vulnerability/compliance verification tools that are required
  • Assist in the research and address information security issues as required, and develop and maintain the Plan of Action and Milestones (POA&M) and support remediation activities
  • Provide continuous monitoring, security reviews, and technical inspections to enforce security policies, controls and procedures and mitigate identified vulnerabilities and weaknesses
  • Responsible for conducting system account management, training tracking and audit log reviews and recording and reporting results
  • Provide direction and guidance to other employees about computer security issues via security education and awareness, conduct Information Systems Security briefings, participate in self-inspections and audits, and investigate security incidents
  • Ad hoc duties as assigned.Implement and develop Infosec tools to improve the cybersecurity posture of the unclassified and classified computing systems within the IMD.

Information Assurance Analyst

White Sand Complex
Las Cruces, NM
02.2022 - 09.2022
  • Proficiency in a privacy information management system (e.g., OneTrust) required, tool certifications preferred
  • Lead and manage ISO 27001, 27017, 27018, 27701 audit and certification
  • Review ISO 27001, 27017 controls testing and handle communications with control owners and business partners
  • Coordinates and collaborates with business units on the identification of risks/gaps to ensure alignment with established control environments
  • Partner with business unit management (business owners and technical owners) to design and implement and test corrective action plans resulting from the ISO 27001 readiness assessment
  • Provides technical expertise to the teams and uses sound security and audit practices
  • Work with Security Operation, Engineers and Privacy teams to understand the information security and privacy risk profile and use this knowledge for ISO audit planning and execution
  • Partner with security and engineering teams to review, assess, and evaluate the effectiveness and the results of the enterprise cybersecurity threat, vulnerability monitoring campaign and management plan
  • Design, lead and execute audit programs, including applicable controls from the SOA, operational process reviews, system implementation reviews, application and other IT-related risk areas
  • Ability to identify gaps (through Gap Analysis) in policies and policy documentation, then create the appropriate policy and/or bridge identified gaps
  • Work with management and users to interpret the significance of audit findings, conclude on findings, make practical recommendations, and verify that remediation plans are implemented
  • Strong written and verbal skills with experience preparing work papers, audit reports, and presentations
  • Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the “stack,” and monitor to see that vulnerabilities are remediated as appropriate
  • Assess and document encryption standards for encryption at rest and in transit
  • Promote Information Security Awareness and provide training
  • Identifying and solving any problems that arise with computer networks and systems

Field System Support Administrator

Offutt Air Force Base
Omaha, NE
04.2018 - 02.2022
  • Performed technical assessments to ensure the system or application proposed for accreditation or connection met the classification and sensitivity levels of the systems and applicable policies, regulations, and standards
  • Ensured the implemented security safeguards were adequate to assure the integrity, availability, and confidentiality of the information being processed, transmitted, or stored consistent with the level of sensitivity of that information
  • Ensured system POA&M mitigations and timelines were adhered to and documented all changes that occurred
  • Communicating with end-users to explain technical information in a non-technical manner, resolved complaints, and assisted clients via email, phone, website, live chat, and over forums
  • Knowledge in configuring and troubleshooting desktop, workstations, and Network issues including, mobile systems and role-based access controls
  • Evaluating compliance against security and assessing the effectiveness of security plans and controls
  • Resolving complex network and application issues for customers
  • Document actions in tickets to effectively communicate and track information with team members in internal customers
  • Monitoring system activity which identifies unauthorized activity and malware on classified networks, utilized intrusion detection software to detect and report attempted system access, and reported suspicious activity
  • Identified opportunities for IT solutions to reduce the cost for Integrated Defense System (IDS) programs
  • Demonstrate knowledge of Network security concepts and information security best practices, TCP/IP networking, Unix/Linux operating systems and Windows logging and Active Directory
  • Providing help desk support for end end-user service requests which ensured server & application compliance with Department of Defense security requirements
  • Assisting units with planning, Setups, deployment, upgrade maintenance, and migration of network monitoring capabilities on large network enterprises
  • Ability to utilize report out functions in business software to yield informative reports, manipulate simple spreadsheets, develop tables/graphs, and combine into presentation style format
  • Knowledge of configuring, managing, and monitoring a TCP/IP network utilizing standard Linux tools
  • Scopes, plans, manages and executes SOC, ISO, and Healthcare advisory service engagements
  • Facilitates client workshops and ongoing strategy sessions for comprehensive security, privacy, and quality program implementation

Security Analyst (Lead)

Department of Veterans Affairs
Atlanta, GA
03.2015 - 04.2018
  • Ensured POA&M mitigations and timelines were adhered to and documented any changes that occurred
  • Reviewed status of Information Systems for modifications and assessed the impact to current system accreditation
  • Develop kickoff meeting slides and email
  • Validated system requirements, security policies and procedures, contingency plans, incident response plans
  • Performed technical assessments to ensure the system or application proposed for accreditation or connection met the classification and sensitivity levels of the systems and applicable policies, regulations, and standards
  • Assisted in the review of SP 800-171 SSP, SAP and other deliverables from vendors
  • Assisted in drafting “Authorization to Operate” (ATO) packages for new and existing systems
  • Complied with cyber security program implementation plan and ensured compliance with organization management policies
  • Ensured compliance with data security policies and relevant legal and regulatory requirements in accordance with organization directives and applicable Risk Management Framework (RMF) requirements
  • Review and updated annual deliverables such as SSP, CM Plan, CP Plan etc
  • With the program office
  • Uploaded artifacts such as PTA, PIA, CM Plan, CP Plan, SAR, POA&M, SSP in Archer
  • Completed SIA prior to changes to information systems
  • Completed monthly ISSO Checklist in Archer
  • Conducted Contingency Plan Test for assigned information systems

Information Security Analyst (Lead)

Department Of Army
Bowling Green, VA
04.2013 - 06.2014
  • Reviewed computer security procedures, updated policies, and monitored access to classified material
  • Conducted a risk assessment analysis and developed plans that safeguarded data from modification, destruction, or unauthorized release; conducted audits that identified and corrected vulnerabilities
  • Maintains an Enterprise level Information Technology system of access control, intrusion detection, and the associated physical, electronic, and technical security elements
  • Performs, or reviews, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies
  • Validates and verifies system security requirements definitions and analysis, establishes system security designs
  • Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing, and enclave environments to include those with multiple enclaves and with differing data protection/classification environments
  • Builds IA into systems deployed to operational environments
  • Perform system scans and convey mitigation strategies to engineering staff.

Security Specialist

ITT EXELIS, Inc
Kosovo
10.2011 - 02.2012
  • Gathering new user role onboarding requirements and approvals
  • Auditing and reviewing account lifecycle management; identifying and resolving inconsistencies
  • Researching new and innovative solutions and promoting process improvement
  • Working closely with our IT Support, IT Security, HR, and Vendor Management teams to ensure a fluid user onboarding experience.

Education

Bachelor of Science - Information Security

Western Governors University

ISO 27002, ISO 27017, NIST SP 800-53 rev4 and NIST SP 800-37 rev 2, NIST SP 800-18, NIST SP 800-34, NIST SP 800-60 Vol1&2, NIST SP 800-30, NIST SP 800-137, NIST SP 800-61, NIST SP 800-83, FIPS 199/200, FISMA, NIST Family of Security Control, POA&M, Incident, PCI - undefined

DSS - undefined

Skills

Implementing security programs

undefined

Certification

Certified Information Security Auditor (CISA)

Affiliations

  • Project Management Institute

ISACA

ISACA stands for Information Systems Audit and Control Association. It is a global professional association that focuses on IT governance, security, risk management, and audit. ISACA provides education, certification, and networking opportunities to its members.

ISACA was founded in 1969 and has grown into a worldwide organization with over 150,000 members in more than 180 countries. The organization is known for its globally recognized certifications, such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and Certified in the Governance of Enterprise IT (CGEIT).

ISACA also publishes research and best practices in the field of information technology, and hosts events and conferences for IT professionals to share knowledge and network with peers.

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Timeline

Information System Security Officer

William Beaumont Army Medical Center, WBAMC
09.2022

Information Assurance Analyst

White Sand Complex
02.2022 - 09.2022

Field System Support Administrator

Offutt Air Force Base
04.2018 - 02.2022

Security Analyst (Lead)

Department of Veterans Affairs
03.2015 - 04.2018

Information Security Analyst (Lead)

Department Of Army
04.2013 - 06.2014

Security Specialist

ITT EXELIS, Inc
10.2011 - 02.2012

Bachelor of Science - Information Security

Western Governors University

ISO 27002, ISO 27017, NIST SP 800-53 rev4 and NIST SP 800-37 rev 2, NIST SP 800-18, NIST SP 800-34, NIST SP 800-60 Vol1&2, NIST SP 800-30, NIST SP 800-137, NIST SP 800-61, NIST SP 800-83, FIPS 199/200, FISMA, NIST Family of Security Control, POA&M, Incident, PCI - undefined

DSS - undefined

Jerry MensahInformation Systems Security Officer