Jones Mensah
Information Security Analyst
Pasadena,MD
Summary
A Subject matter expert with over 5 years of experience as an Information Security Analyst. Experts in Security Assessment, Risk Management Framework (RMF), System Development Lifecycle (SDLC), Security Risk and Compliance issues using appropriate NIST standards, and Industry Best Practices. Excellent organizational time management skills, communication, and interpersonal skills combined with a set of very strong technical skills. Ability to always remain focused and calm in high-stress situations.
Overview
6
6
years of professional experience
Work History
Information Security Analyst
Top Group Technologies
10.2018 - Current
- Perform vulnerability assessment, ensuring risks are assessed and appropriate remedial actions are taken to mitigate or resolve each
- Reviewing, maintaining, and ensuring all Assessments and Authorizations (A&A) documentation are included in system security package
- Conduct IT controls risk assessments including reviewing organizational policies, standards and procedures, as well as providing advice on their adequacy, accuracy and compliance with industry standards
- Analyses scan results and document findings in POA&M
- Collaborate with system administrators to remediate (POA&Ms) findings
- Ensure vulnerabilities and risks are efficiently mitigated in accordance with the organization continuous monitoring Plan
- Ensure all Security Authorization documentation for assigned systems remains accurate and up to date on a continuous basis, including, but not limited to, accurate and valid lists of assets (hardware/ software), accurate boundary diagrams, accurate ports and protocols, etc
- Compile, write, update, finalize, produce, and support activities for IT
- Security Common Control Catalogs and related documentation including, but not limited to, Security
- Plans or other documents required
- Compile, write, update, finalize, and produce all FISMA documentation and associated artifacts as required by Client in a manner compliant with all Federal security requirements and policies
- Prepare Security Assessment and Authorization (SA&A) packages to ascertain that management, operational and technical security controls adhere to NIST SP 800-53 standards
- Conducted security assessment interviews to determine the Security posture of the System and to develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company Authorization to Operate (ATO), the
- Risk Assessment,
- System Security Plans, and System Categorization.
Information Security Analyst
intec Logic Global, Intec Logic
01.2016 - 10.2018
- Glo gal
- Worked with developers, system/network Administrators, and other associates to ensure secure design, development, and implementation of applications and networks
- Created and updated the following Security Assessment and Authorization (SA&A) artifacts; FIPS 199,
- Security Test and Evaluations (ST&Es), Risk Assessments (RAs), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA),
- E-Authentication, Contingency Plan, Plan of Action and Milestones (POAMs)
- Prepared Security Assessment and Authorization (SA&A) packages to ascertain that management, operational and technical security controls adhere to NIST SP 800-53 standards
- Participate in the FIPS 199 process in which security categorization takes place, and selecting the technical, operational and managerial controls using NIST
- SP 800-60 guidelines
- Performed vulnerability assessment, making sure risks are assessed and proper, actions taken to mitigate them
- Conduct IT controls risk assessments including reviewing organizational policies, standards and procedures and providing advice on their adequacy, accuracy and compliance with industry standards
- Conducted the IT Risk Assessment and documented key controls
- Develop, review and evaluate Security Plan based on NIST Special Publications 800-18
- Investigates possible security breaches identified through review of audit reports and follows up accordingly with departments / management
- Prepared and reviewed C&A package for Information Systems.
Education
Bachelor's Degree -
Devry Institute of Technology
Skills
NIST Standardsundefined
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Timeline
Information Security Analyst
Top Group Technologies
10.2018 - Current
Information Security Analyst
intec Logic Global, Intec Logic
01.2016 - 10.2018
Bachelor's Degree -
Devry Institute of Technology
Similar Profiles
Cheick Abou TraoreCheick Abou Traore
Information Security Analyst at Top Group TechnologiesInformation Security Analyst at Top Group Technologies
MAYOWA A.MAYOWA A.
Business Analyst at Cell Signaling TechnologiesBusiness Analyst at Cell Signaling Technologies
Abosede Abby AdeniyiAbosede Abby Adeniyi
Proposal Coordinator at The Frederick GroupProposal Coordinator at The Frederick Group
Dylan WhelchelDylan Whelchel
Supply Chain/Warehouse Manager at PharmaCannSupply Chain/Warehouse Manager at PharmaCann
Douglas JonesDouglas Jones
Laborer at Duncan SepticLaborer at Duncan Septic