Summary
Overview
Work History
Education
Skills
Websites
Timeline
Generic

Kevin Asubonteng

New York

Summary

Dedicated Cyber Security Professional with broad experience in the Risk Management Framework (RMF). Progressively Identifying, assessing and providing recommendations for mitigating organizational risk using NIST Special Publication. Skillful in conducting vulnerability management and preparing Authorization Package with a great understanding of risk management, and various compliance standards & regulations such FISMA, HIPPA and NIST Special Publication

Overview

5
5
years of professional experience

Work History

INFORMATION SECURITY ANALYST

Infosys
09.2022 - Current
  • Leveraging NIST 800-53A to perform assessment of Information Systems
  • Developing, documenting and reviewing Security Assessment Plans (SAPs), Plan of Action and Milestones (POA&M) and Security Assessment Reports (SARs)
  • Attending kickoff meetings with SMEs, System Owners and other assessors to gain an understanding of system and prepare for the assessment
  • Preparing and reviewing authorization packages (SSP, SAP, SAR, POA&M) for Low and Moderate impact systems
  • Reviewing organizations policies, standards and procedures and providing recommendations on the accuracy and compliance following NIST standard guidelines
  • Assessing security controls by testing, interviewing, examining and observing based on NIST 800-53A requirements
  • Modifying and maintaining procedures, operational process document, change control document, operational checklist, detailed system specifications and procedures
  • Conducting gap analysis of the organizations policies and procedures
  • Collaborating with system administrators to remediate findings
  • Ensuring vulnerabilities and risks are efficiently mitigated
  • Performing Security Assessment (Assessment and Authorization (A&A)) on moderate information systems
  • Developing Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A
  • Completing comprehensive test plans for identified security controls following NIST 800-53 guidance and agency specific guidance
  • Executing and reviewing vulnerability scanning with Tenable Nessus and provided vulnerability report
  • Monitoring controls post authorization to ensure continuous compliance with the security requirements
  • Drafting the Security Requirement Traceability Matrix (SRTM) to include the security controls that passed and failed
  • Attending meeting with stakeholders to present assessment findings and remediation recommendations
  • Providing POA&M support to ensure mitigations are completed in a timely fashion and within policy time frame
  • Performed continuous monitoring to ensure implemented security controls remain functional throughout the lifecycle of the information system
  • Performing annual assessments to support the continuous monitoring
  • Working with ISSO to review Privacy threshold analysis (PTA) and Privacy impact Assessment (PIA).

GRC ANALYST

US Tech Solutions (Johnson & Johnson)
08.2022
  • Developed Security Assessment Plans (SAP)
  • Participated in client interviews to determine the security posture of the System
  • Supported the Information Assurance (IA) team to conduct risk assessments, documentation for Security Control Assessment, vulnerability testing and scanning
  • Performed technical and non-technical security risk assessments of computer and network systems via network scans, interviews, documentation reviews and walk- through of both new and existing information systems using NIST guidelines and controls
  • Performed security testing and security control assessments on general support systems to ensure compliance with the NIST SP 800-53 Rev.4, NIST 800-37 Rev.1
  • Worked with System Owner to develop and perform periodic testing of contingency plan
  • Performed information security risk assessments and assist with the internal auditing of information security processes
  • Assessed threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements
  • Updated, implemented and maintained procedures and SOPs
  • Reviewed and updated SSP's (System Security Plan)
  • Prepared and updated the Security Assessment Report (SAR)
  • Reviewed, maintained, and ensured all Assessments and Authorizations (A&A) documentation were included in system security package
  • Collaborated with system administrators to remediate (POA&Ms) findings and ensured vulnerabilities and risks were efficiently mitigated in accordance with the organization continuous monitoring Plan.

SYSTEM ADMINISTRATOR

NFC Amenity Management
09.2018 - 05.2019
  • Manage user accounts, credentials, permissions, access rights, storage allocations, and active directory administration
  • Assisted the help desk and other teams with troubleshooting to identify root cause, and provide technical support when needed
  • Performed routine and scheduled audits of all systems, including backups
  • Install and configure local area networks (LANs), wide area networks (WANs), and network segments and servers, such as file servers, VPN gateways, and intrusion detection systems
  • Ensured systems are secure and protected from breach or viruses
  • Monitored system performance to ensure everything runs smoothly and securely
  • Documented any processes which employees need to follow in order to successfully work within our computing system.

Education

Bachelor of Science - Information Systtem

Brooklyn College
01.2018

ASSOCIATE IN INFORMATION SYSTEMS -

Kingsborough College
12.2015

Skills

  • Risk Management Framework
  • Vulnerability Management
  • NIST 800-53
  • Security Audit
  • Risk Mitigation
  • Regulatory Compliance
  • Documentation
  • Security Control Assessment
  • Tenable Nessus
  • Security Policy
  • Documentation and Reporting

Timeline

INFORMATION SECURITY ANALYST

Infosys
09.2022 - Current

GRC ANALYST

US Tech Solutions (Johnson & Johnson)
08.2022

SYSTEM ADMINISTRATOR

NFC Amenity Management
09.2018 - 05.2019

Bachelor of Science - Information Systtem

Brooklyn College

ASSOCIATE IN INFORMATION SYSTEMS -

Kingsborough College

Similar Profiles

CREATE PROFILE
Kevin Asubonteng