Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

LAWRENCE SINTIM

USA

Summary

Detail-oriented IT professional with 6+ years of experience in deploying, securing, and documenting on-premises and cloud systems. A trusted advisor to Cloud Service Providers on meeting compliance requirements, including FedRAMP, SOC2, HITRUST and NIST 800-171, with expertise in managing large-scale engagements and internal IT infrastructure. Leads FedRAMP advisory engagements for SaaS, PaaS, and IaaS providers, identifying compliance gaps, recommending solutions, and developing System Security Plans (SSPs) and related documentation. Supports providers through FedRAMP audits and PMO interactions while managing the daily operations of a FedRAMP-authorized system, ensuring compliance in customer deployments, continuous monitoring, and security reviews. With a background in Accounting and Finance, Lawrence excels in cybersecurity across the Software Engineering Life Cycle (SELC), specializing in FedRAMP, SOC 2, ISO 27001, CMMC, and FISMA. He is known for managing risk, leading audits, and ensuring corrective actions to help organizations meet stringent security standards. Qualified Security Consultant with solid background in safeguarding digital assets and implementing security protocols. Demonstrated success in identifying vulnerabilities and mitigating risks, ensuring robust protection for organizational data. Proven ability to apply critical thinking and problem-solving skills in complex environments.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Senior Information Security Consultant

First Information Technology Services, Inc.
02.2021 - Current
  • Conducted thorough FedRAMP validations and assessments to ensure compliance with FedRAMP standards.
  • Collaborated with stakeholders to implement FedRAMP security controls and maintain ongoing monitoring.
  • Developed and updated security documentation to meet FedRAMP requirements.
  • Managed risk related to FedRAMP compliance metrics and performed gap analyses to identify and address compliance issues.
  • Developed comprehensive compliance documentation to facilitate the secure use of Microsoft Azure cloud services, covering a range of compliance frameworks such as FedRAMP, GDPR, PCI DSS, and HIPAA, among others.
  • Coordinated with security and engineering teams ensures the effective implementation of patches, code fixes, and updates in line with FedRAMP requirements.
  • Acted as a liaison between Subject Matter Experts and auditors during FedRAMP certification audits.
  • Developed cybersecurity strategies and milestones to achieve Authority to Operate (ATO) under FedRAMP.
  • Developed and maintained SOC 2 documentation, including system descriptions and risk assessments.
  • Contributed to vendor security questionnaires and assessments to ensure third-party services met FedRAMP compliance.
  • Led customer and industry certification audits, providing evidence and responding to security questionnaires to validate compliance.
  • Conducted IT architecture assessments to ensure alignment with security requirements from applicable frameworks.
  • Developed IT security policies, whitepapers, and documentation to support system authorization and accreditation efforts.
  • Analyzed risks related to systems or changes and propose effective mitigation strategies.

Senior Security Consultant

Mindpoint Group
05.2019 - 02.2021
  • Crafted and meticulously updated security authorization packages, ensuring strict adherence to FISMA standards and client specifications.
  • Acted as a pivotal Liaison, facilitating the successful completion of both HITRUST Risk-based 2-year (r2) and HITRUST Essentials (e1) Audits, showcasing adept coordination and communication skills.
  • Authored comprehensive security documentation, including System Security Plans, Risk Assessment Reports, Security Assessment Plans and Reports, Contingency Plans, Incident Response Plans, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, and Configuration Management Plans, demonstrating a thorough understanding of regulatory requirements.
  • Demonstrated expertise in guiding Cloud Service Providers (CSPs) through the intricate FedRAMP Authorization process across diverse service models (SAAS, PAAS, IAAS), ensuring robust security measures in cloud environments.
  • Collaborated seamlessly with stakeholders to sustain FedRAMP compliance post-Authorization to Operate (ATO), showcasing a commitment to ongoing security management and regulatory adherence.
  • Implemented and monitored controls to meet SOC 2 requirements and prepared for SOC 2 audits.
  • Led SOC 2 audit engagements, coordinating with auditors and internal teams to provide necessary evidence and responses.
  • Managed ISO 27001 certification projects, including the development and implementation of Information Security Management Systems (ISMS).
  • Conducted ISO 27001 internal audits and gap analyses to ensure compliance with the standard.
  • Developed and updated ISO 27001 documentation, including policies, procedures, and risk assessments.
  • Conducted SOC 2 assessments to ensure compliance with Trust Services Criteria.
  • Provided consulting to clients on achieving security and compliance goals, including FedRAMP, CMMC, ISO 27001, and SOC 2.

Security Consultant

Deloitte & Touche LLP
04.2018 - 05.2019
  • Leveraged NIST SP-800-171 proficiency for CMMC level 1 and 2 Assessments, guiding CSPs in implementing and maintaining effective continuous monitoring processes for heightened security.
  • Reviewed and optimized cloud ATO packages to align seamlessly with DOJ parameters and security guidelines, ensuring regulatory compliance and robust security protocols.
  • Crafted detailed Standard Operating Procedures (SOPs) for audit log review of Robotic Processing Automation (RPA) bots, enhancing operational efficiency and security oversight.
  • Managed and analyzed monthly inventory listings, POA&Ms, and scan results for Continuous Monitoring Packages, ensuring ongoing security monitoring and compliance maintenance.
  • Provided technical expertise and support for securing critical infrastructure, including Web Services, Databases, and Email services, reinforcing security measures across diverse platforms.
  • Coordinated closely with stakeholders to implement robust physical security controls, fostering a multi-layered security approach and mitigating potential vulnerabilities.
  • Provided technical support for creating security artifacts and addressing updates based on POAM and audit resolutions, showcasing a proactive approach to security management and compliance.
  • Mapped intricate security requirements to industry-leading standards such as NIST 800-53 and DHS 4300A, ensuring alignment with best practices and regulatory mandates.
  • Engineered cybersecurity milestones, strategically designed to pave the way for achieving the coveted Authority to Operate (ATO) status.

Education

Bachelor of Business Admiration - Accounting & Finance

Radford University
Radford, VA
05-2017

Skills

  • Security Clearance: Top Secret
undefined

Certification

  • Certified Information Security Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Azure Fundamentals
  • CompTIA Security +
  • AWS Certified Developers- Associate
  • AWS Cloud Practitioner
  • Scrum Master Accredited Certification
  • Certified for Software Testing & Automation Basics

Timeline

Senior Information Security Consultant

First Information Technology Services, Inc.
02.2021 - Current

Senior Security Consultant

Mindpoint Group
05.2019 - 02.2021

Security Consultant

Deloitte & Touche LLP
04.2018 - 05.2019

Bachelor of Business Admiration - Accounting & Finance

Radford University

Similar Profiles

  • Daniel Nader

    Daniel NaderDaniel Nader

    Senior Technology Consulting Specialist at King Abdullah University of Science & Technology (KAUST), Information Technology Services DepartmentSenior Technology Consulting Specialist at King Abdullah University of Science & Technology (KAUST), Information Technology Services Department

  • Stephanie Frost

    Stephanie FrostStephanie Frost

    SAP Business Analyst at City Of San Antonio, Information Technology Services DepartmentSAP Business Analyst at City Of San Antonio, Information Technology Services Department

  • CASEY KAWAMURA

    CASEY KAWAMURACASEY KAWAMURA

    Software Engineer III at State of Idaho, Information Technology ServicesSoftware Engineer III at State of Idaho, Information Technology Services

  • Qael H Yarek

    Qael H YarekQael H Yarek

    Closer at Marketing Services NetworkCloser at Marketing Services Network

  • GEETHA PALETY

    GEETHA PALETYGEETHA PALETY

    Science Teacher at Gulf Middle SchoolScience Teacher at Gulf Middle School

CREATE PROFILE