Nana Acquah
Largo,MD
Summary
Certified Cyber Security and IT audit professional, with experience in RMF, controls assessment, information security and risk management. Experience in development of information security policies and standards and extensive training in word processing, analyzing, organizing, evaluating, project management Effective at coordinating multiple, concurrent projects, conducting risk assessments, monitoring, and reporting, collaborating with key partners in identifying risk, and providing requirements for mitigation efforts. Ensure that policy and compliance documentation, requirements and controls are accurately and timely identified, mapped, and reported for the organization to increase security posture.
Overview
1
1
year of professional experience
1
1
Certification
Work History
Information Assurance Engineer
TX Point Consulting LLC
Current
- Maintain and ensured implementation of applicable RMF based documentation, policy, and control
- Prepare for, participate in, and support security certification and NIST-800-53 Rev4 based compliance audits (FISMA, FedRAMP, 800-171)
- Analyze and updated System Security Plans (SP), Risk Assessment (RA), Privacy Impact Assessments (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)
- Develop and support maintenance of System Security Plans (SSP) and related security documentation for internal systems
- Support the creation, monitoring, and updating the status of POA&Ms to ensure weaknesses are resolved in accordance with their scheduled completion dates
- Gathers or coordinate the collection of necessary evidence
- Conduct NIST SP 800-53A assessments on internal systems through personnel interviews and documentation review, determine compliance with policies and procedures, recommend corrective actions, and prepare findings reports
- Perform vulnerability scan analysis and coordinate remediation efforts
- Review and process monthly vulnerability scan results for assigned systems and work with the technical teams to ensure vulnerabilities are resolved on time
- Create and maintain compliance documentation for certification and accreditation in accordance with government requirements
- Review the security controls regarding their adequacy in protecting the information and information system
- Prepare and review documentation to include Systems Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs); support security authorization activities
- Implement and enforcing information systems security policies, standards, and methodologies
- Evaluate security solutions to ensure they meet security requirements for processing classified information; perform vulnerability/risk assessment analysis to support assessment and authorization
- Conduct Privacy Threshold (PTA) and Privacy Impact Analysis (PIA)
- Supported the creation of Waivers or Risk Acceptance Memos to assist in the effective management of system risks
- Performed system certification and accreditation planning and testing and liaison activities; supports secure systems operations and maintenance
- Conducted walkthroughs, formulated test plans, documented gaps, test results, and exceptions; and developed remediation plans for each area of testing
- Implemented information security requirements for IT systems throughout their life cycle from the requirements definition phase through disposal
- Conducted Systems Risk Assessment through Risk Analysis assess the various Assets within the systems boundaries and rigorously identify all the possible vulnerabilities that exist within the system.
ISSO
Cornerstone Global Technologies
08.2020 - 09.2021
- Maintained and ensured implementation of applicable RMF based documentation, policy, and controls
- Supported the creation, monitoring, and updating the status of POA&Ms to ensure weaknesses are resolved in accordance with their scheduled completion dates
- Supported the creation of Waivers or Risk Acceptance Memos to assist in the effective management of system risks
- Performed system certification and accreditation planning and testing and liaison activities; supports secure systems operations and maintenance
- Performed security engineering analysis, risk, and vulnerability assessment, etc
- Monitored and analyzed security functional tests
- Prepared C&A documentation such as SSP, CONOPS, ST&E reports, etc
- Conducted the IT risk assessment and documented the control, Conducted meetings with the IT client team to gather evidence, developed test plans, test procedures and documented test results and exceptions
- Conducted walkthroughs, formulated test plans, documented gaps, test results, and exceptions; and developed remediation plans for each area of testing
- Developed the audit plan and performed the General Computer Controls (GCC) testing of Information Security, Business Continuity Planning, and Relationship with Outsourced Vendors
- Implemented information security requirements for IT systems throughout their life cycle from the requirements definition phase through disposal
- Created or updated the System Security Plan and conducted an Annual Self-Assessment
- Conducted Systems Risk Assessment through Risk Analysis assess the various Assets within the systems boundaries and rigorously identify all the possible vulnerabilities that exist within the system
- Supported determinations of who should have classification authority, and reviews plans for document and access controls, transmission of sensitive information and materials, and related information controls and safeguards
- Ensured that assigned information systems are operated, maintained, and disposed of in accordance with approved security policies and practices
- Ensured that system security requirements are addressed during all phases of the IS lifecycle.
Education
MSc. Information Assurance -
Western Governors University
09.2019
BSc. Information Systems -
Purdue Global
08.2013
Skills
- Compliance & Governance
- Risk Management Framework (RMF)
- NIST Publications
- Vulnerability Analysis
- Privacy Assessments
- Authentication and Access Control
- FISMA
- Assessment & Authorization
- POA&M Management
- Policy & Procedures
- Continuous Monitoring
- Project Management
Certification
CompTIA Security Plus
Personal Information
Citizenship: US
Technology Framework Application Summary
- Data Analysis
- FISMA
- FIPS 199
- Project Management
- NIST standard
- Risk Management Framework
- Information Assurance
- Identity & Access management
- Information management
- NIST
- SP 800-53
- SP 800-53A
- SP 800-37
- FIPS
- FedRAMP
- Risk Management Framework (RMF)
- FIPS-199
- PTA
- PIA
- RA
- SSP
- CP
- CPT
- RTM
- SAR
- POA&M
- ATO
- ISA
- MOU
- Security Compliance Access
- IT Audit
- Windows
- Word
- Excel
- PowerPoint
References
Available Upon Request
Timeline
Information Assurance Engineer
TX Point Consulting LLC
Current
ISSO
Cornerstone Global Technologies
08.2020 - 09.2021
MSc. Information Assurance -
Western Governors University
BSc. Information Systems -
Purdue Global
Similar Profiles
LANRE IGBALAJOBILANRE IGBALAJOBI
IT Auditor at IT Audit Consultant,Cyfendry Consulting, Dallas TXIT Auditor at IT Audit Consultant,Cyfendry Consulting, Dallas TX
Gary TurnerGary Turner
Property Management Specialist at Sev1Tech / Decisive Point Consulting GroupProperty Management Specialist at Sev1Tech / Decisive Point Consulting Group
Melissa E. GaliciaMelissa E. Galicia
Human Resource/Payroll Specialist at Toyoda Gosei, TX LLCHuman Resource/Payroll Specialist at Toyoda Gosei, TX LLC
JENNIFER VALLEJOJENNIFER VALLEJO
Assistant Property Manager at Gates Hudson-Haven LargoAssistant Property Manager at Gates Hudson-Haven Largo
George OkudiGeorge Okudi
Videographer at American Group PhotoVideographer at American Group Photo