Prince Yeboah
Laurel,MD
Summary
Dynamic Information Systems Security Officer with extensive experience at Herren Associates, adept in Risk Management Framework and compliance auditing. Proven track record in leading security assessments and enhancing cybersecurity posture, while effectively managing teams and fostering client relationships. Expertise in vulnerability management and incident response ensures robust protection of sensitive systems.
Overview
9
9
years of professional experience
5
5
Certification
Work History
Information Systems Security Officer (ISSO) III
Herren Associates
Philadelphia, PA
04.2022 - Current
- Company Overview: Herren is a provider of Cyber, Engineering and Management Consulting to government clients.
- Provides cybersecurity analysis, with a focus on Assessment and Authorization (A&A), under the NAVSEA implementation of the Risk Management Framework (RMF) to the Navy Program Executive Office Integrated Warfare Systems.
- Lead the RMF process for assigned programs, organizations, systems, or enclaves.
- Maintain and report system’s A&A status and events.
- Manage the SP for assigned systems throughout their lifecycle.
- Perform annual security reviews, annual testing of security controls, and annual testing of the contingency plan, in line with FISMA requirements.
- Manage POA&M entries and ensure vulnerabilities are properly tracked, mitigated, and resolved.
- Assist with the identification of the security control baseline set and any applicable overlays.
- Supervise the validation of security controls with the PM/ISO, SCA Liaison.
- Assemble the Security Authorization Package and submit it for adjudication.
- Maintain systems in eMASS.
- Assess the quality of security control implementation against all requirements in accordance with the approved SLCM strategy.
- Plan and perform cybersecurity testing to assess security controls and record security control compliance status during sustainment.
- Report on changes in the security posture of systems to the AO.
- Utilize the Collaboration Board in eMASS workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary).
- Assist the ISSMs in executing their duties and responsibilities.
- Ensure compliance with all USN, DON, and DoD cybersecurity policies.
- Ensure all users possess the requisite security clearances and awareness of their responsibilities for systems under their purview prior to being granted access.
- Ensure incident response, business continuity, disaster recovery, as well as vulnerability and threat reporting plans and channels are in place and that team members are trained accordingly.
- Ensure relevant policy and procedural documentation is current and accessible to properly authorized individuals.
- Herren is a provider of Cyber, Engineering and Management Consulting to government clients.
Manager, IT Risk & Cybersecurity Advisory
Centri Business Consulting
Philadelphia, PA
12.2023 - 03.2024
- Company Overview: Centri is a provider of Cyber, Risk Advisory, SOX/Financial Reporting and Management Consulting to private clients.
- Offer strategic guidance to clients by aiding in the development and implementation of new processes and controls designed to mitigate key risks.
- Evaluate, manage, and enhance IT risk across cybersecurity, strategy, governance, compliance, and business continuity for multiple client engagements.
- Ensure adherence to relevant cybersecurity regulations and standards (e.g., GDPR, CCPA, HIPAA).
- Evaluate client processes and controls against industry frameworks, identify design and execution gaps, and provide clients with actionable recommendations.
- Performed audits on Information Technology General Controls (ITGC) that apply to all systems, components, processes, and data for a given organization or IT environments.
- Manage the creation and implementation of audit programs and IT control assessments covering IT strategy, governance, operations, business continuity, cybersecurity, third-party risk, ITGC, application controls, SOC reporting, and regulatory compliance.
- Develop and implement risk management policies and procedures.
- Conduct risk assessment, develop reports and provide mitigation statement for client’s financial filings.
- Identify and implement process improvements to enhance financial reporting efficiency and effectiveness.
- Centri is a provider of Cyber, Risk Advisory, SOX/Financial Reporting and Management Consulting to private clients.
Information Systems Security Officer (ISSO) / Project Manager
AGovX
Bethesda, MD
06.2021 - 07.2022
- Company Overview: AGovX is a provider of business and IT services to commercial and government clients.
- Leads vision, strategy, and execution for all facets of information security within classified and sensitive systems.
- Executes assessments of management, operational, and technical security controls to measure compliance with NIST standards.
- Identifies gaps in security architecture, serving as the foundation for the creation of security risk management plans and recommendations.
- As a subcontractor to General Dynamics, I work closely with GD stakeholders in operations, administration, management, networking, and cyber security.
- Review the implementations of software applications, networks, and security systems, documenting, and recommending mitigation plans to address deviations from specifications.
- Provides critical support to NIHnet, a high-speed, high-availability network used by the National Institutes of Health for research initiatives.
- Contributes to the execution of ATO and Plans of Actions & Milestones (POA&Ms) activities, efforts to resolve risks and vulnerabilities.
- Continually monitors the NIHnet environment, tracking and validating IP addresses to safeguard against unauthorized access.
- Orchestrates and executes a portfolio of projects, with accountability for building project teams, resource management, and the innovation of schedules to achieve all milestones and deliverables on time and within budget.
- Provides status updates to management via dashboards.
Information Systems Security Officer (ISSO) Team Lead
LS Technologies LLC
Washington, DC
11.2018 - 04.2021
- Company Overview: LS Technologies is a provider of telecommunications services to the federal government.
- Instrumental in maintaining the security of 64 air traffic control, surveillance, and communications systems for the federal government, supervising a team of seven direct reports, seven contractors, and three FAA employees.
- Leveraged Top Secret Clearance to monitor all systems and prevent catastrophic security breaches.
- Examined all security policies and procedures to ensure compliance with FISMA and NIST requirements as well as best technical practices.
- Pioneered the implementation of the Risk Management Framework (RMF) in accordance with NIST SP 800-37.
- Delivered solid results, navigating 25 systems to an Authorization to Operate (ATO) status, accelerating the process by identifying key decision-makers within each system.
- Provided guidance to system owners on remediating audit findings, security planning and reporting, and the timely resolution of security vulnerabilities.
- Served as a coach and trainer of newly hired engineers to build competencies in policies and compliance.
- Developed budget recommendations detailing the costs of security remediation efforts, including new software applications, security patches, and personnel.
- LS Technologies is a provider of telecommunications services to the federal government.
Accountant / Computer Science & Management
CoreLink Administrative Solutions
Fargo, ND
03.2017 - 11.2018
- Company Overview: CoreLink Administrative Solutions was a software development and services company which built the software to run health insurance plans.
- Serves as a resource for management, leading the research and analysis of accounting data to build reports and prepare asset, liability, and capital account entries.
- Examined accounting operations to build informed recommendations for financial actions.
- The scope of work included the preparation of balance sheets, P&L statements, and reports.
- Investigated and resolved discrepancies through the collection and review of account information.
- Examined and implemented measures to maintain compliance with local, state, and federal regulations.
- CoreLink Administrative Solutions was a software development and services company which built the software to run health insurance plans.
Financial Reporting and Analysis / Microsoft Cloud Infrastructure Operations (Contract Role via Archway)
Microsoft Corporation
Fargo, ND
02.2016 - 03.2017
- Company Overview: Microsoft Corporation is a Fortune 500 multinational technology corporation which produces computer software, consumer electronics, personal computers, and related services.
- Supported Microsoft Cloud Infrastructure Operations by performing financial analysis and reporting responsibilities, including forecasting, cash flow analysis, bank reconciliations, monthly accounts payable for vendors, and the analysis of balance sheet accounts.
- Microsoft Corporation is a Fortune 500 multinational technology corporation which produces computer software, consumer electronics, personal computers, and related services.
Education
Master of Science - Business Analytics
Georgetown University
Washington, DC11-2026
Cyber Security
Harvard University
Cambridge, MA04-2023
Master of Science Degree - Cybersecurity Management and Policy
University of Maryland University College
Adelphi, MD05-2021
Bachelor of Science Degree - Management, Minor in Computer Science
Regent University College of Science And Technology
Accra, Ghana06-2009
Skills
- Risk Management Framework
- FISMA policy implementation experience
- Business continuity planning
- Experience with FedRAMP guidelines
- Expertise in NIST 800 standards
- Professional client interaction
- Internal communication
- Operational efficiency enhancement
- Project timeline management
- Cloud security implementation
- Implementation of cybersecurity policies
- Incident response
- Vulnerability management
- Compliance auditing
- Business continuity
- Regulatory compliance
- Security auditing
- Business Analysis
- Vulnerability scanning
- POAM management
- System categorization
- FIPS 199 assessment
- Effective team collaboration
- Assured Compliance Assessment Solution (ACAS)
- Army’s Enterprise Mission Assurance Support Service (eMASS)
- Development of incident response plans
- AWS GovCloud
- Cybersecurity policies
- Tenable SC
- Continuous monitoring
- Skilled in using Splunk
- CSAM Repository
- BigFix management expertise
- Patch management
- Asset inventory management
- Risk assessments
Clearance
DoD - TOP SECRET
Military
United States Army, 01/01/12, 12/31/20, Army Achievement Medal, NATO Medal during Operation Enduring Freedom
Personal Information
Citizenship: United States Citizen
Certification
Certified Project Management Professional (PMP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Scrum Master Certified (SMC)
CompTIA Advanced Security Practitioner
CompTIA Security+ Certification
Languages
English
Full Professional
References
References available upon request.
Timeline
Manager, IT Risk & Cybersecurity Advisory
Centri Business Consulting
12.2023 - 03.2024
Information Systems Security Officer (ISSO) III
Herren Associates
04.2022 - Current
Information Systems Security Officer (ISSO) / Project Manager
AGovX
06.2021 - 07.2022
Information Systems Security Officer (ISSO) Team Lead
LS Technologies LLC
11.2018 - 04.2021
Accountant / Computer Science & Management
CoreLink Administrative Solutions
03.2017 - 11.2018
Financial Reporting and Analysis / Microsoft Cloud Infrastructure Operations (Contract Role via Archway)
Microsoft Corporation
02.2016 - 03.2017
Master of Science - Business Analytics
Georgetown University
Cyber Security
Harvard University
Master of Science Degree - Cybersecurity Management and Policy
University of Maryland University College
Bachelor of Science Degree - Management, Minor in Computer Science
Regent University College of Science And Technology
Similar Profiles
Dru McInerneyDru McInerney
Data Scientist Associate at Herren AssociatesData Scientist Associate at Herren Associates
PATRICK TAMAKLOEPATRICK TAMAKLOE
INFORMATION SYSTEM SECURITY ANALYST II (ISSE) at HERREN ASSOCIATESINFORMATION SYSTEM SECURITY ANALYST II (ISSE) at HERREN ASSOCIATES
Tighe HerrenTighe Herren
Custodial Worker at Cain and HerrenCustodial Worker at Cain and Herren
Beth Anne ThompsonBeth Anne Thompson
Administrative Sales Clerk at Braxton Grant TechnologyAdministrative Sales Clerk at Braxton Grant Technology
Peter KinjoPeter Kinjo
Large Machine Operator at William T. Burnett & Co IncLarge Machine Operator at William T. Burnett & Co Inc