Summary

Overview

Work History

Education

Timeline

Richard Bossman

FSMA/IT SPECIALIST

Corona,NY

Summary

Information Systems Security Officer/Security Controls Assessor/ RMF Analyst Security Compliance Specialist Dedicated and detail-oriented IT Security Analyst with over 8+ years of experience in Cybersecurity, Risk Assessments/Audits, and mitigation. Experienced in identifying and remediating vulnerabilities; eliminating critical control gaps and driving strategic security initiatives, expertise in Ostrich Cyber Product, Collaborative team player and natural leader with proven success coaching junior analysts, meeting tight deadlines, and establishing improved processes. CORE STRENGTHS Information Security | Risk Analysis & Remediation | Security Controls Assessments |Compliance| Plans of Action and Milestones (POAM) | Security Awareness |Documentation| Team Leadership | Security Artifacts | Vulnerability Scans & Tests | Stakeholder Engagement| Governance | Coaching/Mentoring | Reporting |Security Information and Event Management | Identity Access Management | System Vulnerability Testing | Threat Analysis | Encryption/Decryption | Firewalls | Penetration Testing |System Security Plan [SSP] Incident plans responds and putting up mitigation measures, |Familia with CIS & ISO 27001.

Overview

years of professional experience

Work History

Information System Security Officer

Cyberrisk Beyond Solutions

, AL

07.2020 - 12.2023

Conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited for traditional information technology (IT)
Collaborate with stakeholders to develop and implement corrective action plans based on assessment findings
Provide expertise in scaling security measures to meet the unique requirements of diverse IT system
Determine the overall effectiveness of the controls (as defined in NIST SP 800-37)
Verification that System Security Plans (SSPs) to be assessed and audited are ready for an assessment via use of an Agency approved tool
Facilitate, perform, and manage actions necessary to maintain system and capability accreditation status in accordance with DFARS, NIST 800-53 and 800-171, including scanning, auditing, and authoring/coordinating security accreditation-related documentation
Provide advice and assistance on cyber security for corporate development and system maintenance, projects monitoring, system authorization, status of segment components, authorizing and coordinating related documentation
Review and advise on security aspects of corporate policy, procedures and development
Present system maintenance and authorization status, and potential issues to corporate leadership when necessary
Assist in the creation and maintenance of A&A packages, System Security Plans (SSP), Risk Assessment Reports (RARs), Security Controls Traceability Matrices (SCTMs) and Plans of Action & Milestone (POA&Ms) for all corporate systems
Conduct regular audits in accordance with corporate compliance policies and guidance
Assist in providing Continuous Monitoring activities for security-relevant information system software, hardware, and firmware
Assist in the investigations of information system security violations and assist in the preparation of reports with corrective actions and preventative measures
Strong background in risk management and governance
Excellent analytical and problem-solving skills
Assessment of control enhancements employed within, or inherited by information technology (IT) systems, to determine the overall effectiveness of the controls (as defined in NIST SP 800-37 )
Perform and evaluate continuos monitoring of Information Technology (IT) assets
Support NIST, Risk Assessment, HIPAA project initiatives by undertaking risk assessments, advising on implementation of security measures, recommending appropriate risk mitigations, interpreting security policy and standards in the context of projects and business scenarios to help the business operate securely
Assess existing controls to determine level of compliance to HIPAA, NIST and FedRAMP
Inclusive of: their maturity, state of compliance, and the risk associated with any findings
Schedule assessments
Conduct technical and non-technical security assessment
Create Security Assessment Report (SAR) using agreed upon format
Schedule and perform system assessment out-brief with ISO
Attend Authorization To Operate (ATO) brief with Authorizing Official (to be scheduled by ISO)
Upload all security assessment documentation in the Agency approved tool.

FISMA Security Compliance Analyst

, PA

02.2018 - 06.2020

Act as a client-facing representative of the organization, engaging with clients professionally and effectively
Create and adhere to assessments Standard Operating Procedures (SOPs) and standardized templates
Worked with a team of Information Security Owners, Developers and System Engineers to ensure proper system categorization using NIST 800-60 and FIPS 199 and determined if the system required PTA or PIA
Selected and tailored security controls to safeguard system information using NIST SP 800-53 and FIPS 200
Conducted assessments of security controls on various impact systems in accordance with agency guidelines to ensure compliance with NIST 800-53A, 800-171A, ISO 27001/2
Liaised with system owners to develop, test, and train on contingency plans and incident response plans
Prepared and updated security authorization documentation including security plan, risk assessment, contingency plan, privacy impact analysis
Documented NIST 800-53A, 800-171A, ISO 27001/2 security control compliance findings within Security Assessment Reports (SARs)
Conducted security assessment interviews to determine the security posture of the System and to develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain company’s Authorization to Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization
Reviewed and updated remediation on plan of action and milestones (POA&Ms), in organization's Cyber Security and Management (CSAM) system
Work with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M
Maintained and monitored IT security practices to protect the confidentiality, integrity, and availability of data
Developed, implemented, maintained, and oversaw enforcement of security policies
Tested, assessed, and documented security control effectiveness
Collected evidence, interviewed personnel, and examined records to evaluate effectiveness of controls
Work collaboratively with cross-functional teams to gather necessary information for assessments
Ensure timely and accurate reporting of assessment results, vulnerabilities, and compliance status
Collaborate with stakeholders to develop and implement corrective action plans based on assessment findings

IT Security Analyst

Northwell Health

, NY

08.2015 - 01.2018

Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack
Authored security incident reports, highlighting breaches, vulnerabilities and remedial measures
Managed relationships with third-party intrusion detection system providers
Mentored non-commissioned officers in maintenance of encrypted data equipment
Conducted security audits to identify vulnerabilities
Developed and maintained incident response protocols to mitigate damage and liability during security breaches
Enterprise compliance accros multiple Security Framework including SOC 2, NIST and ISO and maintain up-to-date records of requirements and corresponding mitigating controls
Monitor third-party risk assessments and assist in performing internal risk assessments
Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle
Assessed network intrusion detection systems IDS/IPS and artifacts including logs, system images and packet captured (SIEM) to enable mitigation of networks incidents
Ensured that adequate controls are maintained for SOX, HIPAA, and NIST regulations.

Junior Cybersecurity Analyst

Mount Sinai South Nassau

, NY

03.2013 - 01.2015

Maintain records of security monitoring and incident response activities
Work with System and Network administrators to create, modify, and update IDS, IPS, and SIEM rules
Reviewed System logs with Splunk to identify and investigate suspicious activities
Performing vulnerability scanning using Nessus and documenting the vulnerability results in a risk register and managed them.

Education

Bachelor -

University of Education Winneba

Associate Degree - Cyber Security

New York University

CompTIA Security+ - CompTIA Network+ - Certified Information System Auditor (CISA) -

Timeline

Information System Security Officer

Cyberrisk Beyond Solutions

07.2020 - 12.2023

FISMA Security Compliance Analyst

02.2018 - 06.2020

IT Security Analyst

Northwell Health

08.2015 - 01.2018

Junior Cybersecurity Analyst

Mount Sinai South Nassau

03.2013 - 01.2015

Bachelor -

University of Education Winneba

Associate Degree - Cyber Security

New York University

Richard Bossman

Summary

Overview

Work History

Information System Security Officer

FISMA Security Compliance Analyst

IT Security Analyst

Junior Cybersecurity Analyst

Education

Bachelor -

Associate Degree - Cyber Security

CompTIA Security+ - CompTIA Network+ - Certified Information System Auditor (CISA) -

Timeline

Information System Security Officer

FISMA Security Compliance Analyst

IT Security Analyst

Junior Cybersecurity Analyst

Bachelor -

Associate Degree - Cyber Security

CompTIA Security+ - CompTIA Network+ - Certified Information System Auditor (CISA) -

Similar Profiles

Elizebeth GhilbertElizebeth Ghilbert

Lisa DanielsLisa Daniels

Ana Giselle Javelly TovarAna Giselle Javelly Tovar

Chelsea Andrade SotoChelsea Andrade Soto

Alexander CruzAlexander Cruz