ROBERT ASARE-BEDIAKO
Smyrna,Delaware
Summary
Professional, results-driven IT Security Analyst/Auditor and GRC Risk Assessor with 6+ years of experience supporting NIST SP 800-53, NIST SP 800-37, FedRAMP, FISMA, CIS and ISO 27001. Skilled in developing security authorization packages (SSP, SAP, SAR, POA&M) and leading risk assessments to reduce vulnerabilities and ensure regulatory alignment. Strong leadership and problem-solving abilities in dynamic, high-stakes environments. Committed to advancing enterprise-wide security and risk management objectives.
Overview
8
8
years of professional experience
1
1
Certification
Work History
Senior Information Security Analyst - GRC
NORFOLK SOUTHERN CORP
Atlanta, GA
10.2022 - 08.2025
- Conducted over 60 independent security control assessments annually across diverse systems using NIST RMF and CIS Controls, evaluating management, operational, and technical safeguards to identify risk and compliance gaps.
- Developed and maintained critical assessment documentation including Security Assessment Plans (SAP), System Security Plans (SSP), and Security Assessment Reports (SAR), supporting successful Authority to Operate (ATO)outcomes.
- Created and managed Plans of Action and Milestones (POA&Ms) for more than 30 systems, outlining prioritized risk mitigation strategies, remediation timelines, and resource allocation.
- Collaborated with system owners, engineers, and compliance teams to gather, validate, and present technical evidence of control implementation and effectiveness.
- Collaborated with system owners and engineers to assess systems; translated technical risks into clear reports for stakeholders, improving compliance reporting efficiency by 30%.
Security Control Assessor
INFOTEC ADVISORS INSTITUTE
Reston, VA
08.2018 - 09.2022
- Evaluated internal IT controls across over 50 systems annually, assessing both design and operational effectiveness to identify compliance gaps and risk exposures, and developing targeted remediation plans.
- Assessed third-party vendors' compliance with applicable regulatory requirements and industry best practices.
- Led security assessment kickoff meetings with stakeholders to ensure a thorough understanding of system architecture, data flows, and security requirements.
- Reviewed and validated key system artifacts (e.g., Access Control, Audit Logging, Incident Response policies) for alignment with NIST SP 800-53 Rev. 5standards, ensuring documentation compliance across all assessed systems.
- Authored detailed Security Assessment Reports (SARs) summarizing audit findings, risk levels, and recommendations—contributing to a 90% reduction in repeat control failures across multiple engagements.
- Analyzed vulnerability scan results( Veracode, DAST, etc.) for high-risk findings and collaborated with engineering teams to ensure timely mitigation, reducing exposure windows.
Help Desk Support
PJ PROS LLC
Baltimore, MD
01.2018 - 08.2018
- Provided direct phone hands-on support.
- Installed, configured, and performed minor repairs on desktop and laptop systems, improving hardware efficiency and reducing downtime by 25%.
- Provide technical assistance and training to system users.
- Used remote access to troubleshoot, resolve and test operating system.
- Tracked requests for help desk tickets using a ticketing system such as ServiceNow or JIRA.
Education
Bachelor of Arts - Geography and Resource Development
UNIVERSITY OF GHANA
Ghana05-2010
Skills
- Knowledge in IT security strategy tools like Microsoft 360, Archer, ServiceNow, LeanIX, SonarQube, Veracode, Tenable, DAST, Microsoft Copilot, ChatGPT, Jira, etc
- Designing Security Controls
- Security Control Assessment
- Artificial Intelligence(AI)
- Knowledge in Security policies and procedures
- Data Security
- Remote Access
- Risk Analysis
- Team collaboration
- Developing SSP, SAP, SAR and POA&M management
- Risk Management Framework (RMF)
- Excellent writing and presentation skills
- Reliable and possess ability to complete tasks prior to due date
- Attention to detail
- Vulnerability assessment and management
- Stakeholder engagement
- Technical documentation
- Application security
- Network security
- Firewall management
- Virtual private networks
- Cloud security
- Third Party/Vendor Risk Assessment
Certification
- Certified Information System Auditor (CISA).
- COMPTIA Security + certification.
- Scrum Master Accredited Certification.
Timeline
Senior Information Security Analyst - GRC
NORFOLK SOUTHERN CORP
10.2022 - 08.2025
Security Control Assessor
INFOTEC ADVISORS INSTITUTE
08.2018 - 09.2022
Help Desk Support
PJ PROS LLC
01.2018 - 08.2018
Bachelor of Arts - Geography and Resource Development
UNIVERSITY OF GHANA
Similar Profiles
ERNEST STEVENSERNEST STEVENS
Locomotiveengineer at Norfolk Southern CorpLocomotiveengineer at Norfolk Southern Corp
Mohammad Sajidul IslamMohammad Sajidul Islam
Supervisor, Car Maintenance - Mechanical at Norfolk Southern CorpSupervisor, Car Maintenance - Mechanical at Norfolk Southern Corp
Richard MurphyRichard Murphy
Senior Terminal Manager at Norfolk Southern CorpSenior Terminal Manager at Norfolk Southern Corp
Ashley Jones ParksAshley Jones Parks
Adjunct Instructor – First Year Seminar at Delaware Technical Community CollegeAdjunct Instructor – First Year Seminar at Delaware Technical Community College
Joseph BattagliaJoseph Battaglia
Baseball Umpire at SCLLBaseball Umpire at SCLL