Summary
Overview
Work History
Education
Skills
Certification
References
Timeline
Generic

Theresa Adjapong

Severn,MD

Summary

Dynamic professional with extensive years of expertise in information security assurance, analysis, administration, Risk Management Framework (RMF), Security Control Implementation, Assessment and Authorization, POA&M Management, Continuous Monitoring and Vulnerability Management. Ability to interact well with client from diverse backgrounds, lead and direct, solve problems creatively, think critically, and make strategic decisions in a fast-paced environments.

Overview

10
10
years of professional experience
1
1
Certification

Work History

Senior Cybersecurity Analyst

OptumServe
04.2022 - Current
  • Coordinates, develops, and performs independent risk assessments of government owned systems for Security Authorizations, Ongoing Security Authorizations and Reauthorizations
  • Lead project and vendor engagements and technology assessments to understand the capabilities of required systems or networks
  • Identify and recommend cyber strategies for technology development based on stakeholder requirements
  • Develop and recommend security controls, identify key security objectives to maximize software and system security while minimizing disruption to plans and schedules
  • Plans risk assessment activities, schedules and coordination of risk assessment activities
  • Conduct testing and evaluation (T&E) of security controls based on current NIST requirements
  • Identifies, reports, and resolves security violations.
  • Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
  • Translate security controls into technical specifications and guidance to stakeholders to ensure common understanding among stakeholders and enable adequate implementation.
  • Deliver complete assessment documentation (e.g., Security Assessment Plan, Security Assessment Report, Risk Traceability Matrix etc.)
  • Draft agency specific security control assessment (SCA) guidance, procedures, and templates to allow thorough and accurate control assessments, risk analysis, and final documentation in the Security Assessment Report (SAR)
  • Host kick-off meetings with system owner, ISSO etc
  • To categorize new information security systems through the collection of required documentation based on FIPS 199 and NIST SP 800-60 criteria
  • Perform continues monitoring on major and minor cloud systems, remediating all vulnerability, and closing of all open POA&Ms
  • Ability to develop security documentations (policies, procedures, guidelines, standards and etc.)
  • Performs FedRAMP assessments
  • Prepares and reviews authorization packages (SSP, FIPS 199, CP, CM, SAP, SAR, POA&M, etc.) for Low, Moderate and High impact systems
  • Assists Systems Owners and business stakeholders through Security Assessment and Authorization (SA&A) process, ensuring that Operational, Management, and Technical controls securing sensitive Security Systems are in place and being followed according to the NIST SP 800-53 rev 4
  • Assist in security reviews, identifies gaps in security architecture and designs, and recommends necessary security controls to be integrated within the development lifecycle
  • Provide peer review and support for organizational deliverables.
  • Streamlined communication during incidents by establishing clear protocols for reporting potential threats or breaches in a timely manner.

Information Assurance Analyst

B&C Tech Consult
06.2016 - 04.2022
  • Creates and updates the following Security Assessment and Authorization (SA&A) artifacts as part of the ATO process; FIPS 199, Business Impact Analysis (BIA), Information System Contingency Plan (ISCP), Security Test and Evaluations (ST&Es), Risk assessments (RAs), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, Plan of Action, and Milestones (POA&M)
  • Prepares Security Assessment and Authorization (SA&A) packages to ascertain that management, operational, technical and privacy security controls adhere to NIST SP 80053 revision 4 standards
  • Prepares and reviews authorization packages (i.e., SSP, FIPS 199, CP, CM, SAP, SAR, POA&M, etc.) for Moderate and High impact systems
  • Assists Systems Owners and business stakeholders through Security Assessment and Authorization (SA&A) process, ensuring that Operational, Management, and technical controls securing sensitive Security Systems are in place and being followed according to the NIST SP 800-53 rev 4
  • Supports the preparation of security test plans, execute, and assess the security control effectiveness using security control test procedures, and creates Security Assessment Reports (SAR) based on assessment findings
  • Conducts security control assessment of applicable security controls to ensure compliance per NIST 800-53 Rev.4 requirements
  • Conducts security control assessment integrating controls from FedRAMP cloud environments as well as on-premises data center security
  • Assesses internal threats, risks, and vulnerabilities from emerging security issues
  • Develops roadmap for the development of a comprehensive information security policy template
  • Assists in developing Security Control Assessment (SCA) strategy for the organization; to include an overall assessment process flow, which documents the steps required to conduct assessment activities and interacts with all necessary parties
  • Serves as a lead assessor and assigns tasks to the security assessment team; develops associated schedules and resource plans to complete the assessments
  • Provides POA&M support to ensure mitigations are completed or the teams are working to mitigate all vulnerabilities in a timely fashion and within customer policy timeframe
  • Performs continuous monitoring to ensure implemented security controls remain functional throughout the lifecycle of the information system
  • Develops and maintains a schedule for conducting reoccurring Continuous Monitoring and ongoing Continuous Diagnostic and Mitigation (CDM) efforts once the initial assessments are complete
  • Participates in meeting with stakeholders to present assessment findings and recommendations for remediation
  • Prepares authorization package for management review and final Authorization to Operate (ATO).

Information Security Analyst

DLLC Consulting
01.2014 - 06.2016
  • Participate in kick-off meetings with system owner, ISSO etc
  • To categorize new information security systems through the collection of required documentation based on FIPS 199 and NIST SP 800-60 criteria
  • Perform continues monitoring on major and minor cloud systems, remediating all vulnerability, and closing of all open POA&Ms
  • Perform and manage A &A tasks, including FIPS 199 categorization, selecting of security controls using NIST 800 53 as a guide and writing of implementation statements and assessment
  • Interview security personnel to evaluate the adequacy of internal controls and compliance with company policies and procedures
  • Conduct Risk Assessment on various information systems to identify system threats, vulnerabilities, and risk
  • Collaborate with ISSO to develop the System Security Plans (SSP), Security Assessment Report (SAR), Plan of Actions and Milestones (POAM), Incident Report Plans and all other artifacts referenced in the SSP
  • Create and update the following Security Assessment and Authorization (SA&A) artifacts; Risk Assessments Report (RAR), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), Contingency Plan, Security Test and Evaluations (ST&Es), E-Authentication, Plan of Action and Milestones (POA&Ms)
  • Supported the remediation actions to correct assessment findings, develop supporting plan of action and milestone (POA&M) and update System Security Plan
  • Conducted security assessment interviews to determine the Security posture of the Systems
  • Developed a Security Assessment Report (SAR) from the completion of the Security Test and Evaluation (ST&E) using NIST SP 800-53A to maintain system Authorization to Operate (ATO)
  • Using NIST Standards on cyber security and incident handling (800-63, 800-61) to develop incident Response Plans for various minor and major application systems
  • Work with Information Systems Security Officers (ISSO) to ensure FISMA documentation, ATO artifacts are executed in timely manner
  • Determine security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements).

Education

Bachelor of Arts - Social Sciences (English And Law)

Kwame Nkrumah University of Science Technology
Kumasi, Ghana
07.

Skills

  • NIST 800 Special Publication Series (FIPS 199, FIPS 200, 800-60, 800-61, 800-37, 80053 Rev 4-5, 800-171, 800-118, etc)
  • XACTA
  • CSAM
  • SharePoint
  • Microsoft Planner
  • Microsoft Office Suites
  • Teams
  • System Security Plan (SSP)
  • Risk Vision
  • Nessus Tenable Tools
  • SIEM
  • Web-Inspect
  • Health Insurance Portability and Accountability Act (HIPAA)
  • NIST Risk Management Framework (RMF) / NIST Cybersecurity Framework (CSF), network security, confidentiality, integrity, availability
  • Security Assessment & Authorization (A&A) Process
  • Team Player
  • Excellent Communication skills
  • Attention to Detail
  • Multitasking
  • Active Listening

Certification


  • CISM
  • Security+

References

References Provided Upon Request

Timeline

Senior Cybersecurity Analyst

OptumServe
04.2022 - Current

Information Assurance Analyst

B&C Tech Consult
06.2016 - 04.2022

Information Security Analyst

DLLC Consulting
01.2014 - 06.2016

Bachelor of Arts - Social Sciences (English And Law)

Kwame Nkrumah University of Science Technology
Theresa Adjapong