Profiles search
Nana Akosua Safowah Boateng
Information Security Analyst at Emagine IT, Inc.
Baltimore, MD, United States
Details
Experience:
• Conduct interviews with government Technical Leads (TL) in order to collect systems information (information type, boundary, inventory, evidence, etc.) in support of system assessment.
• Conduct document reviews of NIST, USPTO and Department of Commerce policies and procedures, system specific procedures, FISMA, vendor specific publications, and other supporting documents related to the master and sub information systems supporting the USPTO mission.
• Review, modify, and update assessment procedures as a result of newly released USPTO guidance.
• Review and assess the following Security Assessment and Authorization (SA&A) artifacts : System Security Plan (SSP), Risk Assessment (RA), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, System Security test and Evaluation (ST&E), Contingency Plan (CP), and other accreditation specific documentation.
• Examine records provided and research additional evidence to validate control implementation and effectiveness.
• Document assessment evidence and develop assessment reports to document findings, final reports and actionable recommendations.
• Evaluate Plan of Actions & Milestones (POA&Ms), Remediation Plans, and Corrective Action Plans (CAP) as part of monitoring and remediation process to ensure adequate capturing of vulnerabilities.
• Uploading all completed assessment findings as well as evidence onto CSAM for clients’ review.
• Assist coordinating efforts with the facilities point of contacts (FPOC) to gather additional evidence for assessment.
• Utilize various tools and resources such as Remedy, Network Monitoring Services, DOSP, and SCM etc to access controls and confirm implementation.
• Train two assessors increasing assessment capabilities by 40%.
• Providing quality control review on junior assessors’ assessments to ensure government standards are met.
• Recognized for assessing over 25 systems and provided assessment support to 5 systems.
2018 : Present
Emagine IT, Inc.
Information Security Analyst/Security Control Assessor
Conduct assessment of Security Control selections on various moderate impact level systems to ensure compliance to NIST 800-53A rev4. Review and update the System Security Plan, Security Assessment Plan, and the Plan of Action & Milestones (POAM).
• Request and Review vulnerability scans and reports.
• Lead Kick off meetings to discuss the status of an assessment process or other project Planning activities.
• Monitor security control post-authorizations to ensure continuous compliance with security requirements.
• Work closely with System developers in putting System documentations together for annual Security Control Assessments (SCA). The SCA assesses the adequacy of management, operational a, privacy and technical security controls implemented
• Provide support to external audit teams as required (Helped in the gathering/presentation of evidence to validate controls effectiveness and efficiency)
• Interview departmental heads and review existing system documentation to determine specific, measurable, agreed, relevant and theoretically sound audit objectives
• Analyze and update system documentation and Plan of Action and Milestones (POA&M).
• Request and analyze required and appropriate artifacts to close Plan of Action and Milestone (POA&Ms) from SCAS and closed existing POA&Ms in time for ATO
• Responsible for creating minute reports for system meetings to keep track of action items to be executed.
2016 : 2018
Cyloc Solutions LLC
Information Security Assessor
• Conduct document reviews of NIST, USPTO and Department of Commerce policies and procedures, system specific procedures, FISMA, vendor specific publications, and other supporting documents related to the master and sub information systems supporting the USPTO mission.
• Review, modify, and update assessment procedures as a result of newly released USPTO guidance.
• Review and assess the following Security Assessment and Authorization (SA&A) artifacts : System Security Plan (SSP), Risk Assessment (RA), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, System Security test and Evaluation (ST&E), Contingency Plan (CP), and other accreditation specific documentation.
• Examine records provided and research additional evidence to validate control implementation and effectiveness.
• Document assessment evidence and develop assessment reports to document findings, final reports and actionable recommendations.
• Evaluate Plan of Actions & Milestones (POA&Ms), Remediation Plans, and Corrective Action Plans (CAP) as part of monitoring and remediation process to ensure adequate capturing of vulnerabilities.
• Uploading all completed assessment findings as well as evidence onto CSAM for clients’ review.
• Assist coordinating efforts with the facilities point of contacts (FPOC) to gather additional evidence for assessment.
• Utilize various tools and resources such as Remedy, Network Monitoring Services, DOSP, and SCM etc to access controls and confirm implementation.
• Train two assessors increasing assessment capabilities by 40%.
• Providing quality control review on junior assessors’ assessments to ensure government standards are met.
• Recognized for assessing over 25 systems and provided assessment support to 5 systems.
2018 : Present
Emagine IT, Inc.
Information Security Analyst/Security Control Assessor
Conduct assessment of Security Control selections on various moderate impact level systems to ensure compliance to NIST 800-53A rev4. Review and update the System Security Plan, Security Assessment Plan, and the Plan of Action & Milestones (POAM).
• Request and Review vulnerability scans and reports.
• Lead Kick off meetings to discuss the status of an assessment process or other project Planning activities.
• Monitor security control post-authorizations to ensure continuous compliance with security requirements.
• Work closely with System developers in putting System documentations together for annual Security Control Assessments (SCA). The SCA assesses the adequacy of management, operational a, privacy and technical security controls implemented
• Provide support to external audit teams as required (Helped in the gathering/presentation of evidence to validate controls effectiveness and efficiency)
• Interview departmental heads and review existing system documentation to determine specific, measurable, agreed, relevant and theoretically sound audit objectives
• Analyze and update system documentation and Plan of Action and Milestones (POA&M).
• Request and analyze required and appropriate artifacts to close Plan of Action and Milestone (POA&Ms) from SCAS and closed existing POA&Ms in time for ATO
• Responsible for creating minute reports for system meetings to keep track of action items to be executed.
2016 : 2018
Cyloc Solutions LLC
Information Security Assessor
Company:
Emagine IT, Inc.
About
As a Security Analyst with multiple years of successfully assessing Information Systems with a focus on FISMA, NIST, ISO, HITRUST, HIPAA, FedRamp, System Security Evaluation, and Risk Assessments, I want to work in a creative environment where I can make a significant impact to help achieve an enterprise wide information risk goals and objectives. I possess the ability to lead, direct, solve problems, think critically, and communicate well at all levels.
Profile Photo
