Profiles search
Michelle Osei-Nsafoah
Information Security & Compliance Analyst
Ft. Washington, MD, United States
Details
Education:
Bachelor of Science - BS
Rehabilitation Services
University of Maryland Eastern Shore
2010 : 2014
Rehabilitation Services
University of Maryland Eastern Shore
2010 : 2014
Experience:
• Initiates kick-off meetings with system owners, to review and categorize systems based on FIPS 199 and NIST SP 800-60 criteria.
• Perform detailed Security Assessment by ensuring that the customer responsibility statement and FedRAMP packages are well implemented.
• Implement information security policies, standards, and procedures to ensure compliance with ISO 27001 requirements.
• Interview security personnel to evaluate the adequacy of internal controls and compliance with company policies and procedures.
• Conduct Risk Assessment on various information systems to identify system threats, vulnerabilities, and risk.
• Collaborate with system owners to develop System Security Plans (SSP), Security Assessment Report (SAR), Plan of Actions and Milestones (POAM), Incident Response Plans and all other artifacts referenced in the SSP.
• Create and update the following Security Assessment and Authorization (SA&A) artifacts; Risk Assessments Report (RAR), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), Contingency Plan, Security Test and Evaluations (ST&Es),, Plan of Action and Milestones (POA&Ms).
• Conduct internal audits to assess compliance with SOC 1 & 2 and ISO 27001 standards, identify areas for improvement, and coordinate external audits and certification processes to ensure compliance with ISO 27001 requirements.
• Support the remediation actions to correct assessment findings, develop supporting plan of action and milestone (POA&M) and update System Security Plan.
• Review contract documentation (MSA,SA,RFP,DPA) for compliance with operational practices.
• Review policies and procedures to ensure compliance with standards and operational needs.
2022 : Present
Placer.ai
Information Security & Compliance Analyst
• Conducted security assessment interviews to determine the Security posture of the System.
• Developed a Security Assessment Report (SAR) after the completion of system security assessments using NIST SP 800-53A to maintain system Authorization to Operate (ATO).
• Used NIST Standards in security and incident handling (800-63, 800-61) to develop incident Response Plans for various minor and major application systems.
• Worked with Information Systems Security Officers (ISSO) to ensure FISMA documentation and ATO artifacts are executed in a timely manner.
• Determined security control effectiveness (i.e., control selection and implementation, operating as intended, and meeting security requirements).
• Lead compliance initiatives to ensure SOC 1 &2 and ISO 27001 certification for in-scope operational areas.
2019 : 2022
NAFSA : Association of International Educators
Audit and Compliance Analyst
• Conducted IT Risk Assessments and documented security controls.
• Ensured that appropriate steps were taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.
• Reviewed POA&M and enforced timely remediation of audit issues.
• Applied knowledge of Security Assessment & Authorization policies, and regulations in the assessment of IT systems and documentation and the preparation of related documents.
• Created and tracked POA&Ms for remediation of all accepted risks upon completion of Security Control Assessment and vulnerability scan results.
• Produced vulnerability and configuration metrics and reporting to demonstrate assessment coverage and remediation effectiveness.
2016 : 2019
PenFed Credit Union
Information Assurance Analyst
• Perform detailed Security Assessment by ensuring that the customer responsibility statement and FedRAMP packages are well implemented.
• Implement information security policies, standards, and procedures to ensure compliance with ISO 27001 requirements.
• Interview security personnel to evaluate the adequacy of internal controls and compliance with company policies and procedures.
• Conduct Risk Assessment on various information systems to identify system threats, vulnerabilities, and risk.
• Collaborate with system owners to develop System Security Plans (SSP), Security Assessment Report (SAR), Plan of Actions and Milestones (POAM), Incident Response Plans and all other artifacts referenced in the SSP.
• Create and update the following Security Assessment and Authorization (SA&A) artifacts; Risk Assessments Report (RAR), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), Contingency Plan, Security Test and Evaluations (ST&Es),, Plan of Action and Milestones (POA&Ms).
• Conduct internal audits to assess compliance with SOC 1 & 2 and ISO 27001 standards, identify areas for improvement, and coordinate external audits and certification processes to ensure compliance with ISO 27001 requirements.
• Support the remediation actions to correct assessment findings, develop supporting plan of action and milestone (POA&M) and update System Security Plan.
• Review contract documentation (MSA,SA,RFP,DPA) for compliance with operational practices.
• Review policies and procedures to ensure compliance with standards and operational needs.
2022 : Present
Placer.ai
Information Security & Compliance Analyst
• Conducted security assessment interviews to determine the Security posture of the System.
• Developed a Security Assessment Report (SAR) after the completion of system security assessments using NIST SP 800-53A to maintain system Authorization to Operate (ATO).
• Used NIST Standards in security and incident handling (800-63, 800-61) to develop incident Response Plans for various minor and major application systems.
• Worked with Information Systems Security Officers (ISSO) to ensure FISMA documentation and ATO artifacts are executed in a timely manner.
• Determined security control effectiveness (i.e., control selection and implementation, operating as intended, and meeting security requirements).
• Lead compliance initiatives to ensure SOC 1 &2 and ISO 27001 certification for in-scope operational areas.
2019 : 2022
NAFSA : Association of International Educators
Audit and Compliance Analyst
• Conducted IT Risk Assessments and documented security controls.
• Ensured that appropriate steps were taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.
• Reviewed POA&M and enforced timely remediation of audit issues.
• Applied knowledge of Security Assessment & Authorization policies, and regulations in the assessment of IT systems and documentation and the preparation of related documents.
• Created and tracked POA&Ms for remediation of all accepted risks upon completion of Security Control Assessment and vulnerability scan results.
• Produced vulnerability and configuration metrics and reporting to demonstrate assessment coverage and remediation effectiveness.
2016 : 2019
PenFed Credit Union
Information Assurance Analyst
Company:
Placer.ai
Years of Experience:
7
Skills
Active Directory, Business Analysis, Cybersecurity, Data Entry, Domain Name System (DNS), Firewalls, Information Assurance, Information Security, junior systems admin, Leadership, Medical Terminology, Microsoft Office, Networking, Network Security, Security, Team Building, Training, Troubleshooting, U.S. Health Insurance Portability and Accountability Act (HIPAA), Virtual Private Network (VPN), Windows Server
About
An Information Assurance Analyst with over 5 years of experience. A committed professional with the knowledge, skills, and talent in IT Security and compliance to help improve data security and overall information security compliance. I possess strong leadership qualities, excellent communication skills, self-motivated, with an unwavering desire to contribute to the team’s mission.
Profile Photo
