Nii Laryea B.

Education: Bachelor of Business Administration (BBA)

Marketing

CENTRAL UNIVERSITY COLLEGE



Master's degree

Marketing/Marketing Management, General

University of Ghana

Experience: • Schedule kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.

• Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide.

• Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A Rev 4 Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination and testing.

• Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.

• Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool.

2019 : Present

pacific Cyber Solutions

Information Security Control Assessor

• Implemented the Risk Management Framework (RMF) in accordance with NIST SP 800-37.

• Reviewed security categorization of systems using FIPS 199 & NIST SP 800-60 Updated technical, operational and management control families and controls with guidance from NIST 800-53 Rev 4 and FIPS 200.

• Reviewed and updated the System Security Plan implementation statements of the respective applicable control to assigned systems as need arises using NIST 800-18.

• Independently put together a variety of Security Authorization deliverables including; System Security Plans, Security Assessments Reports, Risk Assessment Plans and POA&M.

• Created and updated Authorization to Operate (ATO) packages Drafted, finalized, and submitted Privacy Threshold Assessments (PTAs), Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs) for annual review and recertification.

• Continuously monitored security controls effectiveness using NIST SP 800-137 as a guide.

2018 : 2019

Trinitech Consulting Inc

Security control Assessor

• Maintained, tracked, and reported on third party risks to the appropriate stakeholders.

• Conducted periodic audits/assessment for potential and existing suppliers through questionnaires, site visits, and review of other documentation including assessment reports (ex.Soc 2) to identify control gaps and risks.

• Acted as remediation analyst to work with vendors in remediating findings discovered during the onsite/virtual assessment.

• Performed Vendor risk assessments to identify emerging key risks and reassess current risks.

• Assessed completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls.

• Communicated vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.

• Validated evidence from vendors before remediation plans are closed.

• Planned and executed onsite security/risk assessments for third party vendors.

• Ensured all risk controls were documented in a Vendor Risk Scorecard in accordance with Third Party Risk Management (TPRM) Policy and the Risk Assessment Matrix

2015 : 2018

AZ Cyber Security Solutions

Security Control Assessor

• Communicated team plans, reported impediments for escalation and identified risks/concerns to relevant stakeholders to help resolve.

• Owned the scrum lifecycle which included managing progress blockers, removing impediments, communicating progress to plans and coaching teams to correctly apply agile development principles.

• Coached PO/team on backlog refinement and prioritization Supported the Product Owner through applying effective techniques for managing their product backlog, maintaining focus on delivering features while maintaining high quality.

• Collaborated with the Product Owner and team members to develop user stories and maintain a healthy product backlog.

• Organized and facilitated scrum ceremonies like daily stand-up meetings, sprint reviews, sprint retrospectives, sprint planning, and other meetings.

• Tracked and communicated team velocity and sprint/release progress within the agreed reporting framework.

2007 : 2014

UT BANK GHANA

Risk Compliance Manager

SUPERVISE PROJECTS AND LOCATE ADVERTISING SPOTS

2007 : 2008

Forewin Ghana Limited

PROJECT MANAGER

Company: pacific Cyber Solutions

Years of Experience: 16

Spoken Language: English