Nii Laryea B.
Education:
Bachelor of Business Administration (BBA)
Marketing
CENTRAL UNIVERSITY COLLEGE
Master's degree
Marketing/Marketing Management, General
University of Ghana
Experience:
• Schedule kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.
• Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide.
• Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A Rev 4 Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination and testing.
• Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.
• Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool.
2019 : Present
pacific Cyber Solutions
Information Security Control Assessor
• Implemented the Risk Management Framework (RMF) in accordance with NIST SP 800-37.
• Reviewed security categorization of systems using FIPS 199 & NIST SP 800-60 Updated technical, operational and management control families and controls with guidance from NIST 800-53 Rev 4 and FIPS 200.
• Reviewed and updated the System Security Plan implementation statements of the respective applicable control to assigned systems as need arises using NIST 800-18.
• Independently put together a variety of Security Authorization deliverables including; System Security Plans, Security Assessments Reports, Risk Assessment Plans and POA&M.
• Created and updated Authorization to Operate (ATO) packages Drafted, finalized, and submitted Privacy Threshold Assessments (PTAs), Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs) for annual review and recertification.
• Continuously monitored security controls effectiveness using NIST SP 800-137 as a guide.
2018 : 2019
Trinitech Consulting Inc
Security control Assessor
• Maintained, tracked, and reported on third party risks to the appropriate stakeholders.
• Conducted periodic audits/assessment for potential and existing suppliers through questionnaires, site visits, and review of other documentation including assessment reports (ex.Soc 2) to identify control gaps and risks.
• Acted as remediation analyst to work with vendors in remediating findings discovered during the onsite/virtual assessment.
• Performed Vendor risk assessments to identify emerging key risks and reassess current risks.
• Assessed completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls.
• Communicated vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
• Validated evidence from vendors before remediation plans are closed.
• Planned and executed onsite security/risk assessments for third party vendors.
• Ensured all risk controls were documented in a Vendor Risk Scorecard in accordance with Third Party Risk Management (TPRM) Policy and the Risk Assessment Matrix
2015 : 2018
AZ Cyber Security Solutions
Security Control Assessor
• Communicated team plans, reported impediments for escalation and identified risks/concerns to relevant stakeholders to help resolve.
• Owned the scrum lifecycle which included managing progress blockers, removing impediments, communicating progress to plans and coaching teams to correctly apply agile development principles.
• Coached PO/team on backlog refinement and prioritization Supported the Product Owner through applying effective techniques for managing their product backlog, maintaining focus on delivering features while maintaining high quality.
• Collaborated with the Product Owner and team members to develop user stories and maintain a healthy product backlog.
• Organized and facilitated scrum ceremonies like daily stand-up meetings, sprint reviews, sprint retrospectives, sprint planning, and other meetings.
• Tracked and communicated team velocity and sprint/release progress within the agreed reporting framework.
2007 : 2014
UT BANK GHANA
Risk Compliance Manager
SUPERVISE PROJECTS AND LOCATE ADVERTISING SPOTS
2007 : 2008
Forewin Ghana Limited
PROJECT MANAGER
Company: pacific Cyber Solutions
Years of Experience: 16
Spoken Language: English