| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidate EVELYN A. ABROKWAH
PHONE NUMBER AVAILABLEEMAIL AVAILABLE
SUMMARY
An accomplished Information Security Professional with over 8 years of proven experience in information security management with a strong record of implementing security measures that comply with industry standards and regulations, conducting IT Risk, managing compliance frameworks, and developing and updating security policies. With excellent communication skills, I can work with stakeholders at all organizational levels to implement security measures that align with business objectives. SKILLS
FISMA Act 2002 Risk Management Framework (RMF) NIST SP 800 Series FedRAMP Security Control Testing & Validation. IT General Controls (ITGC) Auditing. Cloud Security PCI DSS HIPAA Business Continuity and Disaster Recovery Planning. Authorizations n and Assessment POA&M Management SOC 2 Threat and Vulnerability Management Policy Development and Updating EXPERIENCE
Daakyi Consulting
Information Security Analyst 05/2021 to 06/2023
Created systems and applications security test plans and performed hands-on security testing leveraging adversarial tactics, analyzing test results, and suggesting mitigation plans for security vulnerabilities. Supported coordination efforts with internal IT control owners and external auditors on audit requests, walkthroughs, testing, and evaluation of deficiencies.
Participated in and supported planning and execution aspects of various operational technology and cybersecurity audit projects.
Developed risk and controls matrix leveraging leading industry frameworks and open-source technical guidance materials.
Supported the planning and execution of select internal initiatives and advisory projects.
Build subject matter expertise in industry areas and stay up to date on emerging regulatory and industry developments impacting major business process, risk, and controls areas
Performed vulnerability/risk assessment analysis to support certification and accreditation.lutheran hillside village
Information Security Analyst 04/2020 to 05/2021 Perform compliance testing, controls assessment, including the completion of workpapers, summarization of test results and conclusion with root cause analysis for identified issues, and when necessary, detail the remediation testing efforts across all domains for IT General Controls, (PCI DSS) Payment Card Industry, Data Privacy, HIPAA, and other compliance requirements, as appropriate Identify, collect, analyze, and report on compliance and control data to drive compliance initiatives and priorities. Serve as advisor and technology key controls subject matter expert; partner with control owners to evaluate the design and effectiveness of the control environment. Validate information security key controls to identify control risks, analyze root causes and trends in potential control weaknesses; suggest controls to meet compliance standards where applicable. Assist in preparation of accurate and timely communications of observations, recommendations, and conclusions as well as evaluating management remediation action plans. Assist in developing automated compliance tools and processes. Gathers data, conducts analyses, and prepares related compliance reporting. As an integral member of the team, exhibiting ownership, follow through, initiative, awareness, effective communication with peers and management, and the ability to speak to details of compliance. Work with the businesses and product groups to identify issues and risks, and document and evaluate them appropriately within the GRC system. Work with product teams to identify technical security risks in solution architecture and design. Manage the identification of risk owners, the identification of risk remediation owners, follow up and track the remediation work and keep the status of the work updated in the GRC systems. Responsible for creating and publishing relevant reports to show the risk posture of the businesses and product groups. Act as an ambassador at Pure Storage to help drive a culture of security and risk awareness. Continually seek opportunities to improve the risk management process through regular review, measurement, and action. Develop the roadmap for risk management from Minimum Viable Product (MVP) through to future releasesHome depot inc Information Security Analyst 02/2015 to 03/2020
Conducted RMF first step kick-off meeting, initial risk assessment, and categorization of information security systems into Low, Moderate, and High systems centered on Confidentiality, Integrity, and Availability (CIA) of the information type referencing FIPS-199 and NIST 800-60. Reviewed scan results and document findings in POA&M. Performed information security risk assessments and assisted with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues. Reviewed information systems security environments to include all aspects of physical, technical, and administrative security measures. Monitored and evaluated a system s compliance with Information Technology security requirements in accordance with NIST 800 series. Provided analysis of system requirements relating to security/ Vulnerability reviews, risk, and contingency planning. Developed plans of actions and milestones (POA&M's) and/ or risk assessments for identified vulnerabilities and worked with multiple teams to track the execution of POA&M items to completion. Supported C&A activities, including conducting ongoing Continuous Monitoring on compliance with required IA controls.
|
