| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
GRC ANALYST IT RISK ANALYST SECURITY ANALYSTEMAIL AVAILABLE Street Address https://LINKEDIN LINK AVAILABLEPROFESSIONAL SUMMARYDedicated and experienced Governance, Risk and Compliance analyst with a proven track record of implementing and overseeing comprehensive cybersecurity risk assessment and risk management programs. Skilled in developing, updating, and reviewing security documentation and policies in compliance with NIST-CSF, ISO 27001, SOC, HIPAA, PCI-DSS frameworks. Adept at conducting security assessments in accordance with these frameworks for different clients across several industries including Finance, healthcare, government, and logistics. Adept at generating detailed reports and providing recommendations on cybersecurity risks to senior executives and stakeholders. Strong analytical abilities combined with excellent communication and interpersonal skills.CORE COMPETENCIESCybersecurity Frameworks: HITRUST, SOC (SOC1, SOC2, SOC 3), NIST 800-53, NIST 800-37, NIST 800 -137, PCI-DSS, HIPAA, ISO 27001, CIS controls, NIST 800-53, FedRAMP, GDPR, CCPA.GRC Tools: OneTrust, RSA Archer, Vanta, ServiceNow, Auditboard, Security ScorecardComputing Technology: Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), SAPSecurity Tools: OKTA, Sailpoint, Nessus, Splunk, AWS Trusted Advisor, Microsoft Defender, Microsoft Sentinel, Microsoft Active Directory, Veracode.Project Management tools: Jira, Miro, MS Project, Confluence, Microsoft OfficeData Analysis: Advanced Excel, Data handling (SQL, Python), Data Visualization (Tableau, Power BI)Business Acumen: Business Analysis, Project planning, Project Management, Risk ManagementNon- technical skills: Critical thinking, Collaboration, Presentation, Course Planning, Time Management, Facilitation, Communication, Problem-Solving and Analytical ThinkingSecurity and Risk assessment related Skills:oVulnerability managementoPenetration testingoSecurity Information and Event ManagementoCompliance monitoring and reportingoGovernance framework developmentoSecurity policy and procedure developmentoGRC software implementationoIncident response and managementoSecurity awareness trainingoVendor risk managementoEnterprise Security Solutions AdministrationoFirewalls ConfigurationoSecurity Patch ManagementoRoot cause investigation and analysisoIncident Management & Disaster RecoveryoOWASP Top 10oSANSoData ProtectionoSoftware Development LifecycleoIntrusion Detection, Protection and FirewallCERTIFICATIONSSecurity+Certified Information Security Manager (CISM)Certified in Risk and Information Systems Control (CRISC)Certified Information Systems Auditor (CISA)AWS Certified Cloud PractitionerWORK HISTORYThird Party Security Risk AnalystDynamic Agile Consulting Dallas, TX December 2022 - PresentDeveloped and maintained comprehensive risk assessment methodologies to identify, assess, prioritize, and mitigate potential risks, vulnerabilities, and threats which led to reduction in critical cybersecurity risks by 50%.cEnsured compliance across clients SAAS applications, networks and databases ensuring adherence to secure coding principles, proper access control and data security which led to improvement in compliance scores by 70%.Conducted Third party vendor security risk assessments and audits across their security architecture to evaluate the effectiveness of existing controls and processes and provided recommendations related to onboarding and due diligence reports.Provided and implemented recommendations on improvement of processes and workflows related to the third-party vendor risk assessment program.Collaborated with cross-functional teams to design and implement risk mitigation plans, ensuring alignment with organizational goals and objectives.Identified and coordinated scalable security control enhancements, reducing risk, and improving performance efficiency across diverse technical environments.Developed employee-facing technical documentation, internal wiki pages, and periodic security-oriented communications to spread awareness about Information Security policies and standards.Conducted compliance assessments and gap analyses to identify areas of non-compliance and developed remediation plans to address issues.Led the implementation of GRC Software solutions, streamlining risk management, compliance tracking and reporting processes.Monitored regulatory changes and industry best practices, ensuring that the organization remained up-to-date and compliant with evolving requirements.Prepared third-party portfolio reporting of risk and performance for senior executives, providing valuable insights into high-level security posture and vulnerabilities.Completed security assessments, internal controls testing, and risk assessment for both clients and vendors.Cybersecurity Risk AnalystJet Tax Service Dallas, TX January 2020 November 2022Developed, updated, and reviewed System Security Plans (SSP), Plans of Action and Milestones (POA&M), Security Control Assessments (SCA), Contingency Plans (CP), Incident Response Plans (IRP), Risk Assessments (RA), policies, procedures, and security control baselines in accordance with NIST guidelines, and security practices.Created Security Assessment Plans to initiate Information Security Assessments, conducting client interviews to determine system security posture and assist in completing Security Assessment Plans using NIST SP 800-53A.Conducted security control assessments based on NIST-CSF framework ensuring compliance with established standards and regulations.Ensured timely and accurate escalation of issues and observations of non-compliance or risks outside of acceptable thresholds.Evaluated the Third-Party Risk Management (TPRM) program, identifying optimization opportunities and providing recommendations for process improvement.Conducted business analysis to ensure alignment of TPRM functions with overall organizational and enterprise risk frameworks.Served as a TPRM subject matter expert to the first line, providing risk management guidance and performing testing of controls for all phases of the TPRM lifecycle.Reviewed third-party risk assessments for conformance to program objectives and methodology, assisting in researching, reviewing, developing, and maintaining TPRM policies and standards.Planned and conducted security risk assessments for all third-party vendors/suppliers, designing and upgrading supplier questionnaires to cover new threat signatures.Administered questionnaires to vendors to determine control effectiveness and tracked vendor progress on remediation efforts.Reviewed and recommended enhancements to the organization's disaster recovery and business continuity plans, ensuring alignment with GRC principles and best practices.Collaborated with internal audit teams to facilitate cybersecurity audits, ensuring adherence to established controls and timely remediation of any identified gaps.Collaborated with IT teams to implement security controls and measures to mitigate identified risks.Cloud Security Risk AnalystAacres WA LLC Tacoma, WA July 2017 December 2019Developed and implemented risk assessment methodologies specific to AWS Cloud environments, ensuring alignment with industry best practices and regulatory requirements.Conducted comprehensive security assessments of cloud infrastructure, platforms, and services, identifying potential risks and vulnerabilities.Utilizedposture, collaborating with stakeholders to implement remediation measures.Communicated industry-standard frameworks such as CIS Controls, and AWS Well-Architected Framework to assess cloud security controls.Defined and tracked Key Performance Indicators (KPIs) to measure the effectiveness of cloud security risk management efforts, including metrics related to risk reduction, compliance status, and incident response.Provided actionable recommendations to mitigate identified risks and improve cloud security assessment findings and recommendations to senior management and technical teams, facilitating informed decision-making and prioritization of security initiatives.Conducted ongoing monitoring and reassessment of cloud security controls to ensure continued effectiveness and compliance with evolving threats and requirements.EDUCATIONBachelor of Science in Chemical ScienceAdekunle Ajasin University Akungba- Akoko, Ondo State, Nigeria |
