| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
EMAIL AVAILABLEPHONE NUMBER AVAILABLEObjectiveInformation Security Professional with over 9 years of experience in IT Risk management, vulnerability assessments/management, Third Party/Vendor Risk, Governance, National Institute of Standards & Technology (NIST), Federal Information Security Management Act (FISMA), SOX, ISO, PCI, SOC, Testing of Information Technology controls and developing Security policies, procedures and guidelines. Experience working with stakeholders including business units and assessors to ensure a secure risk posture through effective control implementation and gap analysis for on-time remediation.EducationUniversity of Maryland, University College - Masters of Science in Information Technology.University of Ghana - Bachelor of Arts in Political Science and Psychology.CertificationsCompTIA Security+Certified Information System Security Professional (CISSP)Summary of QualificationsRisk Management FrameworkThird Party Risk Management.Risk Management & Issues ManagementInformation AssuranceIT GovernanceSOX 404ISO 27001:2013Effective interpersonal and verbal/written communication skills.ExperienceMAXIMUS ATTAIN OCTOBER 2021-PRESENTSenior GRC AnalystCollaborate across the organization on documenting, monitoring and managing Information Security controlsReview and updated information security policies, procedures, standards, and other information security related documentation according to the framework adopted by the organization (ISO 27001:2013, CIS Top 20, NIST CSF or PCI)Drive communications between the business and other stakeholders to promote security practices and provide guidance in matters pertaining to data security.Facilitate external audits such as but not limited to PCI, SOX, SOC 2 type 2 and manage the evidence request and collection process from auditors to control ownersCommunicate and document all audit findings to appropriate owners and assist with risk remediation efforts till they are complete and closed outPerform Audit readiness for teams before major audit (ISO, PCI, SOC etc.) such as controls reviews and updates, proper control owners, updated process, documentation and diagrams.Familiar with GRC tools such as RSA Archer and ServiceNowVARIQ INCMAY 2018 - OCTOBER 2021Information Assurance SpecialistLead tasks supporting CISO Office for Variq Inc Information Assurance Program including overseeing quality of deliverables, plan, organize, and coordinate execution of project activities such as Security Assessment and Authorization (SA&A).Developed and present monthly Program Management Review (PMR) report depicting project performance health to executive team and directors.Provided subject matter expertise to agency stakeholders on cybersecurity initiatives and overall IT governance, risk and compliance.Developed dashboards and improved metrics that quantify agency IT security posture to be used in management decisions and strategy by agency CIO, CISO and Directors.Developed research documents to apprise system stakeholders about requirements, new technology, publications and legislation that affects the agencys IT information systems.Supported FISMA audit by coordinating activities and liaising between agency and OIG auditors.Lead ongoing remediation and risk determination activities to validate security controls and assess the security posture of systems.Developed IA policies and other related documentation necessary for compliance with federal regulations and NIST guidelines.Perform continuous monitoring to help identify and remediate risk gaps in IA program through activities such as Security Control Assessments, assisting with SSP updates and Security Impact Analysis of proposed system changes.Developed and track POA&Ms for all systems from OIG assessments, independent annual assessments and continuous monitoring activities.CONDUENT JUNE 2011 - MAY 2018Vendor Risk AnalystResponsible for the performance of information security and compliance assessments to systems, processes, technology to initiatives such as SOX audits, SOC 2 certification Audits and PCI AuditsIdentified improvement opportunities and control enhancements and developed meaningful reporting metrics to senior levels of management.Reviewed third-party vendors for information security, compliance, and data protection measuresPerformed risk and control assessments for all high-risk third-party service providers to evaluate effectiveness of control systems.Engaged with service providers to obtain due diligence reports and evidence of control operationEnsured the third-party adherence to contractual regulatory compliance to minimize the risk of fines and reputational harm.Collaborated across the organization on documenting, monitoring and managing Information Security controlsCoordinated review of existing risks, along with treatment plans, to ensure they were being managed in accordance with client policies and standardsReviewed and updated information security policies, procedures, standards, and other information security related documentation.REFERENCES AVAILABLE UPON REQUEST |
