| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
(Cybersecurity Risk Analyst)Street Address East Street Road, Warminster, Pennsylvania Phone: PHONE NUMBER AVAILABLE EMAIL AVAILABLESummary:Risk and cybersecurity analyst with over 2 years of working experience. Effective at conducting cybersecurity risk assessments and implementation of controls to secure enterprise systems.Certifications / Education:National Commercial College Accra-GhanaAssoc- Business AdministrationJune 2008 May 2010CompTIA Security Plus Training (Boot Camp) New JerseyRisk Management/CybersecurityOct 2014 Sept 2015Password and Authentication New JerseyRisk Management/CybersecurityJune 2017 September 2017Core Skills:Risk Identification Security Plan Authorization Packages Risk Acceptance POAM System Monitoring Risk and Vulnerability Assessment Incident Response Risk Mitigations Third Party Risk Management (TPRM) ComplianceTechnical Skills:Applications:Microsoft 360 Office Suite Jira SharePoint Symantec OneTrust FISMonitoring Tools:Nmap Splunk Active Directory Network Monitoring SIEM Wireshark TCP, UDP Packet Analysis Log Management Firewall Configuration Endpoint and Server ProtectionCyber Security Concepts:Data Security and Protection Privacy and Compliance frameworks PCI-DSS HITRUST HIPAA Application Security Network Security Encryption ControlsProfessional Experience:Information Security Risk Analyst December 2020 -December 2022PwC New York, NY (Contractor)Assisted with the facilitation, monitored, and documenting of ISO, PCI-DSS, NIST, COBIT, COSO, and SOC 2 compliance programs in conjunction with 3rd party auditors.Identified weaknesses of existing control systems and made suggestions for remediation.Conducted ongoing internal audits and assessed risk in terms of security controls.Coordinated with external auditors to ensure information systems risks are sufficiently identified and evaluated.Reviewed the data protection addendum on the contract with the vendor and worked closely with the privacy team.Engaged with various business units including legal teams to ensure the significant security context is embedded in third-party vendors contracts.Reviewed the encryption key requirements and annotation on the contracts with vendors.Conducted regular reviews to adhere to documented contract terms.Tracked and monitored the status of each due diligence and communicated the status with management and key stakeholders on a regular basis.Reviewed ISO 27001, SOX, and PCI-DSS standards to identify potential gaps.Performed periodic audits to ensure all ISO and SOC policies and procedures are in adherence.Assisted in the execution of the annual internal audit plan as directed.Prepared reports to communicate audit results to management and make recommendations as appropriate.Third-Party Risk Assessor January 2018-December 2020IDT Newark, NJ (Contractor)Conducted detailed vendor risk assessments using ONE TRUST tool.Worked with key partners to identify and evaluate risks before establishing or continuing operations with third-party vendors.Monitored daily risk exposure and reported any pertinent information to management.Assisted with the annual review of the tiered monitoring program.Worked with the legal team in developing and reviewing vendor security contract templates.One Trust tool was used for operational, compliance and financial risk before due diligence took place.Enhanced a global Control Testing Program including planning activities, reviewing control gaps, preparing testing scripts and executing tests reporting.Reviewed services provided by vendor and defined scope of assessment with supporting mitigations measures by utilizing the RSA, Archer tool.Assisted with TPRM intake process and notified vendors of late assessments.GRC Analyst November 2015 December 2017Renal Medical Association, LLC (Contractor)Monitored and maintained SAP applications, policies, standards, guidelines, and procedures that are in alignment with the company.Tracked and monitored each due diligence review and communicated the status with management on daily basis.Assisted with the facilitation, monitored, and documented HITRUST and HIPAA compliance programs.Reviewed and assessed the results of HITRUST and HIPAA compliance assessment, documented and monitored.Assisted in developing, maintaining, and updating all information security programs.Provided findings, issued recommendations, and reassessed.Junior Data Analyst October 2013 November 2015Gobliss LLC, Plainfield, NJAnalyzed given set of data to achieve administrative needs and goals.Gather and collect inventory on information system assets and enter them into asset inventory database.Identify risks on information system assets and document them into firms risk register.Performed daily monitoring of applications in QC and Production.Assisted with research and marketing projects.Drafted written reports and other correspondence.Provided application for incidents reports through the help desk.Performed VLOOKUPs, queries and analyzed a given set of data in Excel. |
