FODAY FOFANAH

ad03ah@r.postjobfree.com 571-***-**** Alexandria, VA 22301

Summary

IT Risk Analyst professional with 4 years of experience in performing IT Audit, Vendor/Third Party Risk Assessment and Security Control Assessment with in-depth knowledge of HITRUST, SIG, SSAE 18 (SOC 1, SOC 2), NIST 800-53, NIST 800-37, NIST 800 -137, PCI-DSS to achieve Confidentiality, Integrity and Availability of Information Systems. In depth knowledge of Access Control, Audit and Accountability, Compliance Testing, Risk Assessment, Change Management, Security Maintenance, Policies, Procedures, and Incident Response.

Skills

Policy review

SOC2 & SOC 1 Review

Control Testing

security questionnaire

Business continuity

Onetrust

process unity

RSA Archer

Risk Assessment

report writing

Experience

Bank of America Alexandria, VA

Information Security Analyst

11/2021 - 07/2023

Reviewed and validated all controls at the vendor site to ensure data confidentiality.

Ensured third party relationship adhere to company's policies, procedures and compliant with regulatory guidelines and industry best practices.

Administer questionnaires to all vendors to determine the control effectiveness.

Performed continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites.

Facilitated remediation for any third-party related operational issues as needed.

Conduct Business continuity Assessment

Conduct Internal control testing

· Provided ongoing monitoring for third party risk due diligence.

Validate it control implementations, performs risk-based audit, and performs walkthrough on controls.

Barclays Bank New York, NY

Security Risk Analyst

03/2019 - 09/2021

Review all essential security policies and procedures documentation.

Provides detailed reports of assessments to business owners and the vendor management office.

Work as a remediation analyst to ensure all gaps discovered during the assessment are remediated or mitigated timely.

Plan and conducts security risk assessments for all third-party vendors/suppliers.

Experience with e-GRC tools such as RSA Archer to ensure secured and prompt communication of findings and deployments of questionnaire to the vendor and to track vendor progress on remediation.

Conduct in-depth risk-based security assessments of housed, cloud, vendor and third party hosted environment. assessment focus included risk management, physical security, identity & access management, encryption, data loss prevention, secure development, incident management, security infrastructure, and security policy.

Work with as vendor oversight to ensure adequate tier-in of our vendors based on the level of data they have access to.

Escalate issues of 3rd party vendor's non-compliance to the vendor risk management office (VMO)

Perform continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites.

Education and Training

University of Maryland - Baltimore County Baltimore, MD

Associate of Science in Computing

02/2022

Certifications

CompTIA Security+ - Ongoing

Scrum Master

Contact this candidate