FODAY FOFANAH
ad03ah@r.postjobfree.com 571-***-**** Alexandria, VA 22301
Summary
IT Risk Analyst professional with 4 years of experience in performing IT Audit, Vendor/Third Party Risk Assessment and Security Control Assessment with in-depth knowledge of HITRUST, SIG, SSAE 18 (SOC 1, SOC 2), NIST 800-53, NIST 800-37, NIST 800 -137, PCI-DSS to achieve Confidentiality, Integrity and Availability of Information Systems. In depth knowledge of Access Control, Audit and Accountability, Compliance Testing, Risk Assessment, Change Management, Security Maintenance, Policies, Procedures, and Incident Response.
Skills
Policy review
SOC2 & SOC 1 Review
Control Testing
security questionnaire
Business continuity
Onetrust
process unity
RSA Archer
Risk Assessment
report writing
Experience
Bank of America Alexandria, VA
Information Security Analyst
11/2021 - 07/2023
Reviewed and validated all controls at the vendor site to ensure data confidentiality.
Ensured third party relationship adhere to company's policies, procedures and compliant with regulatory guidelines and industry best practices.
Administer questionnaires to all vendors to determine the control effectiveness.
Performed continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites.
Facilitated remediation for any third-party related operational issues as needed.
Conduct Business continuity Assessment
Conduct Internal control testing
· Provided ongoing monitoring for third party risk due diligence.
Validate it control implementations, performs risk-based audit, and performs walkthrough on controls.
Barclays Bank New York, NY
Security Risk Analyst
03/2019 - 09/2021
Review all essential security policies and procedures documentation.
Provides detailed reports of assessments to business owners and the vendor management office.
Work as a remediation analyst to ensure all gaps discovered during the assessment are remediated or mitigated timely.
Plan and conducts security risk assessments for all third-party vendors/suppliers.
Experience with e-GRC tools such as RSA Archer to ensure secured and prompt communication of findings and deployments of questionnaire to the vendor and to track vendor progress on remediation.
Conduct in-depth risk-based security assessments of housed, cloud, vendor and third party hosted environment. assessment focus included risk management, physical security, identity & access management, encryption, data loss prevention, secure development, incident management, security infrastructure, and security policy.
Work with as vendor oversight to ensure adequate tier-in of our vendors based on the level of data they have access to.
Escalate issues of 3rd party vendor's non-compliance to the vendor risk management office (VMO)
Perform continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites.
Education and Training
University of Maryland - Baltimore County Baltimore, MD
Associate of Science in Computing
02/2022
Certifications
CompTIA Security+ - Ongoing
Scrum Master