Eric Amankwa

**** ******* **, ********-****, ****1

ad2bhg@r.postjobfree.com

773-***-****

US Citizen

Interim Security Clearance.

Summary:

Experienced Cyber Security Specialist with broad knowledge in security technologies, control framework, regulatory authority, technical domains, and extensive practices specifically in FEDRAMP, FISMA, NIST 800 series, ISO 27000 series, CIS, ISO 27001, COBIT, COSO, ITIL, FFIEC, HIPAA, HITRUST, HITECH, PCI DSS, GDPR, CCPA, GLBA, CMMC, and SECURITY TOOLS SUCH AS, eMASS, SIEM TOOLS; SPLUNK, TECHNICAL WRITER, GRC TOOLS SUCH AS, ARCHER, and INTERNAL CONTROLS.

Education:

Bachelor of Science (BS)-Physics with Cyber Security, University of Cape Coast 2010

Master of Science (MS)-Photonics with Cyber Security, University of Eastern -Finland 2016

Certifications

CISSP

CISA

CDPSE

LSSBB

Professional Experience:

State Of North Carolina Gdac/Hiea Oct 2021 – Nov 2023

Governance Risk Compliance Analyst

Developed and drafted IT security standards, policies, and procedures to implement security practices.

Primarily responsible for performing Privacy Impact Assessments of systems and processes that create, store, send, and receive sensitive information, including but not limited to Protected Health Information (PHI).

Monitored the performance of the Compliance Program and revised activities as needed to improve its effectiveness continually.

Prepared reports on security breaches.

Worked closely with CISO, ISSO, and system owners to promptly implement and complete Privacy Impact Assessments, security, and risk assessment.

Promoted a culture of data privacy awareness throughout the organization by conducting awareness campaigns and providing guidance to employees.

Directed and oversaw compliance with federal and state government-mandated reporting programs.

Partnered with the Human Resources Department to develop an effective compliance training program, including appropriate introductory training for new employees and required annual training for all employees.

Served as the Compliance Manager, responsible for the ongoing management of protected health information privacy and security policies, procedures, and administrative and technical systems to maintain the confidentiality, integrity, and availability of all health information and related systems.’

Performed security assessment through examining, interviewing, and testing procedures by NIST SP 800-53A Revision 5 and NIST SP 800-53 Revision 5

Ensured cybersecurity policies are adhered to and that required controls are implemented.

Validated respective information system security plans to ensure NIST control requirements were met.

Drafted ATO packages such as SSP, SAR, POA&M, CAP, and RAR documentation.

Implemented and assisted in obtaining and maintaining compliance with HIPAA and HITRUST certifications.

Conducted third-party risk assessments and security reviews of third-party agreements.

Worked closely with technology, legal partners, and business units to ensure appropriate security and data protection requirements were incorporated into third-party engagements.

Prepared risk assessment reports to inform risk treatment decisions.

Tracked and monitored remediation and risk management activities.

Developed, implemented, matured, and championed risk management processes and concepts.

Maintained a current and comprehensive understanding of relevant industry standards to incorporate into the risk management strategy, framework, and program.

Supported integration and maturation of policy, compliance, and risk frameworks.

Assisted HR in hiring, evaluating, coaching, teaching, and counseling the right candidate for the cyber security team.

Ohio State University Medical Centre Nov 2020 – Sep 2021

Information Security Risk Management Analyst

Conducts assessments and monitoring to measure the effectiveness of the data privacy program and identify areas of improvement.

Maintain accurate records of data privacy activities and compliance efforts and prepare reports for management as needed.

Perform application updates to Security applications and devices.

Ensures compliance with applicable laws and regulatory requirements.

Serves as a liaison in corresponding and communicating Privacy requirements with project managers and system owners.

Track progress of Privacy Impact Assessments and drive assessments to completion.

Assess risk of proposed changes to infrastructure, code, and connectivity.

Installs new security software and patches.

Validate respective information system security plans to ensure NIST control requirements are met.

Identifies performance and security issues then works with network and systems administration staff to analyse those issues and develop remediation solutions.

Evaluate Infrastructure -as-a-Service (IaaS) and Platform-as-a-Service (PaaS) vendor provided cloud services and document controls that manage the risk of usage.

Gstek Incorporation Jan 2019 – Oct 2020

Security Control Assessor

Perform security control assessments, based on the Risk Management Framework (RMF) methodology, to ensure implemented security solutions meet control intent using NIST 800-53 Rev. 5.

Monitors compliance with security policies and procedures.

Independently review security artifacts provided by program offices and other organizations and assess both the technical and functional adequacy of the cyber security/information assurance controls.

Ensure all security control assessments are completed and results appropriately documented within the specified data repository.

Provides users and management with technical support on matters related to access control.

Manages overall audit and compliance program.

Veterans Affairs Medical Centre Jan 2016 – Dec 2018

IT Security Specialist

Helped guide System Owners and ISSOs through the Accreditation process, ensuring that management, operational and technical controls for securing either sensitive Security Systems or IT Systems are in place and are followed according to federal guidelines (NIST 800-53). This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.

Monitors computer networks for security violations.

Used eMASS for system registration, security categorization, control selection, control implementation, control assessment and authorization.

Determine security violations and inefficiencies by conducting periodic audits.

Conducts penetration testing to find vulnerabilities.

Performed comprehensive Security Controls Assessment (SCA) and write reviews of management, operational and technical security controls for audited applications and information systems.

Act as a technical information security reviewer of performance reports, system status, operating procedures manual and other documents produced.

Recommends security changes to executive team.

Contact this candidate