ANASS HARUNA

Fort Evans Road ■ Leesburg, VA ***05 ■ 571-***-**** ■ ad2svk@r.postjobfree.com

SUMMARY

Information Security Audit professional seeking a role in Information System Audit/IT Compliance. Well-versed in regulatory frameworks such as PCI-DSS, FedRAMP, NIST 800-53r4/5, HIPAA, CCPA, GDPR, NIST, ISO 27001, SOC 2/SOC 3. Experienced in all aspects of audits, including planning, evaluation, control testing, reporting, and follow-up. Skilled in system implementation assessment, internal control review, and regulatory compliance programs.

CORE SKILLS

Life Cycle and Vulnerability Management, using FISMA and applicable NIST standards.

Effective interpersonal and verbal/written communication skills.

Security Governance, Risk Assessment and Management, Compliance Management, Incident Response, Security Policies and Procedures, Security Awareness Training.

EDUCATION & CERTIFICATION

University of Cape Coast, Cape Coast, Ghana

Bachelor of Science (Sociology & Political Science)

Strayer University, Ashburn, Virginia

Master of Business Administration

TECHNICAL SKILLS

Security Technologies: Nessus Tenable, Anti-Virus Tools, Web Inspect, Remedy, Splunk, Service Now, MS Office (Word, Excel, PowerPoint, Access, Outlook), RSA Archer

PROFESSIONAL EXPERIENCE

Fundrise, Washington DC, DC Dec 2021 – Present

Sr. IT Risk & Compliance Assessor

Evaluate compliance/gaps/remediation assessments against the Payment Card Industry Data Security Standard (PCI DSS).

Assist with security policy reviews, configuration standards, and 3rd-party audits.

Manage and support audit compliance and certification efforts.

Create remediation strategies for weaknesses based on priorities.

Facilitate and track remediation and corrective action plans as discovered during assessments and audits.

Draft comprehensive summaries or reports documenting issues, risks, and controls.

Assist with the annual Payment Card Industry (PCI) commercial solutions assessments and other compliance-driven requirements (e.g., privacy impact analysis).

Review Information Security requirements, questionnaires, and assessments and prepare responses.

Facilitate and perform key control activities that ensure compliance with annual requirements.

Perform internal risk assessments in cooperation with IT staff and business units.

The New York Public Library, NY Sept 2019 – Nov 2021

Security Specialist, Governance, Risk & Compliance

Handled all preparations & planning for upcoming Audits.

Performed quarterly Access Control reviews (ex., removed any terminated employees).

Addressed security flaws and provided effective solutions to enhance information security measures.

Reviewed and analyzed, scanned findings, and coordinated remediation efforts promptly.

Established security protocols and conducted regular risk assessments with recommendations for improvement.

Collaborated with cross-functional teams to assess and address security risks associated with library operations, systems, and data.

Helped develop security training for library staff, promoting a culture of security awareness.

DISH Network, Denver, CO November 2017 – August 2019

Information Technology Specialist Consultant

Assisted in the cybersecurity risk assessment of 3rd party vendors and systems and internally developed systems.

Responsible for updating the information security policy throughout the Enterprise.

Supported with security awareness communication and training for users.

Performed internal risk assessments by reviewing technology, security controls, and other due diligence activities.

Ensured effective monitoring and tracking of information security policy exceptions, associated remediation plans, communication strategies, and other related activities.

Participated in internal and external audit and testing reviews and was responsible for reviewing and updating corporate security control requirements.

Contact this candidate