Josphine Asare

Phone: 240-***-****, Email: ad4q2u@r.postjobfree.com

Gaithersburg, MD

SUMMARY

A cyber security compliance Professional with over 6 years’ experience in third party risk management, governance, risk and compliance, security assessment and authorization. Information system security risk assessment, testing information technology controls; Experience in Control Self-Assessment and implementation of controls based on its objectives, review procedures and guidelines based on ISO 27001, SOC 2, 2013 SOX; knowledgeable in security compliance frameworks in HIPPA, PCI DSS, NIST800.53 and NIST-SP. Excellent written and oral communication skills. Planning and organizational skills and problem solving.

SKILLS

Security Assessment & Authorization

Third Party Risk Management

GRC

Policy and Process Development

Security Planning

Incident Response

Risk Assessments

Vulnerability Management

FISMA Act 2002

NIST SP 800-Series

Tenable Nessus Scanning

ISO 2700X

ServiceNow Security

Risk Management Framework

Cloud Security

Business Continuity and Disaster Recovery planning

IT general Controls (ITGC) Auditing

Splunk

Core Skills:

Auditing, Security Assessment, Risk Management, Security Related Awareness and Training and ensuring safe environments through best practices following NIST Risk Management Framework Experience in performing risk assessment on both commercial and Federal Government information systems.

Skilled in Information Security/Assurance Analysis, Compliance and Governance

Experience in assessing security controls in AWS cloud environment.

Improve the efficiency of information security processes and advance the effectiveness of the information security controls of the AWS cloud operating model.

Participates in Incident Response activities in coordination with other teams as necessary, Reviewing and editing event correlation rules, performing triage on these alerts by determining their criticality and scope of impact, evaluating attribution and adversary details.

Develop and conduct Security Control Assessments (formally ST&E) per NIST SP 800-53A and NIST SP 800-53R4.

Over 5 years of experience in system security monitoring, auditing and evaluation, A&A and Risk Assessment of GSS (General Support Systems) and MA (Major Applications)

Performed Certification and Accreditation documentation in compliance with company standards.

EXPERIENCE

AGO Worldwide Consulting Severn, MD

Information Security Analyst/ Third-Party Risk Management September 2018 to Present

Conduct formal end to end Vendor Security Risk Assessments (review of questionnaires, third-party security audit reports and artifacts).

Review new/existing third-party services and data in scope of the assessment and analyze engagement risk rating.

Work together with the TPRM team and stakeholders to review the assessment and escalate any issues.

Maintain an inventory of approved vendors and reassess them based on their risk rating.

Keep assigned review inventory in the system of record up to date.

Execute assessment kick-off, planning, and scoping activities for third-party risk assessments.

Consult with operating units and partners to get additional information and to properly vet any issues prior to finalizing the report.

Follow up with internal security team on internal controls to ensure the right controls are in place to support company engagement with vendors.

Serve as a subject matter expert and process ambassador as it relates to TPRM related processes, procedures, and workflows.

Continually discover new ways to innovate the vendor risk assessment process to improve business processes.

Perform vendor risk assessment on potential and existing vendors.

Experience in reviewing security assurance reports like- SOC 2 and Pen-Test report.

Sound knowledge in risk management based on organization risk appetite principle.

Communicate with SMES to help them make intelligent risk decisions in vendor selection.

Great experience in drafting compliances, policies and procedures security policies aligned with the business core principles {Confidentiality, Integrity & Availability].

Regularly update, review, and validate the risk register on MSSP.

Recommend the use of frameworks and regulatory standards based on the industry and what the organization is adhering to.

Conduct continuous monitoring throughout the lifecycle of critical vendors to identify and remediate security issues.

Perform periodic review to ensure vendor controls are properly implemented and in line with the AICPA trusted service principle of security, availability, integrity, confidentiality, and privacy.

Identify and recommend changes to improve efficiency and the effectiveness of key technical controls and processes.

GeekView Tek Solutions, Frederick, MD Dec 2017- September 2018

Information Systems Security Officer (ISSO)

Conducted IT controls risk assessments that included reviewing organizational policies, standards, procedures and guidelines.

Developed audit plan and performed the General Computer Controls testing, identified gaps, developed remediation plans, and presented final results to the IT Management team.

Conduct IT general controls risk assessments as well as risk auditing with frameworks like HIPAA, PCI, and ISO 27001.

Developed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and polices safeguards in order to maintain HIPAA compliance base on NIST SP 800-66 Rev1 and security controls (NIST SP 800-53).

Developed a security baseline controls and test plan that was used to assess implemented security controls.

Conducted a security control assessment to assess the adequacy of management, operational, and technical security controls implemented.

Assisted in the development of an Information Security Continuous Monitoring Strategy (Ensure continued effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions.

Developed a system security plan (SSP) to provide an overview of federal information system security requirements (FISMA) and describe the controls in place.

Conducted meetings with the IT client team to gather evidence, developed test plans, testing procedures and documented test results and exceptions.

Conducted walkthroughs, formulated test plans, documented gaps, test results, and exceptions; and developed remediation plans for each area of testing.

Performed IT operating effectiveness tests in the areas of security, operations, change management, and email authentication.

EDUCATION

Ghana Institute of Management & Public Administration (GIMPA) – 05/2019

Master of science in Project Management

Ghana Institute of Management & Public Administration (GIMPA) – 05/2015

Bachelor Of Science in Marketing

CERTIFACATIONS

Certified Information Systems Auditor (CISA)

CompTIA Sec+

REFERENCES

REFERENCE Available upon request.

Contact this candidate