Post Job Free
Sign in

Information Security Analyst

Location:
Los Angeles, CA
Posted:
April 30, 2024

Contact this candidate

Resume:

NANA A. BAFFOUR

Los Angeles, Ca 310-***-**** ad5dcu@r.postjobfree.com

An Information Security Analyst, with over nine years of experience in developing and maintaining cybersecurity programs for a successful business operation. Working with various frameworks and vendors across the field has given me a broader skill set for discovering risks and conducting a comprehensive analysis for accurate mitigating solutions that align with business objectives. My experience in the US Military has further given me the discipline and the time management skills needed to meet deadlines and expectations. My drive for excellence fuels my commitment to continuous learning for a high-performing approach to security that meets business expectations.

CYBER SECURITY FRAMEWORKS/TOOLS/STANDARDS

ISO 27001, Risk Management Framework RMF, HIPAA, Vulnerability Scan, Active Directory, PCI DSS, SIEM Tool, IDS, IPS, EDR tools, Data Leakage Prevention, NIST CSF, CIS CONTROLS, Incident Response Cloud Access Security Broker CASB, Network Infrastructure, GRC, Archer, Policy and Procedure Management, Data Analytics, Scripting, Threat Intelligence, NIST SP 800-53, NIST SP 800-30, NIST SP 800-37, NIST SP 800-61

QUALITIES

Works well under pressure, Attention to Detail, Result-oriented, Initiative Attitude, Creative, Fast Learner, Quick Adaptive skills, Critical Thinker, Strong Organizational and Time Management skills, Good Interpersonal Skills, and most importantly, very motivated, and a hard worker.

Information Security Analyst 03/ 2022 – Present

Advocates Inc. Remote.

Select and implement security controls that are necessary to reduce risk levels to an acceptable level that aligns with business objectives.

Operate the SIEM tool and perform Data Analytics to verify and declare incidents when necessary.

An active member in the incident response process, conducting forensics and threat intelligence to identify all compromised components of our system.

Perform security operations using Active Directory to monitor and manage user access and activities to ensure policies defined are implemented.

Develop a road map for maturing the cybersecurity program by constantly putting in measures to maintain risks and meet business needs at all times.

Review and update internal policies and procedures to ensure continual improvements of the security posture and comply with changes in regulations.

Perform internal audits and produce gaps within the security posture so that comprehensive solutions can be developed to mitigate such risks.

Conduct a vendor risk assessment to help the business unit in their decision to work with vendors.

Conduct vulnerability scans, analyze results, and develop and implement a vulnerability management plan.

Conduct a risk assessment to determine potential risks to the company.

MASSACHUSETTS ARMY NATIONAL GUARD Jan 2019 – March 2022

Compliance Lead (Recruiting and Retention Battalion) HQ, Hanscom, Ma,

Responsible for training team to raise awareness of unit’s security policies and Army regulations.

Ensure that the enlistee is well informed about their rights to privacy and civil protection under the collection of their sensitive information and assist in filing a complaint to the APCLO if they in any way believe their rights have been violated.

Review compliance programs periodically to ensure they are compliant with new changes within the organization and standards as well.

Ensures the protection of data collected, used, and transmitted by mostly encryption and secured storage.

Categorize information collected in accordance with NIST SP 800-60.

Information Security Officer Aug 2014–2018

Skytech Consulting Boston, Massachusetts.

Perform vendor risk assessment, and coordinate with business unit in their decision to work with vendors.

Conduct internal and external audits and report nonconformities for immediate mitigation.

Lead team in securing budget from stakeholders to mitigate risks that can potentially impact business operations greatly if left unattended.

Perform vulnerability scans and develop a vulnerability management plan necessary to mitigate such weaknesses.

Periodically monitor and analyze data logs from SIEM, Firewall, EDR, IDS, and IPS tools to detect any potential threats and then report for an incident response.

Develop and maintain an ISMS for organizations using ISO 27001 and regulations where needed.

Review the Service Level Agreement, SLA between the organization and third parties making sure it is reflected in our operation.

Conduct a risk assessment and develop its risk treatment plan as well as its implementation to mitigate such risks.

Develop and prepare a team for Incidence Response, IR and Business Continuity Plan, BCP

Perform periodic reviews and updates of security policy to comply with changes in our scope of operation, in the standard or management.

Develop and implement a corrective action plan after management review, audit reports, and risks to continuously improve the security posture within the organization.

ACTIVE CERTIFICATIONS

CompTIA Security+ Ce

Certified Information System Manager (CISM)

Certified Information System Assessor (CISA)

EDUCATION

Bsc. Physics KNUST, Ghana 2013



Contact this candidate