Sulaiman Fofanah

Silver Spring, Maryland

adtlds@r.postjobfree.com

620-***-****

Professional Profile:

A professional with 6+ years of experience on a wide range of engagements involving Third Party {Vendor} Risk Management, Compliance, Governance, Risk Management/Assessment, Security Assessment and Authorization. Additionally, competent in policies, business continuity/disaster recovery and ongoing monitoring. Experience in Information System, Security Risk Assessment, testing information security controls, procedure and guidelines based on SOC2, ISO 27001,SOX. Knowledgeable in Security Compliance in HIPAA, GDPR, NIST-SP 800-30,37.53,171, and PCI DSS. Steady commitment to teamwork and service. Independently prepares CIO monthly reports, creating, managing, and closing up issues. Drafting Executive Summary after completing risk assessment and initiates escalations to higher management. A detailed oriented individual with strong written communication and documentation skills.

EMPLOYMENT HISTORY

National Children’s Center.

Information Security Analyst- Third Party {Vendor} Risk Analyst - November, 2019 to date

Facilitate and lead third party risk assessment process from start to end on potential and existing vendors.

Review vendor controls to ensure they are properly implemented and in line with the trust service criteria.

Coordinate with vendors to discuss appropriate remediation plans for all identified gaps.

Monitor and track security-related flaws on internal and external vendors to create appropriate measures to correct those inadequacies.

Perform continuous vendor monitoring program for IT compliance on the system.

Review vendors SOC2 reports and submit the SIG QUESTIONNAIRE to vendors to respond to the questions within a given time frame.

Liase with vendors to discuss appropriate remediation actions and deadlines for all identified gaps.

Review security questionnaires responses from vendors, identifying gaps, call for evidence and issue recommendations to upper management whether to approved, approved with issues or reject the vendors.

Recommend the use of frameworks and industry regulations based on the type and nature of industry.

Implement an effective setuatinal security awareness for end-users to reduce phishing attacks or threats.

Analyze the principle of data type and data classification matrix to enable the tiering of vendors.

Perform periodic vendor risk assessment to make sure vendor controls are properly implemented to ensure the trusted service principles of security, confidentiality, integrity, availability, and privacy throughout the contract are maintained and risk reduced.

Coordinate with vendors to discuss remediation plans for identified exceptions.

Submit the inherent risk questionnaire and work with business owners to ensure accuracy.

Submit monthly reports to CIO regarding status of existing and new vendors.

Initiate a risk treatment plan after conducting a risk assessment process and recommend to managers on how to remediate those risks {Risk Acceptance, Mitigation, Risk transfer& avoidance.

Innovative Life Solutions

Compliance Specialist-: IT Governance, Risk and Compliance Analyst. September 2016-July 2019

Provide comprehensive compliance advice with regards PCI-DSS, ISO-27001, GDPR, HIPAA, HITRUST, SOC1 and SOC2 reports.

Review internal controls to ensure their effectiveness in IT environments they are implemented.

Participate in internal audit to manage various exceptions within the organization.

Develop compliance training program materials, including training of compliance personnel as needed to ensure compliance.

Review customers BAA and CCPA as per industry compliance guidelines.

Facilitate and lead remediation process for IT Audit and controlled findings related to risk.

Lead awareness and training for new employees on Vendor Risk Assessment

Established industry continuous monitoring for the purpose of effectively tracking and managing security and privacy control policies.

Asses information security policies and procedures in other business units to avoid security vulnerabilities and to determine they are working as intended.

Create and design documentations with regards security policies and procedures to protect the organization core principles,

Coordinate with third-party auditors to finalize audit findings that were communicated to management and audit committee in order to create appropriate steps to remediate those identified findings or gaps.

Recommend strategic risk-reduction metrix to senior management by identifying critical security issues.

Regularly generate evidence by using various GRC tools for compliance purposes.

Prepare a monthly report in the unit for the purpose of Monthly performance review in management meetings.

Guaranty Trust Bank Sierra Leone Ltd.

Systems and Compliance Analyst. November, 2008- April, 2015

Facilitate and lead control testing to ensure they constantly working as intended in the organization.

Lead awareness and training for new hires and retaining employees to ensure compliance functions.

Audit the E-Business unit to make sure the bank is in compliance with PCI-DSS regulations.

Liaise with the IT unit for the access control process to be enforced by all employees bank wide.

Enforces Anti-Money laundering {AML} regulations by the central bank for all financial institutions.

Audit access permissions and privileges to front-end users for compliance to be met.

Randomly conduct spot check bank chasires to prevent cash pilferage or shortage.

Prepare monthly reports for management and the central bank.

Conduct random physical security and systems security control testing within the bank.

Quarterly conduct physical cash counting in the vault to ensure physical cash is in line with the system.

Monitoring user access systems in order to be in compliance with the least privilege permission rule.

Participate in the internal audit program to resolved complex audit problems within the organization.

Identify and report fraud perpetrators in Monthly Performance Review meetings.

Conduct training sessions for bank employees with regards the core principles towards data security.

Randomly check account opening files to ensure all required documentations are provided before opening customers' accounts.

Investigate money laundry transactions made through swift remittance, money gram portal and GTMT money transfers.

SKILLS.

Windows Active Directory, Word, Excel, Access, Outlook and PowerPoint, SharePoint.

Framework: NIST, SOC2, ISO- 27001, CCPA, GDPR, HIPAA, HITRUST, PCI-DSS.

Experienced using GRC Tools: Clear, ADP, Jira, ProcessUnity, Bitsight, Asana, and Nessus

Excellent organizational, communication and presentation skills with the ability to multitask in a fast paced work environment.

EDUCATION/CERTIFICATIONS.

Bachelor of Science (Honors) in Business Administration.

IPAM Business School, University of Sierra Leone.

Certificate in Business and Finance.

IPAM Business School, University of Sierra Leone.

Diploma in Business Administration.

Milton Margai College of Business, Community College of Sierra Leone.

Certificate in Business Studies.

Milton Margai College of Business, Community College of Sierra Leone

Certificate in Software Application Packages.

African Information Technological Holdings, Sierra Leone.

CompTIA Security+

Cloud Practitioner

CISA

Contact this candidate