Christina D Adu-Gyamfi
Reynoldsburg, OH 43068
************@*****.***
OBJECTIVE
Seeking an Information Security Analyst/Cyber Security Analyst position in a growing organization with the focus on Commercial Framework [ISO, COSO, COBIT] Sarbanes-Oxley 404, HIPAA, HITRUST, PCI DSS, System Information Monitoring, FISMA, Risk Assessment and utilizes both academic credentials and hand on experience to strengthen the company in increase company productivity.
CERTIFICATIONS
SECURITY+
CCSK (Certificate of Cloud Security Knowledge)
Actively prepping for Certified Information System Security Professional [CISSP]
SOFTWARE AND PLATEFORM
Nessus, Qualyx, Windows, Microsoft Word, PowerPoint, Excel, Access, SharePoint, Pivot table,
SIEM, SPLUNK
PROFFESSIONAL TRAINING
Certification and Accreditation Document Review Training [July 2011]
Webcast: Information Security and Privacy- FISMA “Next Generation” [October 2011]
Information Assurance Security Training [October 12]
HIPAA Compliance Training [December 2012]
Information Awareness Training [September 2012]
EDUCATION
HND- BUSINESS STUDIES [2005-2006]
Kumasi Polytechnic. Kumasi, Ghana
BFA- Bachelor Of Fine Arts [2006-2010]
University Of Ghana, Ghana
LEADERSHIP SKILLS
Ability to effectively multi-task and work in a fast pace environment while providing high quality results.
Excellent organizational and time management skills.
Ability to adopt easily to a constant changing environment.
Dedicated self-directed team player
System support and upgrading, troubleshooting and effective training experience.
Strong interpersonal skills and self-motivated.
Strong oral and written communication skills
Critical thinking and strategic planning abilities.
PROFFESIONAL EXPERIENCE
Blick Clinic, Akron, OH Information Security Analyst
(02/11/2013-04/20/2018)
Collects evidence from various point of contact to update COSO, COBIT, or PCI DSS finding reports to test for effectiveness and adequacy of controls by analyzing test plan against evidence collected via examination, testing and interview.
Conduct IT system testing based on the appropriate analysis and review technique provided by NIST
Develop and updates information system documentation. [e.g, System Security Plan, Contingency Plan, Contingency Plan Test, Business Impact Analysis, FIPS 199, Privacy Impact Assessment, Privacy Threshold Analysis, e Authentication, System of Records Notice]
Substantially increase security and performance of systems by implementing new anti-virus software and critical system updates
Knowledgeable in NIST SP 800 series including SP 800-60, SP 800-53, SP 800-53A, SP 800-18, SP 800-34, SP 800-62, SP800-37
Access adequacy and efficiency of security controls by updating Security controls Assessment, ST&E and SAR.
I conducted gap analysis on missing systems and in capabilities between existing systems
General knowledge and understanding of networks principles and internet protocols including TCP/IP, LANs, WANs, HTTPS.
Plan, develop, implement and maintain an Incident Response and audit programs for events of interest and address Plan of Action and Milestone [POA&M] in continuous monitoring with various point of contact.
Did frequent compliancy checks, updated it and submitted the audited results to management.
Determined the scope for system audit. Usually started with a kick off meeting with key officials and the audit committee
Implemented Sarbanes-Oxley Act (SOX 404) requirements including COSO, COBIT, HIPAA and ISO 27001 and 27002 where applicable
Created a test plan to determine controls to be tested as well as methods of testing.
Effectively participated in testing of IT General Controls per SOX and HIPAA requirements.
Conducted audit within specific timeframe utilizing subject matter expects and other system owners
Performed security reviews and periodic audits to identify security gaps, violations and inefficiencies in the security architecture to make recommendations for conclusion in the risk mitigation strategy.
Conducted IT controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard [PCI DSS]
Basic data administration.
Knowledge in cloud technologies
I managed an incident properly with the computer incident response team by following our incident response plan in place.
I was responsible for tracking remediation process to ensure imminent threats were neutralized fast.
I used Nessus V7 to scan the entire network, existing systems and incoming systems before it went online.
Divine Word, Bronx, NY IT Desktop Tier (01/10/2011-01/18/2013)
Jumpstarted customer service delivery with new customer support application.
Maintained and updated tickets.
Managed all aspects of composition of IT analyst documentation.
Routine filling of paperwork
Screened and returned all in-coming calls
Ensured superior customer service
Assisted clients with connectivity, printing, customization, user profile and application issues.
Analyzing/Troubleshooting Microsoft server configurations and processes
Monitoring network traffic, analyzing network problems and performance
.
REFERENCES
Reference will be furnished upon request