NANICE SIKA ACHEAMPONG

Sicklerville, NJ 914-***-**** ad0g4n@r.postjobfree.com Analyst

Data driven and goal oriented Cybersecurity professional with 9 years experience in Privacy and Data Security Management & Operations, Vulnerability Scanning, Certification and Accreditation (A&A), Project Management, NIST 800 - 53 Rev1 and rev4 and NIST SP 800-37 rev 1, 800-18, 800-53A rev4 and 800-34,FIPS, FISMA Security Content Automation Protocol, NIST Family of Security Control, FedRAMP Security Assessment Framework, POA&M, Incident and Contingency Planning.Worked in different capacities as Information Systems Security Officer, Security Control Assessor and Third party Risk Analyst. Adaptable and transformational leader with ability to work individually or as a team player in achieving organizational goals.

CORE COMPETENCIES

Troubleshooting Self-motivated Data Security Critical Thinking Data Analyst Plans of Action and Milestone (POA&M) Organization and Time management Security Controls Assessments Strong Communication Skills Inventory Management Team Liaison Goal Oriented High level of Accuracy Learning & Development Strategy Leadership & Influencing Skills Training & Coaching Excellent analytical and problem-solving abilities Negation skills Dead line driven Communication & Presentation Skills

PROFESSIONAL EXPERIENCE

Information System Security Officer ISSO, Cyberrisk Beyond Solutions, AL ( June 2020 to Date)

Coordinating, executing, and supporting cybersecurity assessment & authorization (A&A) activities such as risk management, business continuity, threat detection and prevention, incident response and management, auditing, vulnerability management support, and authoring/coordinating of system security documentation.

Facilitate, perform, and manage actions necessary to maintain system and capability accreditation status in accordance with DFARS, NIST 800-53 and 800-171, including scanning, auditing, and authoring/coordinating security accreditation-related documentation.

Provide advice and assistance on cyber security for corporate development and system maintenance projects, monitoring system authorization status of segment components, authoring and coordinating related documentation.

Review and advise on security aspects of corporate policy, procedures, and development.

Present system maintenance and authorization status, and potential issues to corporate leadership when necessary.

Assist in the creation and maintenance of A&A packages, System Security Plans (SSPs), Risk Assessment Reports (RARs), Security Controls Traceability Matrices (SCTMs) and Plans of Action & Milestones (POA&Ms) for all corporate systems.

Assist the ISSM in establishing and administering appropriate security systems, policies, standards, and procedures in compliance with applicable government and corporate directives, guidelines, and any customer contractual obligations.

Conduct regular audits in accordance with corporate compliance policies and guidance.

Assist in providing Continuous Monitoring activities for security-relevant information system software, hardware, and firmware.

Assist in the investigations of information system security violations and assist in the preparation of reports with corrective actions and preventative measures.

Verify that all Information System authorization documentation is current and accessible to authorized individuals.

Security Controls Assessor, Baylor Scott and White Hospital, NJ ( July 2018 to May 2020)

Support NIST, Risk Assessment, HIPAA project initiatives by undertaking risk assessments, advising on implementation of security measures, recommending appropriate risk mitigations, interpreting security policy and standards in the context of projects and business scenarios to help the business operate securely.

Assess existing controls to determine level of compliance to HIPAA, NIST and FedRAMP. Inclusive of: their maturity, state of compliance, and the risk associated with any findings.

Execute security control assessment plan by following provided assessment procedures, collecting, and analyzing evidence, and documenting steps taken, and findings documented.

Update System Security Plan with actual control implementation determined during assessment.

Develop Security Assessment Reports for management staff providing residual risk statement, impact, and suggested corrective actions.

Use NIST SP 800-53, “Security and Privacy Controls for Information Systems and Organizations”, to assess information security controls for compliance.

Conduct independent comprehensive assessments of the management, operational, and technical security controls.

Assessment of control enhancements employed within, or inherited by information technology (IT) systems, to determine the overall effectiveness of the controls (as defined in NIST SP 800-37 ).

Perform and evaluate continuous monitoring of Information Technology (IT) assets

IT Security Analyst, New Horizon Security Services, NY (September 2018 to June 2022)

Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards in order to validate maintenance of secure configurations.

Map Digital Realty requirements and regulatory requirements across the information security framework to identify overlapping requirements and compliance efficiency.

Plan and / or perform security controls assessments for customer systems in accordance with NIST SP 800-53 and NIST SP 800-53A, using processes, guidance and methods to support the customers authority to operate process, or its annual assessment process. Activities include control assessment (Interview & Examination, physical security walkthroughs and / or technical vulnerability testing), interagency participation, and table-top scenarios.

Develop and maintain standard processes to assist Information System Security Officers (ISSO) and Information System Owners (ISO) with security control implementation for information system.

Assist with identification and remediation of related security Plan of Action & Milestones (PO&AMS). Identify existing and / or potential system security weaknesses as a result of the assessments, including personnel controls, training, incident and emergency response, logical security controls, physical security controls, operational security and integrity of software applications and data.

Track enterprise compliance across multiple security frameworks including SOC 2, NIST and ISO and maintain up-to-date records of requirements and corresponding mitigating controls.

Monitor third-party risk assessments and assist in performing internal risk assessments.

Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.

Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance group.

Performing vulnerability scanning using Nessus and documenting the vulnerability results in a risk register and managed them.

Assists in internal and external cyber security audits

Shares key examination findings to help organizations limit security risks and comply with laws relating to securing customer financial data.

Works in a consultative role to help organizations securely navigate an evolving information technology (IT) environment and stay compliant with applicable laws and regulations.

Third-Party Risk Analyst, New York Life Insurance, Brooklyn, NY (July 2020 to date)

Perform complex information security risk assessments of current and prospective third-party business and technology providers to assess their control structure and alignment to regulatory, federal/state guidelines and information security bank requirements and partner with internal stakeholders to assess the cyber risk the third party presents to the Company.

Partner with internal business units and third parties to inventory all services, status, performance, and cyber risk assessments.

Direction and program support for a small team of third-party cybersecurity analysts.

Complete a cyber risk assessment detailing third party’s service inherent risk(s), strengths of cyber risk scores, along with any cyber risk control gaps presenting elevated risk to the company.

Coordinate and drive cyber risk findings using formalized reviews, exception reporting, and cyber risk acceptance reporting with the support to management.

Oversee and confirm the resolution of any cyber risk gaps identified during the cyber risk assessment process.

Maintain a very strong knowledge of the regulatory cyber risk requirements to ensure that each third party meets those requirements.

Must be able to competently interpret and apply the requirements independently to mitigate cyber risk to the company.

Contribute to various departmental projects related to third party management activities. This could be as a project lead or supportive role to an existing project.

Collaborate across various operational and enterprise risk lines of business to ensure all third-party cyber review processes are being met.

Collaborate with the third-party cybersecurity analysts and TPRM team regarding onboarding and offboarding of new and existing 3rd party cyber risk review assessments.

Perform annual audit of vendors to ensure cyber risk is within risk tolerance for the company.

Establish and mature continuous monitoring for the company’s vendors.

Build third-party incident response plan, along with existing cyber incident response plans.

EDUCATION

- Bachelor of Fine Arts, University of Ghana

- CompTIA Security+

- Certified Information System Auditor (CISA)

Contact this candidate