WENDY OSEI

862-***-****) ad1016@r.postjobfree.com

Summary

Self-motivated and driven team player with over 5 years of experience supporting the implementation, management, and maintenance of technologies and systems for clients. Prepared to deliver exceptional, timely, and transformative IT and Financially related support to clients across various industries. Also, a seasoned Compliance and Security Analyst with a strong background in assessing IT risks, internal controls, and regulatory compliance. Demonstrated expertise in auditing IT infrastructures, systems, and databases to ensure adherence to compliance standards.

Core Competencies

·Strong knowledge of security control frameworks, including NIST SP 800-53, ISO 27001, and PCI DSS.

·Extensive experience in conducting security assessments, vulnerability assessments, threat assessments and penetration testing.

·Proficient in identifying threats, security gaps, assessing risk levels, and providing actionable recommendations for control enhancements.

·Skilled in developing and implementing compliance programs, policies, and procedures.

·Demonstrated expertise in regulatory compliance, including GDPR, HIPAA, and SOX.

·Excellent understanding of security technologies and tools, including firewalls, IDS/IPS, SIEM, and antivirus solutions.

·Proven track record in developing and implementing compliance issue management programs to ensure adherence to regulatory requirements.

·Extensive experience in conducting end-to-end testing of regulatory programs, process mapping, and internal control development.

·Strong ability to collaborate with partners across the organization, including Risk and Legal functions, to establish consistent firm-wide compliance strategies.

·Skilled in developing and executing comprehensive project plans outlining scope, objectives, deliverables, timelines, resources, and risks.

Education

Montclair State University

Bachelor of Science – BS, Public Health, Health Systems Administration & Policy

Certifications

CompTIA Security + Certified

AWS Certified Cloud Practitioner

CISA

Technical Skills

Data Visualization and Analytic, IT Service Management, IT Support & Services

SharePoint, ServiceNow, MS Teams, MS Office Suite

Cloud Computing Technologies (AWS), Stakeholder Collaboration

ISO 27001, SOX, COSO, COBIT, PCI DSS, NIST, HIPAA

Database Auditing, Shared Responsibility Model, Logical Access Controls, Change Management

Risk Management Framework (RMF), Identity and access management (IAM)

Risk Assessment and Planning Considerations, Project Management

SAP Applications, SAP Basic, MES Applications, Governance, Risk & Compliance Technologies

Professional Experience

Novartis (contract)

information system security specialist 07/ 2022 –Present

Conducts comprehensive security control assessments to evaluate the effectiveness of existing controls and identify vulnerabilities.

Develop and implement risk management strategies, including risk assessments, risk mitigation plans, and control frameworks.

Collaborate with cross-functional teams to develop and maintain policies, procedures, and standards related to information security and compliance.

Conduct regular audits and reviews of security controls, ensuring compliance with regulatory requirements.

Manage and monitor the organization's identity and access management (IAM) system, including user provisioning, de-provisioning, and access reviews.

Conduct security assessments for clients across various industries, identifying risks, vulnerabilities, threats, and recommending appropriate security controls.

Perform comprehensive Security Control Assessment (SCA) in compliance with the organizational standards and prepares reports on management, operational and technical security controls for audited applications and information systems.

Leads the SOX team members in determining status of open deficiencies, remedial action plans and adjusting the plan accordingly.

Interact with internal and external auditors as well as consultants in facilitating the testing process and ensure efforts are not duplicated.

Developed comprehensive project plans that outline project scope, objectives, deliverables, timelines, resources, and risks. Collaborate with stakeholders to gather requirements and ensure alignment with organizational goals. Led the closure process for audit findings and remediation efforts related to information technology groups, ensuring timely and effective resolution.

Produced and disseminated threat assessment reports, communicating findings and actionable insights to key stakeholders and leadership.

Implemented biometric methods, multifactor authentication, non-repudiation and conducted risk mitigation to reduce risks by implementing the right access controls.

Led a team in the implementation of a continuous monitoring program, resulting in increased efficiency and effectiveness of IT audits.

Conducted the control selection phase by selecting the baseline from NIST SP 800-53 Rev.5 according to the overall categorization of the low, moderate, and high system.

Applied control tailoring to figure out what controls are truly applicable to our system based on the design of the operation & environment of our system.

Identified the ownership of the system. whether it was an inherited control, hybrid control or a system specific control.

Advocate and recommend system-level solutions to resolve security requirements. Monitors and suggests improvement to PIA policy.

bristol myers squibb (Contract)

cybersecurity analyst 08/ 2021 –07/2022

Performed comprehensive Security Control Assessment (SCA) in compliance with the organizational standards and prepares reports on management, operational and technical security controls for audited applications and information systems.

Deployed and conducted a system development life cycle (SDLC) for new features to the learning platform.

Evaluated information security control- Administrative, Physical & Technology (preventive, corrective, detective, and compensating controls) for design appropriateness and operating effectiveness.

Conducted a risk assessment to identify the information system. Through examination by reviewing existing documents (policies, procedures, previous assessments, etc).

Observed the implementation of controls, walkthroughs to take notes of security control implementation, interviewing the system owner, system administrators, developer etc. and testing existing controls.

Conducted a privacy impact analysis (PIA) to identify & understand any risks the system may pose to the privacy, civil rights, and civil liberties of personally identifiable information (PII). Led the closure process for audit findings and remediation efforts related to information technology groups, ensuring timely and effective resolution.

Also provided guide on how the PII should be handled, collected, maintained, and protected. Due to the PTA being positive because the system processes, transmits and stores PII.

Assisted in the development and management of technology risk vision, strategy, and mission.

Stayed current on emerging cyber threats and potential implications to the company.

Collaborated effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve strategic objectives.

Led the SOX team members in determining status of open deficiencies, remedial action plans and adjusting the plan accordingly.

Provided input to incident response planning based on threat assessments, ensuring the organization is well-prepared to respond to potential security incidents.

attain and gain counseling (contract). 09/2020-01/2021

Cyber risk consultant

Participated with the design, implementation, maintenance and enforcement of data privacy and protection - policies, procedures, and controls.

Trained staff in the use of cybersecurity systems and ERPs and follow up after project completion to ensure satisfaction.

Conducted kick off meetings to start security control assessment on assigned attain and gain systems.

Conducted security control assessment to assess the adequacy of management, operational privacy, and technical security controls implemented.

Developed Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action and Milestones (POA&M)

Conduct follow up meetings to assist information system owners to close/remediate POA&M items.

Develop System Security Plans (SSP) to provide an overview of system security requirements and describe the controls in place or planned by information system owners to meet those requirements.

Conduct IT risk assessment to identify system threats, vulnerabilities, and risks.

Prepare recommendation reports that are made available to system owners to remediate identified vulnerabilities during the risk assessment process.

Provided expert technical security guidance on IT projects such as deployment of new systems, major system upgrade, and system migration.

Integrated threat modeling techniques into the threat assessment process, enhancing the depth and accuracy of identifying potential risks and attack vectors.

east orange department of health and human services

hipaa compliance analyst (intern). 01/ 2017 –12/2017

Performed security assessments of security controls (HIPAA, PCI, SOX) for the purpose of trend analysis and compliance.

Documented gaps in security risk assessment process and communicated leadership opportunity for process improvements.

Performed assessments of appropriate administrative, physical, and technical safeguards with little supervision to protect the confidentiality, integrity, and availability (CIA) of confidential or regulated data (SOX, PCI, PHI).

Performed security risk assessments of new and existing applications, devices, and services for the purpose of documenting risks introduced by a new or existing project, program, product, or solution.

Facilitated follow up and tracked required remediation controls where necessary.

Documented security exceptions resulting from security risk assessments and assist with review of security exceptions when necessary.

Performed maintenance and configuration of Security Compliance tools (GRC) to ensure process efficiency and data accuracy.

Assisted with coordinating the remediation of control deficiencies resulting from security risk assessments and tracked progress and closure.

Utilized working knowledge of technologies and methodologies as it related to operating systems, firewalls, content filtering, access controls, encryption, networking, programming/ scripting, auditing, vulnerability assessments, intrusion management and operations with little oversight to assist the Security Strategy and Compliance team with effective research, data gathering, analysis, metrics, reporting and communications.

Monitored Information Security tools to identify and communicate to team leadership actionable security risks using industry standard methodologies and best practices.

Utilized working knowledge of company-wide Information Systems policies and standards governing individual behavior while accessing Information System resources.

Contact this candidate