Post Job Free
Sign in

Information Security Risk

Location:
Houston, TX
Posted:
December 27, 2023

Contact this candidate

Resume:

EBENEZER OKRAH - CISA, CISM Katy, TX 708-***-**** ***************@*****.***

Experienced Information/Cybersecurity Analyst

Executive Summary

Accomplished Information Security Analyst with over 6+ years of experience performing IT Risk Assessments for Certification and Accreditation, 3rd Party/Vendor Risk/Security Control Assessment, and IT Auditing.

Areas of Expertise

Competency in HIPAA, SOX, GLBA, ISO, and FISMA, Physical Security, General Computer Controls, Application Control, Testing, Compliance Testing, Change Management, Configuration Management, Security Maintenance, Contingency Planning; Policies and Procedures, Implementation, Incident Response, Media Protection, NIST 800-53, NIST 800-53A, NIST 800-30, NIST 800-37, NIST 800-34, NIST 800-18, SIG Lite, Archer, Service Now, Jira.

Professional Overview

information security risk analyst, Heidelberg Materials-Dallas-TX JANUARY 2022 – Present

Performs Vendor/3rd Party Security Risk Assessment to assess the effectiveness of cloud vendor’s controls against ISO 27001, HIPAA, and NIST 800-53rev4

Review risk assessment outputs and vendor documents to determine acceptability

Develop risk management strategies with IT PMO that align with business goals to protect the confidentiality, integrity, and availability of information systems and data

Provide process improvement strategies on existing procedures and processes across the team and risk organization to achieve efficiency

Perform Internal Security Risk Assessments with a focus on existing and new systems for business units

Maintain current Disaster Recovery trends and provide recommendations for continuous improvement around our Disaster Recovery strategy

Assist events, coordinate status calls, provide clear concise updates, and manage the Disaster Recovery activities from a high level

Respond to SOC-generated trouble tickets in response to system alerts

Collaborate with center-wide technical POCs to resolve security-related issues

Manage ongoing risk mitigations, monitor, and track open items, and create IT project risk management status reports for necessary stakeholders

Organize and maintain necessary training to keep current on the discipline of third-party risk management, including regulatory and industry practices

Ensure departmental documents and activities are performed in compliance with applicable laws, regulatory standards, and company policies and procedures

Assist with the creation of policies and procedures for the Vendor Management department and participate in the team’s preparation for regulatory audits

Cyber Security Risk Analyst, CITI BANK-DALLAS-TX SEPTEMBER 2019 – NOVEMBER 2021

Conducted IT controls risk assessments that included reviewing organizational policies, standards, procedures, and guidelines

Performed in-depth analysis, response, and remediation of cyber incidents; determined course of action in compliance with the appropriate operational level agreements

Developed content and implemented countermeasures in response to potential or identified cyber threats and attacks based on incident response activities

Analyzed and recommended log/network/malware/device for remediation of security vulnerability conditions

Designed and executed third-party security assessments and prioritized control remediation as appropriate

Coordinated with external audit teams for NIST, PCI, SOC and supported information security and data privacy, procedures, and controls

Assisted events, coordinated status calls, provided clear concise updates, and managed the Disaster Recovery activities from a high level

Conducted the annual plan review of all business BCP plans, completed rating scorecard, and managed the plan review approval process ensuring all planners and managers signed off

Reviewed processes and built metrics that helped educate internal organizational leaders on their third-party information security profiles

Responded to SOC-generated trouble tickets in response to system alerts

Collaborated with center-wide technical POCs to resolve security-related issues

Recommended corrective actions to address identified deficiencies

Developed IT Controls, risk and gap assessments, and designed testing security controls

Leveraged commercial and open-source tools to quickly analyze, detect, and respond to cybersecurity incidents

Developed and maintained documentation, procedures, playbooks, cyber tools, and operational metrics for monitoring more complex threats and incident response

PROJECT Analyst, FREDDIE MAC, DALLAS-TX FEBRUARY 2017 - AUGUST 2019

Successfully used Smartsheet to create dashboards and RAID logs to report on project status

Led vendor valuation process to select vendors and assessed effectiveness of vendor controls, ensured all requirements were met, and onboarded new vendors

Developed project plans with timelines for the successful execution of the projects

Created project management plans such as scope, risk, and change management

Compiled daily/weekly project status reports and presentations and disseminated to various stakeholders

Maintained project team calendar on the SharePoint site and sent reminders on project timelines

Tracked overall project deliverables, coordinated resources, and compiled information for project metrics for senior management reporting

Planned and managed integration and user acceptability testing

Measured project performance against timelines and budget

Monitored and managed risks, issues, and dependencies to include RAID triage meetings

Coordinated SAP S/4Hana deployment to user environment

Managed and archived project artifacts after project completion

Released project resources after project completion

EDUCATION & Certifications

ISACA-CISA & CISM

BA ARTS – INTERDISCIPLINARY STUDIES, MAY 2016

GOVERNORS STATE UNIVERSITY, IL

DIPLOMA – PUBLIC RELATIONS & ADVERTISING, JUNE 1999

GHANA INSTITUTE OF JOURNALISM



Contact this candidate