EBENEZER OKRAH - CISA, CISM Katy, TX 708-***-**** ***************@*****.***
Experienced Information/Cybersecurity Analyst
Executive Summary
Accomplished Information Security Analyst with over 6+ years of experience performing IT Risk Assessments for Certification and Accreditation, 3rd Party/Vendor Risk/Security Control Assessment, and IT Auditing.
Areas of Expertise
Competency in HIPAA, SOX, GLBA, ISO, and FISMA, Physical Security, General Computer Controls, Application Control, Testing, Compliance Testing, Change Management, Configuration Management, Security Maintenance, Contingency Planning; Policies and Procedures, Implementation, Incident Response, Media Protection, NIST 800-53, NIST 800-53A, NIST 800-30, NIST 800-37, NIST 800-34, NIST 800-18, SIG Lite, Archer, Service Now, Jira.
Professional Overview
information security risk analyst, Heidelberg Materials-Dallas-TX JANUARY 2022 – Present
Performs Vendor/3rd Party Security Risk Assessment to assess the effectiveness of cloud vendor’s controls against ISO 27001, HIPAA, and NIST 800-53rev4
Review risk assessment outputs and vendor documents to determine acceptability
Develop risk management strategies with IT PMO that align with business goals to protect the confidentiality, integrity, and availability of information systems and data
Provide process improvement strategies on existing procedures and processes across the team and risk organization to achieve efficiency
Perform Internal Security Risk Assessments with a focus on existing and new systems for business units
Maintain current Disaster Recovery trends and provide recommendations for continuous improvement around our Disaster Recovery strategy
Assist events, coordinate status calls, provide clear concise updates, and manage the Disaster Recovery activities from a high level
Respond to SOC-generated trouble tickets in response to system alerts
Collaborate with center-wide technical POCs to resolve security-related issues
Manage ongoing risk mitigations, monitor, and track open items, and create IT project risk management status reports for necessary stakeholders
Organize and maintain necessary training to keep current on the discipline of third-party risk management, including regulatory and industry practices
Ensure departmental documents and activities are performed in compliance with applicable laws, regulatory standards, and company policies and procedures
Assist with the creation of policies and procedures for the Vendor Management department and participate in the team’s preparation for regulatory audits
Cyber Security Risk Analyst, CITI BANK-DALLAS-TX SEPTEMBER 2019 – NOVEMBER 2021
Conducted IT controls risk assessments that included reviewing organizational policies, standards, procedures, and guidelines
Performed in-depth analysis, response, and remediation of cyber incidents; determined course of action in compliance with the appropriate operational level agreements
Developed content and implemented countermeasures in response to potential or identified cyber threats and attacks based on incident response activities
Analyzed and recommended log/network/malware/device for remediation of security vulnerability conditions
Designed and executed third-party security assessments and prioritized control remediation as appropriate
Coordinated with external audit teams for NIST, PCI, SOC and supported information security and data privacy, procedures, and controls
Assisted events, coordinated status calls, provided clear concise updates, and managed the Disaster Recovery activities from a high level
Conducted the annual plan review of all business BCP plans, completed rating scorecard, and managed the plan review approval process ensuring all planners and managers signed off
Reviewed processes and built metrics that helped educate internal organizational leaders on their third-party information security profiles
Responded to SOC-generated trouble tickets in response to system alerts
Collaborated with center-wide technical POCs to resolve security-related issues
Recommended corrective actions to address identified deficiencies
Developed IT Controls, risk and gap assessments, and designed testing security controls
Leveraged commercial and open-source tools to quickly analyze, detect, and respond to cybersecurity incidents
Developed and maintained documentation, procedures, playbooks, cyber tools, and operational metrics for monitoring more complex threats and incident response
PROJECT Analyst, FREDDIE MAC, DALLAS-TX FEBRUARY 2017 - AUGUST 2019
Successfully used Smartsheet to create dashboards and RAID logs to report on project status
Led vendor valuation process to select vendors and assessed effectiveness of vendor controls, ensured all requirements were met, and onboarded new vendors
Developed project plans with timelines for the successful execution of the projects
Created project management plans such as scope, risk, and change management
Compiled daily/weekly project status reports and presentations and disseminated to various stakeholders
Maintained project team calendar on the SharePoint site and sent reminders on project timelines
Tracked overall project deliverables, coordinated resources, and compiled information for project metrics for senior management reporting
Planned and managed integration and user acceptability testing
Measured project performance against timelines and budget
Monitored and managed risks, issues, and dependencies to include RAID triage meetings
Coordinated SAP S/4Hana deployment to user environment
Managed and archived project artifacts after project completion
Released project resources after project completion
EDUCATION & Certifications
ISACA-CISA & CISM
BA ARTS – INTERDISCIPLINARY STUDIES, MAY 2016
GOVERNORS STATE UNIVERSITY, IL
DIPLOMA – PUBLIC RELATIONS & ADVERTISING, JUNE 1999
GHANA INSTITUTE OF JOURNALISM