Information Security Risk Management
Resume:
.
.
Phoebe Agbetorgoh
Fall River, Ma *****
****************@*****.***
Cybersecurity professional with five years of experience developing and implementing security solutions in fast-paced environments. Skilled in vulnerability management and incident response with proven history of delivering exceptional risk management support with extensive experience developing and testing security framework for cloud-based software. Proficient in applying the NIST, CIS and ISO 27001 framework methodologies to effectively safeguard digital assets, backed by extensive hands-on experience. As an Information security professional, I bring a keen eye for detail and a strong understanding of regulatory frameworks. With a passion for minimizing risk and ensuring adherence to industry standards, my role is to assess, analyze, and develop strategies that promote effective governance and compliance practices within organizations. By leveraging my expertise in risk management and compliance frameworks, I contribute to creating a secure and resilient environment that aligns with business objectives. Skills
Developing security plans
Excellent
Data security
Excellent
Designing security controls
Excellent
Security vulnerability assessment
Excellent
Risk mitigation strategies
Excellent
CIS Compliance
Excellent
Incident Response Management
Excellent
Critical thinking skills
Excellent
Deductive reasoning skills
Excellent
Attention to Detail
Excellent
Work History
2022- Current GRC Specialist
Heart to Heart Inc
Design company-wide policies to bring operations in line with ISO 27001
Perform risk analyses to identify appropriate security countermeasures.
Conduct security audits to identify vulnerabilities.
Perform weekly critical system audits of help desk tools to maintain security adherence for critical infrastructure
.
.
Prepare, execute, and report on audit of subset of NIST SP 800-53 cybersecurity controls to include interview, document review, and testing of systems to support compliance audit activities
Knowledgeable on NIST Cybersecurity Framework and how the Identify, Protect, Detect, Respond, and Recover categories comprise and facilitate an information security program
Basic understanding of concepts of risk analysis, computer security, IT systems, and networking
Implement secure baseline configuration
Develop Information Security policy to establish authorized access management and authenticator management for internal and third-party personnel
Implemented and maintained information security frameworks, including ISO 27001, NIST 800-53, and NIST 800-171, to ensure compliance with industry standards and best practices.
Evaluated security concepts and controls, identifying vulnerabilities and recommending effective remediation strategies.
Led information security audits, collaborating with cross-functional teams to ensure adherence to regulatory requirements and internal policies.
Played a pivotal role in IT Risk Management initiatives, assessing risks, and developing mitigation strategies to safeguard critical assets.
Successfully managed multiple IT projects from inception to completion, ensuring alignment with security objectives and timely delivery.
Collaborated with stakeholders to develop and refine security policies, procedures, and guidelines, fostering a culture of security awareness. 2018-02
2021-12
Information Security Specialist
Defeeds LLC
Conducting compliance audits and reviews to evaluate adherence to internal policies, external regulations, and industry standards.
Collaborating with cross-functional teams to assess and enhance internal controls, policies, and procedures.
Monitoring and analyzing regulatory changes, industry best practices, and emerging risks to keep the organization informed and compliant.
Collaborating with cross-functional teams to assess and enhance internal controls, policies, and procedures.
Designed company-wide policies to bring operations in line with Center for Internet Security (CIS) standards.
Performed risk analyses to identify appropriate security countermeasures.
Performed weekly critical system audits of help desk tools to maintain security adherence for critical infrastructure
Knowledgeable on NIST Cybersecurity Framework and how the Identify, Protect, Detect, Respond, and Recover categories comprise and facilitate an information security program
Implemented secure baseline configuration
Semi-quantitatively analyzed cybersecurity risk using NIST SP 800-30,, Tenable, Rapid7 methodology to identify highest risk weaknesses for a system
Executed threat modeling exercise to determine higher likelihood for threat events in cybersecurity risk modeling
Developed Information Security policy to establish authorized access management and authenticator management for internal and third-party personnel
Ensured policy documents are aligned with business objectives, implementable
.
.
by the organization, and practical for compliance by ensuring purpose, scope, authority, and policy statements incorporate operational perspective and constraints.
Education
Bachelor of Science: Human Resource
Pentecost University College, Accra Ghana
Diploma: Secretarial and Management
YWCA Secretariat School, Accra Ghana
Certifications
COMPTIA Security+ -In Progress
CISSP - Certified Information System Security Professional - In progress
Contact this candidate