ABENA POKUAA WEALTHY

Leander, TX ***** 737-***-**** ad236a@r.postjobfree.com

Versatile Information Security Analyst with a background in successfully executing diverse project tasks to meet deadlines. Enthusiastic problem solver and talented team player with superior planning and project management skills, knowledgeable in Risk Management Framework (RMF), GRC, Systems Development Life Cycle (SDLC), and Vulnerability Management using FISMA, NIST- CSF, and applicable Cybersecurity standards. Past projects include extensive background in all stages of Audit including planning, study, evaluation, and testing of controls: and follow-up new system implementation assessment, internal control review, Gap Analysis, and IT General Controls Audit, business analysis, and regulatory compliance program management.

Designing and Tailoring Security Controls

Analyzing SOC and Penetration Test Reports

IT General Controls

Vendor Categorization

Analytical Thinking

Regulatory Compliance

Extensive understanding of Risk Management

Framework (RMF)/Cybersecurity/IT Security &

NIST 800 Special Publication Series

Vendor Risk Associate (GRC Assurance Team), 08/2018 - Current State Of Michigan(DTMB) – Remote, MI

Facilitates vendor onboarding process by performing third-party party risk assessment of vendors. Conducts vendor classification according to Data handling and Relationship as well as company policies and procedures.

Collaborate with business owners to document vendor relationships, collect supporting risk assessment documentation, confirm alignment with risk assessment, and monitor vendors' performance and adherence to contractual requirements, including service level agreements. Develop Vendor Risk Assessment Report and escalate issues when necessary. Compile Risk Assessment Reports (RAR) and consult with vendor's primary contact about assessment findings.

PROFESSIONAL SUMMARY

SKILLS

WORK HISTORY

Review completed Standardize Information Gathering (SIG) questionnaire and supporting documentation to validate vendor appropriate Implementation of security controls. Analyze vendor's processes to determine deficiencies within their controls that could violate applicable law, regulation, framework, or internal policies and procedures. Implement risk management and incident reporting strategies and data to create educational programs. Manage and execute risk management projects to determine deficiencies and appropriate corrective actions.

Conducts information security documentation and workflows to assist with incident response,audits, and vendor requirements.

Collaborate with vendors to discuss appropriate remediation actions and deadlines for all identified gaps. Assist in development, review, implement guideline maintenance of policies, procedures, standards, and guidelines in accordance with applicable regulations including ISO 27001, NIT 800-53 Framework Controls, HIPAA, and PCI DSS.

Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities. Collaborate with security, engineering, IT, and partner risk functions to design, implement, and perform periodic testing of controls.

Conduct daily activities and functions such as assessing vendors for security risk and provisioning application access.

Complete risk rating of vendors within GRC system based upon vendor due diligence documentation and independent research.

Conduct self-control assessment to determine adequacy of management, operational, privacy, and technical security controls implemented.

Experience working with Agile methodology and GRC tools (MetricStream, keylight, ServiceNow, Archer, etc.).

Worked with internal and external Auditors (The BIG 4) to assist in reviewing SOC II Type II reports,Penetration Test results, ISO 27000 Audits by gathering evidence and answering security questions.

Information Security Auditor, 01/2018 - 08/2018

Google/Accenture – Remote, CA

Conducted audits on (IT) operating system (OS) platforms and operating procedures in accordance with established standards for efficiency, accuracy, security, and risk mitigation. Conducted kick-off meetings in order to categorize systems according to NIST requirements of Low, Moderate, or High Risk.

Evaluated IT infrastructure in terms of risks to about 80 departments and establish controls to mitigate loss. Determine and recommend improvements to enterprise risk management controls. Performed in-depth security assessment of SAP and other connected systems used for processing critical financial reporting.

Designed and performed information technology internal Controls test work for banking /Public Sector clients using PCI DSS as guide.

Operated under Agile and Scrum frameworks to complete releases and well-organized sprints. Identified and Reported threats /Vulnerabilities applicable to Systems. IT Security - Project Coordinator, 06/2014 - 01/2018 JP Morgan Chase – Chicago, IL

Prepared Security Assessment and Authorization (SA&A) packages Developed Security Assessment Reports (SAR) and Plan of Action and Milestone reports (POA&M) Wrote about 250 technical narratives to document processes and design changes. Kept projects on schedule by managing deadlines and adjusting workflows. Prepared meeting agendas and minutes for distribution and record keeping. Supervised multiple projects from project start through delivery by prioritizing needs and delegating assignments.

Provided input and feedback on departmental initiatives, directives and strategies to contribute to project success.

Created and monitored Project Charters, story Boards from start to finish. Bachelor of Arts: Information Technology Studies And Sociology, 05/2007 University of Ghana - Ghana

IT Career Lab, National Able Network Power BI/Data Analytics MCSA (Power BI), Excel, Scrum Master, CISA, CISM, CISSP in progress EDUCATION

CERTIFICATIONS

Contact this candidate