Rexford Seshie. De-Sosoo

• 508-***-**** • ad2abu@r.postjobfree.com •Bronx, NY •https://www.linkedin.com/in/rexford-de-sosoo-a5B94938/

Career Objectives

Rexford Seshie. De-Sosoo is experienced in: Information Technology (Privacy and Data Security; Project Management); and Environmental (Testing, Assessments, and Monitoring). Rexford Seshie. De-Sosoo has 13 years of work experience.

Key Knowledge/Experiences of Standard Regulations and Frameworks

General Data Protection Regulation (GDPR) and California Privacy Act (CCPA)

National Institute of Standards and Technology (NIST) Risk Management Framework

Health Insurance Portability and Accountability Act (HIPAA)

Payment Card Industry Data Security Standard (PCI DSS) Compliance

Third Party Risk Management Lifecycle (TPRM)

Federal Financial institutions Examination Council (FFIEC CAT)

SWIFT CSF

NYSDFS 500

Summary of Job Experiences

Reviewing firm contracts as part of the firm’s contract review process; assessing and recommending adjustments that serve to minimize security risk in firm agreements.

Supporting client’s security review process from intake through closure by identifying all necessary internal stakeholders based on the request (e.g., security survey, audit, review),

Coordinating with stakeholders, evaluating results of internal & external system vulnerability, and arranging necessary internal follow-up to facilitate agreement regarding any recommended remediation items.

Maintaining information security documentation and assisting in the development of security policies and procedures

Working to enhance the confidentiality, integrity, and availability of data at the firm, regardless of form.

Serving as a subject matter expert for information security principles and practices (especially as they pertain to vendors), and promoting a culture of security throughout the firm.

Consulting Services

Worked with business units and support their activities to ensure security compliance with policy and regulations.

Provided consulting services and recommendations on security related issues.

Provided security awareness training and regular security reminders.

Relevant Work Experience

Intec Logic Global, LLC, Houston, July 2023 - Oct 2023

Information Security Training & Awareness Analyst

Lead cyber security training program.

Run phishing program by creating and executing bi-weekly campaigns; leverage phishing metrics to identify staff at risk of being phished and offer targeted training.

Coordinating with the section heads to maintain alignment of training objectives and share effective local training and awareness practices.

Providing guidance to staff that assist in running daily controls.

Reviewing alerts from controls and follow up with the end users and technical teams as needed.

Maintaining the quality and effectiveness of controls and provide recommendations for improvement and/or automation.

Leveraging information gained from reviewing suspicious emails to update the security training library and phishing campaigns.

Societe General Bank, Inc June 2022 - June 2023

Security GRC Analyst (Consultant)

NYSDFS 500 Cyber security Regulation Contributor

Act as a subject matter expert for all DFS500-related matters to ensure the bank maintains and enhances its level of compliance with DFS500 requirements.

Assist the DFS500 program director to maintain all DFS500 related documentation.

Perform required activities to ensure that the program is effective such as assessing requirements, collecting supporting evidences and maintaining the associated certification documentation.

Performed review of required controls, identify weaknesses, and assist with action plans and solutions.

FFIEC CAT Contributor

Act as a subject matter expert to develop and maintain an effective FFIEC CAT framework for the bank.

Ensure that the FFIEC CAT requirements are mapped to core regulations such as NIST and DFS500.

Manage and maintain the FFIEC CAT framework to ensure the expected controls are in place and working as they should.

Develop related reports and metrics in relation to FFIEC CAT Inherent and Maturity posture Assessment.

Security GRC Framework Contributor

Performing various security risk assessments to identify residual risks and control gaps.

Ensuring clients, regulatory, and internal requirements are being met consistently and effectively.

Ensuring the required and expected controls are in place and working as they should.

Enhancing multi-level reporting to stakeholders in the company.

Build partnerships across the organization: Audit, Legal, Compliance, Information Technology, business operations, Risk management, etc. to ensure the security GRC program is aligned with business objectives and requirements.

Documentation, Reporting & Analytics

Contribute to the reporting framework that will provide regular metrics about business and IT environment; analyze trends in security events, activities, etc. to better understand risks, and current gaps.

One Brooklyn Health, Inc. Jan 2021 - Jun 2022

Information Security Analyst (Contractor)

Perform Third Party Risk Assessment to assess the effectiveness of vendor’s controls against ISO 27002:2013, HIPAA, and HITECH.

Perform security risk assessments with a focus on existing and new systems, against the HIPAA, HITECH, and Meaningful Use requirements.

Complete risk assessments, security requirements analysis, and security testing.

Create assessment reports and track remediation activities.

Monitor all in-place security solutions for efficient and appropriate operations.

Review and Analyze SOC 2 reports of third parties and Data Centers.

Engaged in Regulatory Security Risk Assessments and audits.

Engaged in tracking security incidents and conducting risk assessment on service request.

Assist with the documentation of policies, standards, and operational processes.

Develop detail recommendations for mitigating findings and process improvement projects

Ensure compliance of Information Technology Security Policies and utilized vulnerability tools.

Moderate workshops and interviewed key stakeholders to determine technical threats and risk.

Conduct reviews on Information Systems security documents for all hosted systems quarterly basis for Plan of Action & Milestones (POA&Ms).

NYU Langoge Medical Center Oct 2019 - Dec 2020

Information Security Risk Analyst (Contractor)

Responsible for the reporting and tracking compliance related activities; including privacy violations and working with the practice site management to develop corrective action plans as needed.

Identified potential areas of compliance vulnerability and risk, document and work with System Owners and IT Custodians to remediate.

Communicated potential control gaps to management along with suggested remediation.

Identified control deficiencies and/or process inefficiencies and develop process improvements.

Performed regular compliance audit and analysis focusing on business continuity partnering with the Director of Compliance to review findings.

Trained and educate employees at all levels, including field training to ensure understanding and compliance with HIPAA regulations.

Conducted walkthroughs, formulated test plans, documented gaps, test results, and exceptions; and developed remediation plans for each area of testing.

United Nations Mission-DR. Congo Jan 2010 - Dec 2018

Information Security Analyst/Project Coordinator (full time)

Initiated and complete third-party vendor risk assessments.

Performed risk assessments on organizational controls around information security including cyber and physical, business continuity and disaster recovery, resiliency, privacy, and governance.

Partnered with the security team to track Vendor Risk Management process- Conducts technical and policy-based information security risk reviews of third-party vendors.

Performed review of completed vendor assessment questionnaires for conformance to program objectives and methodology.

Assisted with monthly reporting to GRC and Security leadership team.

Performed risk assessments, application security assessments, vendor risk assessments, control gap analysis, risk remediation and mitigation, risk analysis.

Interact with business units and suppliers, discusses and reviews with Project Manager the project Key Performance Indicators to determine accurate status of the project.

Prepare budget estimates based on the prevailing market rates and develop strategies for the projects component execution, with the involvement of the relevant stakeholders.

Certification

CISM

CISA

Actively working towards CISSP

Education and Qualification

Master of Science Project Management (MSc)- University of Roehampton -UK (3 years)

Bachelor of Science Civil Engineering (BSc)- Takoradi Technical University -Ghana

Cyber Security Training - INFORTEC Logic Academy - USA

Contact this candidate