Information Security Risk Management

CAREER OBJECTIVE

Individual with strong analytical mindset and solid background in compliance

such as SOC 1&2, ISO27001, NIST, and GDPR. With over 5 years of experience in GRC with areas such as Third-Party Risk Management, Internal Audits, Compliance Maturity, Policies & Procedures Management, and Framework Mapping. Interested in the position of an Information Security Specialist with an organization that is ready to utilize my skills and experience while adding to my experience.

PROFESSIONAL EXPERIENCE

September 2019–Present Uber

Information Security Analyst

• Monitored compliance with defined internal control polices and procedures in relation to NIST, ISO27001 and GDPR requirements to which the business must conform.

• Coordinate the compliance report process for external auditors as well as responsible for building and maintain a strong risk management program.

• Functioned as the primary liaison with vendors and served as an expert in PCI DSS compliance vendor questionnaire.

• Perform periodic security task as mandated by industry or regulatory requirements.

• Corresponded with different IT departments to help close identified gaps and prepared written reports and analysis for compliance management.

• Managed projects to implement regulatory and legal changes, including setting project goals, coordinating efforts between departments and monitoring for effectiveness

• Ensure that information security awareness, compliance to security policies, and security risk occurred as planned for my areas of duty.

470-***-****

****.******@*****.***

USA

EDUCATION

Kwame Nkrumah

University of Science and

Technology,

Kumasi, Ghana

Bachelor of Science,

Computer Science

RELEVANT SKILLS

Compliance Maturity

Control Mapping

Internal Audits & External Audits

Third Party Risk Management

Vulnerability Management

Policy & Procedure Management

CERTIFICATION

CompTIA Security+

MICHAEL SARPONG

INFORMATION SECURITY ANALYST

June 2016–September 2019 GameStop

Information Security Analyst

• Conduct information categorization using FIPS 199 and NIST 800-60 Vol 2 and implement appropriate security controls for Information System based on NIST Special Publication 800-53 rev 4 and FIPS 200.

• Perform comprehensive Security Control Assessment (SCA) and prepare report on technical, operational and management security controls for audited applications and information systems

• Conduct system and network scan, to identify vulnerability and create reports, detailing identified vulnerabilities and the steps taken for plan of action and milestone

• Conduct kick-off meetings with chief security officer (CISO) and system stakeholders prior to assessment engagements to determine the security posture of the system

• Work with stakeholders and system application teams to conduct testing, interviews, and collection of artifacts relevant to assessment of security controls

• Participates in kick-off & close out meetings with system security personnel and stakeholders.

• Develops Security Assessment Plan (SAP) identifying assessment methodology and controls to be assessed.

• Performs security control assessment for management, operations, and technical controls against NIST SP 800-53A Rev 4, NIST SP 800-53 Rev 4, and FIPS 199.

• Defined GRC polices and identified key issues

• Carried out assessments on operational effectiveness of client application controls

• Develop the strategic plan and roadmap to mature the initial implementation of our RSA Asher GRC tool.

• Provided a strong understanding of various compliance and regulatory areas or risk registers, risk exposure and handling of risk events.

Contact this candidate