SAMUEL MENSAH
Grandview, MO, *****
Email : ad2gl4@r.postjobfree.com
Phone : 660-***-****
EDUCATION
UNIVERSITY OF CENTRAL MISSOURI, Warrensburg, MO, USA
Master’s in safety& Compliances
LINCOLN UNIVERSITY, Jefferson City, MO, USA
Bachelor of Science
CERTIFICATIONS
CompTIA Security+
PROFESSIONAL SUMMARY
Enthusiastic, growth focused, and detail-oriented IT professional with extensive experience in Change Management, Process Improvement, Business strategy, Business analysis and Project/Program Management. Skilled in providing training to enhance productivity. Ability to establish and implement quality control program. Development of IT training and execute them. Articulate communicator with exceptional interpersonal, attention to detail, leadership, and mentorship. Motivator, and build cordial relationship with colleagues at workplaces. Excellent verbal, written, and strategic / analytical thinking skills.
WORK HISTORY
CREATIVE ONE, OVERLANDPARK, KS
INFORMATION SECURITY ANALYST–(2015 –Present
Conduct regular risk assessment and mitigate and work with control owners to remediate the findings.
Support development of a robust RMF package necessary to achieve and maintain a full, multi-year Authority to Operate (ATO) for multiple systems to include privacy documentation.
Create, establish, document, and refine the security controls, policies, procedures, and artifacts necessary to ensure applicable security requirements are met.
Document findings and recommendations related to control deficiencies and develop recommendations for corrective action.
Develop assessment plans and coordinate with other members of the Risk Management team to ensure that security objectives are met.
Actively participate and lead meetings to review and assess compliance of systems and technologies.
Communicate findings and recommendations to management and other stakeholders.
Monitor and track corrective actions in the form of Plan of Action and Milestones (POA&Ms) to ensure that deficiencies are addressed in a timely manner.
Stay abreast of changes to NIST and FISMA guidance and incorporate these changes into the organizational RMF process.
Making Sure that relevant compliancesand Standards are being followed by the organization (RMF, NIST, PCI, SOC, CMMC, ISO, GDPR, FISMA etc)
Ensuring that policies are matching the set standards
Developed security plans for technology implementations, coordinated with the IT department to create security controls, and performed audits to ensure compliance.
Developing and maintaining proficiency in Information Security practices
Assist with data collection for security audits.
Reviewing scans and opening tickets for remediation.
Participates in security breach investigations and other cybersecurity incidents.
Implements and manages security tools, technologies, and processes to ensure the confidentiality, integrity, and availability of our systems.
Helps promote a culture of cyber securityawareness.
Assists with penetration tests and vulnerability assessments performed by third parties including providing key information to third parties, ensuring business operations are not interrupted.
Coordinate with the IT Director and security teams to develop and maintain IT security policies, architecture, and security across the organization, including performing audits of security systems to maintain compliance with standards and protocols.
UNITYPOINT HEALTH, DES MOINES, IA.
PRIVACY & COMPLIANCEANALYST (2011-2015)
Manage regulatory Compliance Audits.
Conduct effective employee and management training.
Act as the administrator for all regulatory applications.
Analyze the company’s security and privacy policies, rules, and legislation to recommend requirements for the Enterprise Correspondence Product.
Continuously evaluate and monitor privacy policies, procedures, and processes, and make recommendations to update requirements based on new data privacy laws, regulations, contractual obligations, and industry best practices.
Work within all applicable compliance, privacy and contractual data use requirements as applicable
Generate compliance and privacy activity reporting.
Coordinate with third party data partners to protect the organization.
Identify compliance gaps and define requirements to ensure that components, programs, and systems are compliant with the privacy policies, procedures, and legal statutes.
Develop documentation throughout the privacy requirements development process in collaboration with the stakeholders.
Lead project compliance activities by updating the required dashboards; writing, compiling, and/or editing project artifacts
Privacy and Risk Management Strategic Planning
Conduct gap analysis and assessment of privacy and risk Management programs
Develop a strategic roadmap to evolve the privacy and risk management programs
Develop continuous improvements to privacy governance & risk management program
Enforce Policies and Procedures
Monitor, assist and advise managers and staff to comply with processes.
Ensure Risk Assessment and incident investigations are conducted to appropriate standards with legal and management requirements.
AREAS OF EXPERTISE
Cloud Security
Vulnerability Assessment
PCI Compliance
Security Audits
HIPAA
HITRUST
SOX
PCI
FISMA
SOC
ISO 27K
GRC(Governance, Risk, Compliance)
GRC Platform(IBM open page, ServiceNow, AuditBoard,Secureframe,etc)
PRODUCT SECURITY MANAGEMENT
RMF
CMMC
NIST
VENDOR RISK MANAGEMENT