SAMUEL MENSAH

Grandview, MO, *****

Email : ad2gl4@r.postjobfree.com

Phone : 660-***-****

EDUCATION

UNIVERSITY OF CENTRAL MISSOURI, Warrensburg, MO, USA

Master’s in safety& Compliances

LINCOLN UNIVERSITY, Jefferson City, MO, USA

Bachelor of Science

CERTIFICATIONS

CompTIA Security+

PROFESSIONAL SUMMARY

Enthusiastic, growth focused, and detail-oriented IT professional with extensive experience in Change Management, Process Improvement, Business strategy, Business analysis and Project/Program Management. Skilled in providing training to enhance productivity. Ability to establish and implement quality control program. Development of IT training and execute them. Articulate communicator with exceptional interpersonal, attention to detail, leadership, and mentorship. Motivator, and build cordial relationship with colleagues at workplaces. Excellent verbal, written, and strategic / analytical thinking skills.

WORK HISTORY

CREATIVE ONE, OVERLANDPARK, KS

INFORMATION SECURITY ANALYST–(2015 –Present

Conduct regular risk assessment and mitigate and work with control owners to remediate the findings.

Support development of a robust RMF package necessary to achieve and maintain a full, multi-year Authority to Operate (ATO) for multiple systems to include privacy documentation.

Create, establish, document, and refine the security controls, policies, procedures, and artifacts necessary to ensure applicable security requirements are met.

Document findings and recommendations related to control deficiencies and develop recommendations for corrective action.

Develop assessment plans and coordinate with other members of the Risk Management team to ensure that security objectives are met.

Actively participate and lead meetings to review and assess compliance of systems and technologies.

Communicate findings and recommendations to management and other stakeholders.

Monitor and track corrective actions in the form of Plan of Action and Milestones (POA&Ms) to ensure that deficiencies are addressed in a timely manner.

Stay abreast of changes to NIST and FISMA guidance and incorporate these changes into the organizational RMF process.

Making Sure that relevant compliancesand Standards are being followed by the organization (RMF, NIST, PCI, SOC, CMMC, ISO, GDPR, FISMA etc)

Ensuring that policies are matching the set standards

Developed security plans for technology implementations, coordinated with the IT department to create security controls, and performed audits to ensure compliance.

Developing and maintaining proficiency in Information Security practices

Assist with data collection for security audits.

Reviewing scans and opening tickets for remediation.

Participates in security breach investigations and other cybersecurity incidents.

Implements and manages security tools, technologies, and processes to ensure the confidentiality, integrity, and availability of our systems.

Helps promote a culture of cyber securityawareness.

Assists with penetration tests and vulnerability assessments performed by third parties including providing key information to third parties, ensuring business operations are not interrupted.

Coordinate with the IT Director and security teams to develop and maintain IT security policies, architecture, and security across the organization, including performing audits of security systems to maintain compliance with standards and protocols.

UNITYPOINT HEALTH, DES MOINES, IA.

PRIVACY & COMPLIANCEANALYST (2011-2015)

Manage regulatory Compliance Audits.

Conduct effective employee and management training.

Act as the administrator for all regulatory applications.

Analyze the company’s security and privacy policies, rules, and legislation to recommend requirements for the Enterprise Correspondence Product.

Continuously evaluate and monitor privacy policies, procedures, and processes, and make recommendations to update requirements based on new data privacy laws, regulations, contractual obligations, and industry best practices.

Work within all applicable compliance, privacy and contractual data use requirements as applicable

Generate compliance and privacy activity reporting.

Coordinate with third party data partners to protect the organization.

Identify compliance gaps and define requirements to ensure that components, programs, and systems are compliant with the privacy policies, procedures, and legal statutes.

Develop documentation throughout the privacy requirements development process in collaboration with the stakeholders.

Lead project compliance activities by updating the required dashboards; writing, compiling, and/or editing project artifacts

Privacy and Risk Management Strategic Planning

Conduct gap analysis and assessment of privacy and risk Management programs

Develop a strategic roadmap to evolve the privacy and risk management programs

Develop continuous improvements to privacy governance & risk management program

Enforce Policies and Procedures

Monitor, assist and advise managers and staff to comply with processes.

Ensure Risk Assessment and incident investigations are conducted to appropriate standards with legal and management requirements.

AREAS OF EXPERTISE

Cloud Security

Vulnerability Assessment

PCI Compliance

Security Audits

HIPAA

HITRUST

SOX

PCI

FISMA

SOC

ISO 27K

GRC(Governance, Risk, Compliance)

GRC Platform(IBM open page, ServiceNow, AuditBoard,Secureframe,etc)

PRODUCT SECURITY MANAGEMENT

RMF

CMMC

NIST

VENDOR RISK MANAGEMENT

Contact this candidate