*

Micheal Tuafo

Woodbridge, VA *****

410-***-****

ad2ij1@r.postjobfree.com

Summary

Adaptable Cyber Security Analyst ready to support operations from conception through post-release support. Responsible for managing the Risk, Compliance, documenting audit procedure, communicating findings and making recommendations for improvement. Experience in supporting and managing security compliance programs such as ISO 27K, SOC2, PCI -DSS, HIPAA, HITRUST and SSAE 16/18. Adept at working effectively unsupervised and quickly mastering new skills. Skilled in industry GRC tools like, ServiceNow, BitSight, RSA archer, One -Trust etc.

Skills

• Reporting Writing

• Due Diligence

• Internal Audit

• Risk Assessment

• Vendor Risk Assessment

• ServiceNow

• BitSight

• Policy Review

• SOC 1 & 2 Review.

• Remediation

• Risk Mitigation

• Risk Reckon

• One-Trust

• Business Continuity

Experience

January 2022

to

December 2023

Virginia Tech Blacksburg, VA

Compliance Analyst

• Assists external auditors with the completion of their audit procedures, including audit work and testing.

• Respond to internal audit inquiries from management (Answering security questionnaire)

• Participates in guiding Internal Audit staff through risk analysis, control identification, and audit program development.

• Assists external auditors with the completion of their audit procedures, including audit work and testing (SOC 2 type II, PCI-DSS).

• Identify control deficiencies and process improvements and communicate to the Manager Internal Audit.

• Track and ensure adequate and timely resolutions to all audit/review issues relating to security.

• Perform risk assessments on new and existing third parties.

• Oversees and performs Standardized Information Gathering (SIG) risk assessments.

• Support the ongoing review and update of privacy policies, standards, and procedures.

2

• Verify that policies and procedures are updated to reflect implemented.

• Improve and comply with relevant compliance standards. December 2020

to

November 2021

CareFirst BlueCross BlueShield Owings Mills, MD

Cyber Security Analyst

• Performing continuous risk assessment and defining the Internal Controls plan in collaboration with leadership to prepare for annual SOC 1 and SOC 2 audits.

• Support the Manager, Internal Audit in all aspects of audit process planning

(including risk assessment, fieldwork, reporting) for one or more audits.

• Review audit workpapers and provide feedback for less experienced team members.

• Communicate findings, make recommendations, and remediation.

• Documenting internal control weaknesses or inefficiencies.

• Drafting and finalizing internal audit reports to senior management.

• Participate in HITRUST certification.

• Writes audit findings and audit reports.

• Conducts entrance and exit meetings. Entrance meetings are held with control owners before the audit is performed for the purpose of agreeing on the purpose and scope of the audit, timing, and the support required for each audit selection. Exit meetings are held when the audit work is completed to discuss the results of the audit and, if applicable, to agree on remediation plans of exceptions noted during the audit

• Conduct appropriate audit testing for assigned audit areas and ensure that testing is completed as scheduled and documented in compliance with departmental standards. Provide direction and timely support to the Chief Executive Office in all phases of the audit field work

September 2018

to

December 2019

Dominion Energy Richmond, VA

Third Party Risk Analyst

• Maintain compliance with all company policies and procedures.

• Communicate effectively through multiple mediums (electronic and in-person), write clearly and effectively, and document findings appropriately and completely.

• Execute assigned tasks and responsibilities timely with the highest level of professionalism.

• Conduct and evaluate third-party risk assessments, applying established criteria covering cyber security, data privacy, reputational, financial, business continuity, geopolitical, and other risk domains.

• Collaborate with internal partners and third parties to mitigate and otherwise resolve third-party risks.

• Respond to customer third-party risk assessments and questionnaires as well as help facilitate business transactions and build relationships with existing and prospective customers.

• Gathering evidence to demonstrate compliance with customer security requirements.

3

• Conducting third party controls evaluation to determine risk.

• Facilitate third party risk lifecycle including conducting assessments, reporting results, developing findings and recommended remediation plan while maintaining excellent customer service.

• Monitor and assess third party performance to ensure compliance with the TPRM program, regulatory requirements, and service level agreements. Education and Training

Colorado Technical University

Colorado Springs, CO

Master of Science (Management)

Sept 2012

University of Ghana

Bachelor of Arts (Information Studies & History)

August 2008

Contact this candidate