Information Technology Risk Management

SAMUEL KOFI COFFIE

ad2lu6@r.postjobfree.com / +1-973-***-****

SUMMARY

Experienced in Developing Data Security Policies, Testing Information Technology Controls, Procedures and Guidelines based on ISO 27001: 2013. Information System Security Risk Assessments, Knowledgeable in Security Compliance assessment in FISMA, HIPAA, GLBA and PCI DSS EXPERIENCE

VRM / Third –Party Risk Management

INGRAM MICRO 03/2019 – Present

(Team Lead)

Ensures new third-party due diligence and supporting documents are properly captured in the Vendor Information Management (VIM) system.

Validates risks and controls; prepare accurate, complete, clear, and timely risk assessment supporting evidence adequacy and effectiveness of the system of internal controls for assigned vendor;

Reviews, third party responses and communicate questions to the appropriate stakeholders

Assists in preparing necessary documentation to support the Cybersecurity TPRM program.

Conducts periodic performance and risk reviews of existing third-parties.

Facilitates remediation for any third-party related operational issues.

Provides follow-through on assessment deficiencies to assure corrective actions are implemented and completed as expected.

Documents assessment template, and score the assessment with an overall rating.

Gather due diligence documentation and completes the risk assessment for assigned third – party relationships in accordance with the third – party Risk Management Policy.

Tracks and monitors the status of each due diligence review and communicates with the Relationship Manager (RM) to obtain missing items in a timely manner.

Kicks off initial reviews for new and existing Third – Party relationship to ascertain engagement risk.

VRM / Third –Party Risk Management

SERICOM IT SERVICES 05/2017 to 10/2018

Assessed compliance to organization’s information security policies, processes and procedures.

Facilitated information security awareness educational trainings for stakeholders.

Involved in contingency plan testing and updating.

Identifying patterns and trends in data sets

Managed and tracked outstanding IT remediation items in the risk management system to ensure timely completion.

Involved in security incident management to resolve events that had the potential to impact the confidentiality, availability, or integrity of information technology resources.

Identified control gaps and vulnerabilities with suppliers and worked with management and suppliers to address security concerns and remediation in a timely manner.

Assessed the establishment, implementation, operation of the organisation’s ISMS.

Prepared data audit reports, issued memo, developed corrective action plans and follow-up on corrective actions.

Identified improvement opportunities and provided feedback to senior management

Liaised with external auditors for required audit engagements and closure of external audit findings/reports.

Work with teams to manage the closure of audit findings. EDUCATION

Lester (GH) University College

Degree in Information Technology 2013 - 2017

SOFT SKILLS

Comfortable working in a multicultural, dynamic and challenging environment

A good team player.

Able to work under pressure and with little or no supervision.

Effective interpersonal and communication skills.

Report writing and analytical skills.

High Sense of Integrity and confidentiality

Proficiency in the use of Microsoft Office suite, and the ability to create, publish, and deliver briefing and training materials.

Conversant with Cyber security

CERTIFICATION

BSc. Information Technology

Certified Information Security Auditor (CISA) in progress

Contact this candidate