Post Job Free

Resume

Sign in

Information Security Compliance Analyst

Location:
Garden Grove, CA
Posted:
February 12, 2024

Contact this candidate

Resume:

P a g e *

NNAMDI OBI

Anaheim, CA Cell: 678-***-**** ad3ks8@r.postjobfree.com US Citizen

Experienced Cybersecurity Compliance Analyst with a proven ability to develop and implement effective compliance strategies in collaboration with diverse stakeholders. Skilled in the security domain, with a focus on ensuring the confidentiality, integrity, and availability of critical data and systems. SKILLS

Assessments & Compliance: SOC 2 - Type 1 & 2 Reports, PCI-DSS, GRC, CAIQ, SSAE 18, SIG, HITRUST, HIPAA, CCPA, ISO 27001/2, NIST 800 series, COBIT, COSO, SOX, FedRAMP, ITGC, Vendor/Supplier Security Audit, FIPS 199/200, FISMA, CMMC

IT Program Directorship & Management: Cybersecurity Technical Writing (Policies, Standards, and Procedures), Third- Party Risk Management, Business Continuity & Disaster Recovery (BC/DR),SDLC Security Controls, Policies and Procedures, Implementation, Incident Response, Supplier management, Risk Assessment and Risk Mitigation Analysis, Access Control Management, Contingency Plan, Policy review, Continuous Monitoring, Artifacts gathering, remediations’, SCRM,SAR, SAP, CMP.

IT Security Tools: RSA Archer, Vanta, OneTrust, Knowbe4, Privacera, Nessus, Qualys, Rapid7, Onspring, Hyperproof, Zscaler.

Productivity Tools: Microsoft 365, ServiceNow, Jira /Confluence, SharePoint, Slack, Teams, Google Docs, TDX, ManageEngine.

Soft Skills: Teamwork, Problem Solving, Interpersonal Communication, Conflict resolution. TRAINING & CERTIFICATIONS

Certified Information Security Auditor (CISA)

Certified Information Security Manager (CISM)-In-View PROFESSIONAL EXPERIENCE

UNITEDHEALTH GROUP, INC.- REMOTE

Contract: Senior GRC Analyst – July 2019 – Present UnitedHealthcare Group, Inc. is one of the largest healthcare providers in the world, with a wide range of services and a significant presence in the United States and around the globe.

Perform risk and control assessments for medium/high-risk third-party providers, safeguarding sensitive data and ensuring alignment with security standards.

Lead comprehensive assessments for UHG portfolio companies, guaranteeing adherence to stringent external regulations like SOC 2, HIPAA, HITRUST, ISO, RMF, SOX, FEDRAMP, and PCI-DSS.

Leverage MYCSF for streamlined HITRUST CSF assessments and implementation, boosting accuracy and reducing management complexity.

Conduct thorough risk assessments for sensitive client data, employing best practices to mitigate threats and maintain confidentiality.

Maintain and update data in RSA Archer for accuracy and consistency, providing a centralized repository for GRC information.

Build efficient use cases, processes, and playbooks for application onboarding in Archer, streamlining integration and risk management for new systems.

Supervise Jira tickets for stakeholders, ensuring smooth data management and effective project communication.

Manage audit schedules, meetings, and scoping discussions, fostering clear communication and efficient preparation throughout the compliance process.

Assist in gap analysis of security controls against compliance standards, identifying areas for improvement and optimizing resource allocation.

Compile and submit accurate responses to security inquiries from across the organization, promoting a culture of awareness and initiative-taking risk mitigation.

P a g e 2

Develop and implement comprehensive Q&A banks for security questionnaires, streamlining responses and ensuring consistent information sharing.

Utilize KnowBe4 for engaging security awareness training and reminders, empowering employees to make informed security decisions.

BERKSHIRE HATHAWAY - REMOTE

Contract: Compliance Analyst -September 2021 – January 2023 Berkshire Hathaway Inc is an American multinational conglomerate holding company headquartered in Omaha, Nebraska.

Led evidence collection efforts for annual NIST 853 assessments, ensuring alignment with all control requirements.

Analyzed system logs, security reports, and configuration data to identify vulnerabilities and compliance gaps.

Developed and maintained comprehensive evidence tracking systems, facilitating efficient access for internal teams and external assessors.

Prepared detailed reports and presentations for assessors, clearly outlining findings, remediation efforts, and progress towards compliance.

Managed POA&Ms for identified control deficiencies, coordinating remediation activities, and tracking milestones to ensure timely completion.

Partnered with risk owners to drive alignment on remediation timelines and expectations for risk treatment plans.

Collaborated with security engineers, system owners, and management to implement necessary control enhancements.

Provided training and support to internal stakeholders on NIST 853 requirements and evidence collection procedures.

DELTA HOSPICE - REMOTE

Third-Party Risk Analyst – October 2016– June 2019 Delta Hospice is a Joint Commission accredited hospice care provider with facilities in Chino and Temecula, California.

Successfully managed risk for third-party entities throughout their lifecycle, including planning, due diligence, contracting, transition, ongoing monitoring, and exit.

Conducted thorough reviews and analyses of various reports, such as SOC reports, penetration test reports, vulnerability scan reports, business continuity plans, disaster recovery, and incident response plans. These findings served as supporting evidence for information security questionnaires.

Executed control risk assessments to pinpoint vulnerabilities and weaknesses in existing controls.

Promptly escalated critical issues to the appropriate third-party risk management channels when necessary.

Conducted comprehensive vendor risk assessments, evaluating aspects including financial stability, operational practices, information security measures, regulatory compliance, and ethical standards.

Collaborated closely with cross-functional teams, including procurement, legal, cybersecurity, and business departments, to align risk management efforts and collectively address vendor risk.

Monitored vendor performance and compliance with contractual obligations, service level agreements, and industry standards on an ongoing basis.

Utilized SIG (Standardized Information Gathering) questionnaires and IRQ (Information Request Questionnaires) to collect detailed information from vendors and accurately assess their risk posture.

Offered actionable risk mitigation recommendations based on assessments and analysis, guiding vendors in implementing necessary improvements and adhering to established risk management guidelines. EDUCATION

Kennesaw State University

Bachelor of Arts: Geography



Contact this candidate