*

CYBERSECURITY RISK ANALYSIS RISK MANAGEMENT

PROFESSIONAL SUMMARY

Experienced IT security professional with over 4 years of success demonstrating positive results in security, risk analysis, risk management, and mitigating risk related to vendor relationships, ensuring compliance with industry regulations and standards. Hands-on in leading various stages of security development including thorough assessments, analyzing vendor capabilities, monitoring the security posture, regulatory projects, development/review of policy documentation, designing security controls for information systems, investigation, and implementing effective risk mitigation strategies. Adept at aligning business objectives with the latest tools and regulatory frameworks such as NIST, ISO 27001, SOX, GDPR, HIPPA, and PCI-DSS, to ensure seamless compliance. Additional strength in threat detection, evaluation, validation, user education, reporting, incident response, and problem-solving. Passionate about security, quality, and customer satisfaction.

TECHNICAL PROFICIENCY

AWS Security FEDRAMP Guidelines Risk Management Framework (RMF) Risk Mitigation Vendor Risk Management Risk Registers NIST Vendor Relationship Management Due Diligence Questionnaires TPRM Program Contract Services Developing Policies & Procedures Vulnerability Management Nessus Qualys Splunk Cloud Security Architecture Onetrust Archer Engage AWS CloudWatch Agent KnowBe4 ServiceNow Salesforce Zendesk RFI/RFP preparations Legal Drafting Project Management, Microsoft Office, Microsoft Excel, Web Solutions FISMA NIST FedRAMP ISO 27001 PCI-DSS SOX (COSO/COBIT) CCPA

GDPR.

PROFESSIONAL EXPERIENCE

Kessler Topaz Meltzer & Check, LLP

IT Risk Analyst, August 2021 -Current

• Developed a quarterly system tracking process, and documentation, including guidelines on vulnerability management, and vendor relationship management, ahead of annual audits. Eric YATA

Security & Compliance Analyst

669-***-****), ad3otm@r.postjobfree.com

19701, Bear- DE

2

• Facilitated SOC 1, and SOC 2 Audits – identified gaps based on stakeholder responses, and developed processes to remediate gaps, or update existing policies to capture compliance gaps observed during the audit.

• Conducted cybersecurity awareness training for employees and a targeted team training for cybersecurity engineers, in the wake of recent application attacks following the zero-day vulnerability of Logs, Java library, and Kronos ransomware attacks. Training included strengthening MFA, ensuring MFA, mobile device verification, and employee training on security enhancement and incident response actions.

• Meticulously engaged in continuous monitoring efforts for assigned SaaS information systems.

• Collaborated with CSPs, vendors, and senior government stakeholders to maintain system certification and authorization.

• Reviewed and addressed application and database scan results from Qualys, Nessus, and engaged system engineers on remediation and fixes within SLAs – researching vulnerabilities and patch availabilities and ensuring efficient use of the Patch Catalog.

• Engaging engineers on security best practices following significant changes in applications or information systems – ensuring compliance and security by design. Silicon Valley Bank

Information Security & Compliance Analyst February 2020- August 2021

• Ensured that information security awareness, compliance with security policies, and security tasks occurred as planned for my duty areas.

• Implemented a robust system for tracking monthly vulnerabilities and advised on appropriate security tools and dashboards for company-wide use.

• Liaised with external security assessment vendors to streamline and automate risk assessment and vulnerability management process by integrating Nessus scan reports into a third-party Vulnerability Management Platform, for easy tracking and updates.

• Conducted due diligence on external vendors and partners to ensure compliance with company policies and regulations.

• Participated in weekly security team meetings to provide guidance and support for developing enterprise security architecture.

• Prepared organization for annual audit by scoping, identifying inventory in scope, wireless devices, and facilities, and assigning appropriate controls to competent stakeholders prior to the arrival of the auditor on-site.

• Developed and enforced policies and procedures to ensure proper documentation, compliance, and adherence to the existing policies and procedures throughout the vendor relationship.

• Identified and reviewed vendor-provided artifacts, documented observations, and control effectiveness ratings, from assigned vendors.

• Actively worked on eliminating vulnerabilities by identifying and resolving the root causes of the vulnerabilities.

3

Kinyang & Co Law Firm, Douala – Cameroon

Legal Consultant April 2011- November 2019

• Collaborated with 5+ attorneys and paralegals on cases, providing research, advice on complex legal matters, client briefing, legal drafting, and contract negotiations.

• Offered informed opinions on legal issues by analyzing complex situations, interpreting laws, and providing recommendations to clients.

• Conducted thorough research to understand legal precedents, regulations, and case law relevant to a specific matter which helped clients make informed decisions.

• Drafted description invoices, resulting in increased client understanding and reduced disputes by 75%.

• Assessed the legal risks associated with business decisions, contracts, or other actions. This helped clients understand potential pitfalls and develop risk strategies.

• Reviewed and drafted contracts agreements and other legal documents to ensure that these documents were legally sound and protected the client’s interests.

• Ensured that the Law firm and clients comply with applicable laws and regulations. This includes advising on organizational-specific compliance requirements. Facilitated the creation and implementation of internal policies that align with legal standards. SOFT SKILLS:

Coaching, skills training, facilitation and team Building, collaboration, Communication, interpersonal networking, Research and writing and Reporting and Documentation, time management, Due diligence, attention to detail, case management, ability to drive multiple projects to successful completion, ability to analyze and solve problems, ability to embrace complexity. EDUCATION

• Master of Science in Leadership - (ongoing), Walden University

• Masters in Business Law - University of Dschang, Cameroon: 2017

• Postgraduate Diploma, Business Law-University of Yaoundé II, Soa: 2007

• Bachelor of Law University of Yaoundé II, Soa: 2006 CERTIFICATIONS

• CompTIA Sec+

• Cybersecurity: Understand Threats and Prevent Attacks (CPD Certification Service)

• Security Management (CPD Certification Service)

• Project Management in Practice (CPD Certification Service)

• Professional Scrum Master (PSM), Home of Scrum

Contact this candidate