Information Security Analyst
Resume:
JACOB ACHEAMPONG
RICHMOND TX 77407
**************@*****.***
Objective:
Seeking an Information Security Analyst position in a growth-oriented organization with focus on Risk Assessments, Compliance, System Security Monitoring and Auditing, Audit engagements, and Testing Information Security Controls.
Special Skills:
Vendor Risk/Third Party Risk Management, HIPAA, ISO 27001/27002.
PCI DSS compliance
Review and Analyze SSAE16/SOC 2 type II reports.
Review and update Risk Assessment (RA) using NIST SP 800-30 guidelines.
Create POA&M to take corrective actions resulting from vulnerability scanning, compliance check and system test and evaluation (ST&E).
Review and update MOU (memorandum of understanding) and ISA (Interconnection Security Agreement) document.
Very effective in team environment and participate in collaborative initiatives which foster the mutual exchange of knowledge and expertise.
Have the flexibility to multi-task, work independently or share workloads and deal with sudden shifts in project priorities.
Good communication skills to build and maintain customer satisfaction and express opinions in clear sound manners on Matters associated with IT security.
TECHNICAL SKILLS:
Jira Agile Environment
BI Tools: Tableau Desktop, Tableau Server, MS Excel, SIEM, Splunk, Bit Sight, RiskRecon, Security Scorecard
Databases: MS Access, MS SQL Server, Oracle 12.x.x
Languages: SQL, Python, R, HTML
Operating Systems: Windows 2007/ XP/ 10, Linux
Work Experience
Conocophillips
Security and Compliance Analyst 01/2013 to Present
Demonstrate in-depth understanding of applicable IT/OT Security and compliance regulations, including but not limited to: TSA (Transportation Security Administration) SD (Security Directive)- Transportation Security Administration; ITAR (International Trafficking in Arms Regulation); CFATS (Chemical Facility Anti-Terrorism Standards)
Maintain a sound technical understanding of cybersecurity, network operations, and other related IT/OT skillsets.
Program Management
Provide tactical direction and compliance oversight in developing, implementing, and evaluating project plans, goals, and timelines for the implementation of internal controls, physical security controls, and cyber security controls.
Use OneTrust GRC tool in control execution and Risk Assessment.
Coordinate proactive development and updates to policies, plans, procedures, and recordkeeping of evidence with internal organizations to ensure compliance with various IT/OT security and compliance requirements.
Communicate applicable IT/OT security compliance information, standards, and requirements in a clear, concise manner.
Monitor and report on applicable compliance status to various stakeholders. This includes both summary compliance/risk reporting for the CISO (Chief Information Security Officer) Leadership Team as well as targeted, actionable reporting to other stakeholder groups.
Internal Subject Matter Expert
Assist the business development teams in defining scopes of service and reviewing proposed contract changes as they relate to relevant compliance standards.
Develop and deliver compliance training for various audiences.
Partner with the business and IT (Information Technology) and OT (Operational Technology) teams to identify and implement technologies to automate and streamline compliance monitoring and reporting processes.
Actively participate in the cyber security incident management process as a compliance SME (Subject Matter Experts).
Apply understanding of compliance standards along with other IT & OT disciplines to provide recommendations and/or solutions to business/compliance issues.
Participate in the evaluation of potential compliance concerns.
Intec Logic Global, LLC
Information Security Risk Analyst – (Contract) 10/2017 to 01/2013
Performs Vendor/3rd Party Security Risk Assessment to assess the effectiveness of cloud vendor’s controls against ISO 27001, HIPAA, and NIST 800-53rev4.
Perform Internal Security Risk Assessments with a focus on existing and new systems for business units.
Technical understanding of Splunk and tableau software in analyzing data and converting those raw data into meaningful information in a way of visualization to make it easy for stake holders to understand the workflow.
Monitoring, end point protection, patch, and vulnerability management.
Installation of Splunk and tableau software
Troubleshoot performance alerts from the Splunk infrastructure or Splunk agents.
Conducts risk assessments by review security documentations, policies, SOPs, in line with the Hospitals policies and procedures.
Create Security Assessment reports, identify gaps and track remediation activities.
Review and Analyze SOC 2 Type II reports of 3rd parties and Data Centers.
Acting as the subject matter expert to answer questions and educate customers about the PCI DSS
Responsible for the development, maintenance, and design of PCI DSS compliance reporting; PCI and other risk registers.
Engaged in Regulatory Security Risk Assessments and audits for effective compliance with HIPAA, PCI DSS.
Engaged in tracking security incidents and conducting risk assessment on service request.
Assist with the updates of security documents such as policies, standards, and operational procedures.
• Help define, lead, and execute vulnerability management strategy and processes
• Management of technologies and processes for vulnerability management including issue identification and resolution, integration with other tools, documentation, and continuous improvement of the service
• Identify new vulnerabilities and exploits and provide periodic vulnerability reports and summaries
• Propose and participate in the develop the roadmap and metrics for vulnerability management processes and tools
• Coordinate with internal and external partners to remediate or mitigate security vulnerabilities and assist technical teams
Schlumberger
IT Security Analyst 09/2015 to 08/2017
Monitored and reports on compliance with information security policies, standards, procedures, and guidelines.
Conducted risk and security assessments and evaluated results with system owners and custodians.
Provided information security consulting on a variety of technologies and processes.
Works with clinical, academic, and administrative groups to develop security solutions with minimum supervision.
Supported and helped numerous activities related to risk assessments.
Performed risk assessment on information assets including information systems, biomedical systems, clinics, vendors, and data centers.
Performs Risk Assessment for VCU data centers, departments, applications etc. using NIST 800 - 53 rev 4 controls with Archer GRC.
Developed new and improves upon existing information security risk assessment methodologies.
Identifying security threats, attack methodologies, security principles, best practices, and evasion techniques.
Participates in annual review of all information security policies, standards, procedures, and guidelines; recommends new policies and amendments; assures alignment with current regulatory requirements.
Actively seek to improve and develop new content based upon observed security activity.
Provide excellent customer service.
Assist with other audit activities as needed.
Facilitate external audits.
Execution of processes and procedures in support of the vulnerability management lifecycle from identification to remediation, to reporting
Fiserv Solutions
IT Security Risk Analyst 08/2014 to 08/2015
Coordinated with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements.
Worked with the SIG (Standard Information Gathering) questionnaire, as well as other Information Security documentation for vendor security assessment.
Validated vendor appropriate implementation of information security controls; analyze the information to identify information security weaknesses or non-compliance.
Serves as Splunk developer responsible for creating Security Information and Event Management (SIEM) content to monitor security events and detect potential security incidents across the enterprise.
Responsible for SIEM content management, content creation, rule tuning, reporting and alert creation • Provide knowledge of recognizing and onboarding new data sources into Splunk, analyzing the data for parsing purposes to make it CIM compliant, then building dashboards to fulfill stakeholder requirements.
Identifying, collecting, organizing, and reviewing pertinent evidence across multiple platforms and applications to determine compliance with relevant PCI DSS controls.
Identified gaps and produce detailed reports of assessments.
Communicated issues to business partners, ensuring their understanding of associated risks and actions needed to remediate those risks.
Validated evidence from vendors, before Remediation Plans are closed.
Escalated issues associated with vendors as needed to management decision.
Performed Peer Reviews on completed assessments for quality assurance.
Maintain the company’s Information Security and Privacy Framework and underlying policies, procedures, standards, and guidelines.
Create audit plans and audit reports.
Keep documentation organized and document processes and guidelines.
Promote collaboration with stakeholders to prioritize the remediation of vulnerabilities and close potential attack vectors. •
Provide direction and support of operational tools and processes for
identifying and communicating vulnerable items for Vulnerability
Management Infrastructure (VMI)
Develops and improves programs, tools, and metrics for information technology self-assessment including PCI DSS and efficiency measurements within the Information technology and information security domains.
Implements security awareness program areas including training on information and cybersecurity topics, simulated phishing and educational communications.
Negotiate with stake holders and our 3rd party vendors on the need to implement certain vital controls.
Certifications:
OneTrue Fellow of Privacy Technology
OneTrust Cookie Consent Expert
OneTrust Expert-Privacy Rights Automation
OneTrust Consent and Preference Management Expert
OneTrust Data Mapping Automation Expert
OneTrust ESG Professional Certification
OneTrust Incidence Management Expert Certification
OneTrust PIA&DPIA Automation Expert
OneTrust Certified Privacy Professional
OneTrust Third-Party Risk Management Expert
OneTrust GRC Professional
Certified In Risk and Information Systems Control (CRISC)
CompTIA Security+
CompTIA Advanced Security Practitioner (CASP+)
Certified Ethical Hacker (CEH)
Certified Information Systems Auditor (CISA)
Certified Scrum Master.
Education:
Kwame Nkrumah University of Science and Technology.
BA Geography and Rural Development (2008)
Houston Community College
AAS Petroleum Engineering Technology
Contact this candidate