Information Security United States
Resume:
Elisson Appiah
*************@*****.*** 614-***-****
United States citizen Authorized to Work in United States for any Employer. Results-driven and highly skilled information Security Risk Analyst with several years of expertise and a proven track record of developing and implementing comprehensive risk management strategies. Strong expertise in assessing and mitigating information security risks to safeguard organizations from potential threats. Adept at leading cross-functional teams, implementing industry best practices, and ensuring compliance with regulatory standards. As an Information Security Analyst professional, my role involves working collaboratively with stakeholders across the business on various activities related to quality, environment, governance, risk, data security, privacy, and compliance, with the aim of enabling organizations and their subsidiaries to comply with GDPR, SOC, NIST, ISO, HITRUST, CSF, PCI DSS, and other industry standard frameworks. Knowledge of the process to obtain a system ATO and requirements to maintain the ATO. Experienced in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, as well as risk assessment.
SOFT SKILLS
Strict adherence to safety procedures, ability to hit the ground running, accountability, attention to detail, creative thinking/reasoning, self-management, multi-tasking, Team player, Effective operation in a fast- paced team environment, ability to meet deadlines, ability to work effectively in a cross-functional team of both technical and non-technical people.
and stress tolerance.
CORE AND TECHNICAL COMPETENCIES
GDPR
Privacy Impact Assessment
ISO 27001
3rd PVRM
COBIT
NIST SP 800 series
HITRUST/CMMC
SOX & SOC
COSO
MS Excel, VBA,
VLOOKUP/index/Mach
Microsoft Office
Service Now
Data and Privacy Assurance
Policy and Contract review
Nessus Vulnerability Scanner
Nexpose
SharePoint
Risk Mitigation, Disaster
Recovery, contingency
planning, Cloud Computing
NMAP
Windows
Splunk/Archer/OneTrust
ITGC/Application Controls
IT Audit
Assessment and
Authorization
Federal security policies,
standards, and guidelines
including NIST 800 SPs such
as 800-37, 800-53/53A rev 4,
FIPS 199/200, FISMA, PCI
DSS, HIPAA, & FedRAMP.
Knowledge of public cloud
security [GCP, AZURE,
AWS]
EDUCATION/ TRAINING/CERTIFICATIONS
• CCI Training Center – Computer and Network Administration, Arlington TX.
• Certified Information Systems Auditor (CISA) .
• Certified Scrum Master (CSM).
• CompTIA Sec+
• National Technical Engineering College – (Bachelor of Science in Information Technology), Accra Ghana.
PROFESSIONAL EXPERIENCE
DELOITTE CONSULTING DALLAS, TX
Information Security & Compliance Analyst June 2020- Present
• Support the development, documentation and maintenance of policies, procedures, and standards across the organization, ranging from Information Security and Data Protection to Quality Management and Environmental Management.
• Collaborated with cross functional teams to establish clear commination channels and protocols to activating BCP when needed.
• Developed and implemental comprehensive business continuity plan (BCP) to ensure uninterrupted operation during emergencies or disruptions.
• Ensures all vendor relationships are documented in the vendor risk management system (VRM) and all contracts related to vendors that provided outsourced services are uploaded in the system.
• Perform assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.
• Supports preparation for Cybersecurity Maturity Model Certification (CMMC) assessments by evaluating information technology environments against CMMC, NIST 800-171 and NIST 800-53 standards, and other associated regulations.
• Develops, manages, and coordinates security risk assessments for third-party vendors, internally developed managed applications, and systems to ensure Confidentiality, Integrity, and Availability (CIA triad).
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments.
• Conducted regular risk assessment to identify potential vulnerabilities and improve the effectiveness of the BCP.
• Perform IT and security risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business.
• Support the continuation of SOC 2, ISO 27001, and HITRUST certifications.
• Support the development and maintenance of the Global Information Security Management System (ISMS) Management Committee, including governance related responsibilities.
• Provide guidance and support on NIST Risk Management Framework (RMF) and Cybersecurity Framework (CSF) to help ensure compliance with Federal information Security Management Act (FISMA). Facilitate and manage security and compliance related assessments conducted by third parties.
• Assist with the development of Governance, Risk, and Compliance (GRC) related newsletters and training.
• Identify and report on gaps related to security and compliance and other tasks to support the group’s underlying data and information security processes, infrastructure and ensuring measures are fit for purpose and scaled to deliver an appropriate level of protection.
• Works with various operational and business teams to drive toward a cohesive view of security risk and drive remediation items to closure.
• Maintain a close relationship with the providers of any outsourced contracts for services such as annual audits or other 3rd party contracts.
• Provide security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis – analyzing current threats to information security and systems.
• Participates in the System Assessment and Authorization process by working with the key stakeholders to ensure complete and accurate ATO packages.
• Using MS Excel MS to Organize company Data and Budget reports into derailed pivot tables.
• Advancing in MS Excel including Pivot Tables, VLOOKUP, INDEX/MATCH, and Data Tables. SMS INFOCOMM COPERATION GRAPEVINE, TX
Governance, Risk & Compliance Analyst April 2017- May 2020
• Work in coordination with the senior compliance manager to deliver concurrent compliance, security, processes, auditing, and PCI.
• Ensures all vendor relationships are documented in the vendor risk management system (VRM) and all)
• contracts related to vendors that provided outsourced services are uploaded in the system.
• Participate in all audit activities relating to SSAE-18 SOC 1 & 2 and SOX 404 IT audits ensuring work and deliverables in accordance with agreed upon timeframes and departmental procedures, standards, and protocols.
• Partners cross-functionally, inter-departmentally and with the internal and external auditors.
• Partakes in reviewing regulatory reports, SOC reports, certificates of insurance, and other reports associated with vendors included in the vendor program and escalate issues to the appropriate individuals.
• Monitor information system activities for suspicious events such as logins, administrative rights usage, abandoned sessions, or their vulnerabilities.
• Documents audit findings and developed thorough and creative recommendations for business and process owners to mitigate identified risks.
• Conduct IT audit fieldwork and walk through of controls; perform detailed testing, analysis of controls, validations, and creation of clear, accurate documentation of workflows in IT process and report of test results and exceptions.
• Provides professional security engineering and compliance efforts according to, PCI-DSS, Sarbanes Oxley 404, GLBA, regulations to develop security infrastructure monitoring and incident management scorecard reporting systems for executive management review.
• Performed application controls testing related to data protection, logical access, programming, problem management, contingency planning and back-up, data transmission, input, and output and processing controls.
• Experience in vendor risk management, issues and analyzing responses o third party assessment questionnaires and SOC reports.
• Developed MS Excel that redefined how company reconciled balance sheets for recording financial information.
• Implement and maintain databases for key departments. CARDINAL HEALTH DUBLIN, OH
Information Assurance Analyst April 2013-May 2017
• Worked with systems or applications teams to understand compliance requirements, with an emphasis on PCI compliance.
• Assessed IT Risk Controls for Hospital Med Device Cybersecurity Controls across IAM, logical access, password vaulting, network security, logging and monitoring, vulnerability management, change management, etc.)
• Worked with key stakeholders, leadership, business units, and other internal and external constituents to evaluate and manage information security assessments.
• Worked with IT compliance management to ensure appropriately designed controls are implemented for all in-scope entities and divisions and perform testing to validate their operating effectiveness throughout the fiscal year.
• Tracked compliance processes such as remediation plans, exception/variance handling, audit requests, and recurring audit reviews to ensure timely completion.
• Generated reports, presentations, documents, and other collateral to present assessment updates to senior leadership.
• Conducted full IT Controls Risk Assessments on each of 20+ custom Med Device cybersecurity IT Controls twice; First by testing Controls Design (does it make sense) prior to implementation and, second testing Controls Execution (is control actually working) once the controls are implemented.
• Worked with key stakeholders, leadership, business units, and other internal and external constituents to evaluate and manage information security assessments.
• Participate in annual evaluations to validate disaster recovery and business continuity plans across the organization.
• Performed IT control assessments of any new entities, divisions and processes deemed material to the financial reporting process or in the scope of the external audit.
Contact this candidate