Information Security It
Resume:
SERAPHIN KONAN-CRISC, CISM,ISO *****LA
Irving, TX +1-617-***-**** *******@*****.*** LinkedIn.com/in/shkonan Seasoned security SNDI. cybersecurity, Seeking awareness. cybersecurity role compliance as Led Director expert technology and of enterprise with Information risk 12 years advisory risk plus Security management. at of Goldman experience, and compliance Sachs; specializing developed to leverage in GRC, information extensive IT risk assessments, security background strategies and in at EXPERIENCE
Intralinks – USA Mar 2023 - Present
GRC Consultant
Information Security & Compliance Consultant, specialized in IT Governance, Risk, Control and IT Security. Part of the IT GRC team supporting the client across the world:
Ensure development of IT GRC and System Security Plan and adherence in procedural documents & Operations.
Participate in all security compliance audits performed by internal and external teams.
Develop & Plan internal audit calendar aligned to client’s internal as well as external audit schedule.
Facilitate in-time evidence provisioning to client audit, risk & compliance teams at time of external audits.
Hands-on experience in IT Security implementation & audit (such as ISO 27001)
Knowledgeable about NIST, CIS guidelines, various other IT Security regulations & baseline controls
Experience in architecture consulting, control establishment & optimization along with auditing security domains such as IAM, Data Encryption, application security, Vulnerability Management & Reporting, Asset Management.
Supported the Global Security projects for ISO 27001, SOC 2, SOX, Data Privacy and PCI DSS compliance.
Experienced in implementing GRC tools such as TrustArc, Archer, ISoExpress, ServiceNow.
Provided input to data governance enterprise assessments as needed including Legal, Regulatory Compliance, and Procurement in partnership with relevant stakeholders. Goldman Sachs – USA Sept 2021- January 2023
Vice President Technology Risk Advisory Lead AMD Engineering Technology Risk Advisory delivers best in class advisory support and technology solutions across the Information Security risk domains, including scalable uplifts of common core security solutions for use across Goldman Sachs.
§ As a member of Asset and Weath Management TechRisk Team, I was responsible for setting the strategy for identifying, analyzing, monitoring, reporting, and minimizing information technology risks within their assigned portfolio
§ Responsible for defining, documenting and communicating standardized and proactive processes for technology risk identification, treatment, monitoring and reporting. Supported the assigned line of business in gathering information and preparing for all tech risk related reporting and meetings.
§ Collaborated with the assigned Application managers to ensure tracking and timely remediation of risks is occurring
§ Supported the Risk and Control Self-Assessment (RCSA) for the assigned portfolio
§ Coordinated the issue and exception/acceptance processes, including self-reported issues
§ Provided consultative guidance on the prioritization of remediation efforts and supports new initiatives by implementing a “baked-in” automated control measurement and monitoring.
§ As a Risk Advisor, I oversaw a technical team that was responsible for assessing and managing the portfolio of risks for divisionally aligned products. My team was responsible for all assessments, including, Design / Architecture Reviews, Manual Code Reviews, Penetration Testing, and Continuous Monitoring / Scanning.
§ Built coalitions across teams / product owners, educate counterparts on secure development practices and work collaboratively to drive down risk.
§ Experienced in application vulnerability assessment and penetration testing of web, thick-client, or mobile applications.
§ Managed a technical team or project, and liaising with product owners to manage risk portfolios. Société Nationale de Développement Informatique (SNDI) – Cote d’Ivoire (the Ivory Coast) Nov 2014 – Sept 2021 Chief Information Security Officer Manager, Department of Innovation & Cybersecurity Cybersecurity Advisor Member of National Cybersecurity Strategy Committee Lead IT risk management, technology planning, and security project portfolio. Monitor emerging external security threats and advise stakeholders on mitigation. Ensure regulatory/standards compliance.
§ Built organization’s cybersecurity program, saving $2M and enabling 28% revenue growth. Led to the win of new domestic and international business, including $600K contract with USAID and $3M deal with Benin government through a European Union Commission Grant.
§ Positioned SNDI as the chief government authority on cybersecurity among international partners. Built information security e-governance program, including steering committee/advisory board. Developed partnerships with prominent institutions.
- Garnered invitations to present at U.S. Embassy workshops at Marshall Center in Germany and annual e- Governance Conference in Estonia. Requested to advise Minister of Foreign Affairs in Estonia on MOU between Ivory Coast (SNDI) and e-Governance Academy.
§ Strengthened organizational security posture by proposing and initiating project to build a data center with cutting-edge capabilities in security monitoring, threat detection, and mitigation. Teamed with partner to produce proof of concept for network and distant recovery center and plan build of Security Operations Center (SOC).
§ Developed a pool of cybersecurity experts within the government by building and launching a cybersecurity training program for IT Directors of all ministries.
Quadrant Information Security– New York, NY 2013 – 2014 ISO 27001 Consultant at New York based Global Cloud Service Provider Intralinks
Assessed the security gap and implementation of ISO 27001 certification requirements.
Implemented security and privacy assessments in TrustArc.
Assessed vendors against security requirements and execute periodic vendor security reviews
Developped policies, procedures, documentation, and training materials related to data governance.
Acted as Enterprise Risk liaison to multiple business units; provided advice and guidance to risk owners, business data owners and subject matter experts through the lifecycle of risk assessments.
Analyzed results of risk assessments of data management practices, engaged in effective challenges, and recommended/pursued follow-ups.
DRS Technologies, Inc. – Washington, DC 2012 – 2013 Now called Leonardo DRS, the company is a leading, mid-tier defense technology provider. IT Security Analyst
Reporting directly to CISO, led a team of project consultants. Planned security architecture. Assessed and audited systems security.
§ Maximized enterprise security by designing and implementing company’s security architecture.
§ Ensured alignment of security control policies and procedures with regulatory requirements and industry standards by applying FISMA, NIST, and federal guidelines.
ADDITIONAL EXPERIENCE
Adjunct Faculty, Network Security, New Jersey Institute of Technology – Newark, NJ 2013 – 2014 Information Security Officer (Consultant), Star Management, Inc. – New York, NY 2009 – 2010 Manager IT, Network Security, KPMG LLP – Montvale, NJ 2007 – 2009 Senior Security Consultant, Fortune 500 Clients, Symantec – Cuppertino, CA. 2003 – 2007 EDUCATION & CERTIFICATIONS
Authentication and Authorization with AWS IAM
Certified Information Security Manager (CISM)
Certified in Risk and Information Systems Control (CRISC) Certified Data Privacy Solutions Engineer (CDPSE)
Cisco Certified Network Associate (CCNA)
QUALYS Certified Specialist
Certified ISO 27001 Lead Implementer
Certified ISO 27001 Lead Auditor
AccessData Certified Examiner (ACE)
Professional Development: Immersive Hands-on MultiCloud Specialization Program (AWS. Google Cloud, Microsoft Azure,Oracle Cloud Infrastructure, DevSecOps), Nucamp’s Python,SQL, DevOPS training, E-Council Certified Chief Information Security Officer (CCISO) Senior Leader Communications Symposium (U.S. AFRICA Command, Africa Endeavor) Defense Industrial Base Cyber Security & Information Assurance Workshop (DoD) ACCOMPLISHMENTS
1. Business and Engineering Security Guidances – Goldman Sachs 2. Ivory Coast National cyber Security Strategy 2015-2020 – SNDI 3. ENCORE AWARD for Network Security migration – KPMG LLP 4. ISO 27001:2013 Certification – Intralinks Inc
SKILLS
Enterprise Planning • Leadership Compliance Vulnerability • Risk Information • Management Vendor Management Management Security • Communication • • EU ISO/Management GDPR • IEC Contract 27001 • CCCPA Skills Negotiation Frameworks • Nist • • SOC-Security 800 2 • • • PCI-Cloud regulatory • Awareness IT DSS Risk Computing • Management HIPAA compliance Training • • Data Cloud • • Privacy Business Security Security ISO/Controls Technology • Incident IEC 27701 • Response • Team AFFILIATIONS
Advisory Board for Cybersecurity Program, Ithaca College ISACA, Dallas Chapter Marshall Center Alumni (partnership between U.S., Germany, and NATO for cybersecurity and counterterrorism) Doctorate-Level Program Studies, Cyber Security
Capitol College – Laurel, MD
Program on Cyber Security Studies (PCSS)
George C. Marshall European Center for Security Studies Master of Science, Telecommunication/ Security,
Boston University
Bachelor of Science, Computer Systems Engineering
University of Massachusetts, Amherst
Doctorate-Level Program Studies, Cyber Security
Capitol College – Laurel, MD
Program on Cyber Security Studies (PCSS)
George C. Marshall European Center for Security Studies Master of Science, Telecommunication/ Security
Boston University
Bachelor of Science, Computer Systems Engineering
University of Massachusetts, Amherst
Contact this candidate