Third-Party Information Security

PETER KOFI ASAMOAH

Bronx, NY

347-***-****

*********@*****.***

PROFESSIONAL OVERVIEW

Dynamic Cybersecurity Professional. Utilizes my skill sets and qualities to achieve excellence in a chosen technical domain. Endeavor to show improved results for the prospective employer and meets new challenges through dedicated perseverance. Hands-on experience with ITGC, ITAC, PCI DSS, SOC 2 control Testing, and Third-Party risk Reviews. Thorough Knowledge of NIST 800 series, NIST CSF, and PCI DSS Frameworks. Proficiency in Excel and other Microsoft office applications. SKILLS

• Excellent problem-solving and writing skills.

• Ability to manage multiple Projects with strict deadlines.

• Efficient and organized, with a focus on results and solutions.

• Ability to work and adapt to a fast-paced, highly engaged, team environment.

• Working independently and as part of a team with high standards of ethics and integrity. PROFESSIONAL EXPERIENCE

22nd Century Technologies, Inc., New Jersey

Information Security & Compliance Analyst 10/2022 – Present.

• Conducted third-party risk management tasks, which include evaluating supplier security, reviewing contract terms, and monitoring suppliers' adherence to security commitments.

• Reviewed and revises security policies, standards, and procedures and collaborates with management to obtain approval.

• Assisted sourcing managers in executing and verifying vendor risk assessments.

• Validated provided documentation, such as SOC 2 reports, vulnerability scan reports, independent pen-test reports, ISO 27001, and PCI-DSS certification.

• Followed up with control owners to track remediation efforts in developing new business processes or implementing security tools.

• Collected evidence from stakeholders for internal and external audit initiatives.

• Performed Compliance Assessments to verify the effectiveness of new controls and business processes.

• Conducted quarterly and semi-annual user access reviews.

• Analyzed ongoing monitoring and periodic risk reassessment alerts and recommends necessary subsequent actions and escalations.

• Conducted network compliance and vulnerability scans and proposes remediation/vulnerability management.

Kairos Vision Consult LLC New York

SOC Security Analyst 01/2018 – 10/2022

• Conduct proactive monitoring, investigation, and mitigation of security incidents.

• Analyze security event data from the network (IDS, SIEM).

• Perform static malware analysis on isolated virtual servers.

• Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.

• Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.

• Research new and evolving threats and vulnerabilities with potential to impact the monitored environment.

• Conduct log analysis using Splunk.

• Identify suspicious/malicious activities codes.

• Monitoring and analysis of security events to determine intrusion and malicious events.

• Search firewall, email, web or DNS logs to identify and mitigate intrusion attempts.

• Investigate malicious phishing emails, domains and Ips using Open-Source tools and recommend proper blocking based on analysis.

Suncomm Technologies Int Accra, Ghana

System Security Engineer 10/2012 – 12/2017

• Led network security projects and made recommendations on technology changes that supported business needs.

• Conducted risk assessments on all business assets, including computer systems and physical locations to identify potential security risks.

• Analyzed system logs, network traffic, and other digital evidence to detect unauthorized access attempts or malicious activity.

• Conducted penetration testing of the company’s network infrastructure to uncover vulnerabilities in system configurations.

• Implemented security controls to mitigate risks and vulnerabilities.

• Documented findings and created reports with recommendations for remediation. Education and Certifications

• University of Maryland Global Campus Adelphi, MD May 2023 Master’s in Cyber Security Technology

• Methodist University College Accra Ghana August 2009 Bachelor of Science in Computer Information Technology

• Certified Information System Auditor (CISA)

• CompTIA (Security +) CE

• CompTIA (Network +) CE

PROFESSIONAL REFERENCE

Reference: Upon Request

Contact this candidate