Security Analyst Information

Rexford De-Sosoo

*********@*****.*** 508-***-**** Bronx, NY https://www.linkedin.com/in/rexford-de-sosoo-a5B94938/ Summary

Seasoned Cyber Information Security Analyst with 13 years of experience in risk management, policy development, and strategic cybersecurity implementation. Expert in conducting risk assessments, aligning security with business requirements, and managing vendor relations to safeguard information assets. Seeking to leverage comprehensive background in cybersecurity governance and regulatory compliance in a dynamic Cyber Information Security Analyst role.

Work Experience

Intec Logic Global, LLC

Information Security Consultant (Training & Awareness Manager) Houston Jul 2023 - Sep 2024

• Risk Assessment and Management: Conducted comprehensive risk assessments of information systems to ensure compliance with applicablelaws, rules, regulations, and industry standards and to identify potential threats and vulnerabilities, evaluating their impact besides determining appropriate remediation actions to mitigate identified risks.

• Policy Development and Implementation: Created and implemented cybersecurity policies, procedures, and controls to ensure compliance with industry standards and regulatory requirements.

• Security Audits and Compliance: Performed regular security audits to ensure adherence to internal policies and external regulations, such as ISO 27001, GDPR, and HIPAA.

• Incident Response and Management: Led the investigation and response to security incidents, including data breaches, and unauthorized access attempts.

• Technical Advisory: Provided expert advice on the implementation of security technologies and solutions, including firewalls, intrusion detection systems, and encryption.

• Vendor Management: Evaluated and managed relationships with third-party vendors to ensure they meet the organization's security requirements.

• Security Awareness Training: Developed and executed a comprehensive Cybersecurity Education, Awareness, and Training Program to enhance employees’ understanding of their roles in governance and compliance. Thus, fostering a culture of security awareness.

• Clients Supported

• University of Texas Health (UTHealth Houston)

• National Information Technology Agency (NITA),

Societe General Bank Inc.

Security GRC Analyst (Consultant) New Jersey Jun 2022 - Jun 2023

• Conducted comprehensive cybersecurity assessments in accordance with the New York Department of Financial Services (NYDFS) 500 regulations to ensure compliance and enhance the organization's security posture.

• Developed and implemented cybersecurity policies, procedures, and controls to align with NYDFS 500 requirements and industry best practices.

• Conducted comprehensive cybersecurity assessments using the FFIEC Cybersecurity Assessment Tool (CAT) to evaluate the organization's cybersecurity maturity and risk profile.

• Identified and documented cybersecurity risks, vulnerabilities, and gaps, and provided recommendations for remediation and improvement.

• Developed and implemented cybersecurity policies, procedures, and controls to align with FFIEC guidelines and industry best practices.

• Collaborated with the Chief Information Security Officer and senior management to develop and refine cybersecurity programs and policies, ensuring alignment with regulatory standards.

• Assisted in the implementation of cybersecurity measures and the annual certification process, achieving positive feedback from regulatory bodies and external auditors on the effectiveness of security practices.

• Collaborated with cross-functional teams to ensure the integration of cybersecurity measures into business processes and IT systems.

• Prepared detailed reports and presentations for senior management, highlighting assessment findings, risk levels, and remediation progress.

• Successfully led DCS department through multiple assessments, (NYDFS 500, FFIEC CAT & SWIFT) achieving significant improvements in cybersecurity compliance and maturity levels. One Brooklyn Health, Inc.

Cyber Security Risk Analyst Brooklyn New York Jan 2021 - May 2022

• Risk Management and Oversight: Provided independent oversight and monitoring of the organization's cybersecurity risk management practices, ensuring alignment with regulatory requirements and industry standards.

• Policy Development and Implementation: Developed and implemented cybersecurity policies, procedures, and controls to enhance the organization's security posture and ensure compliance with relevant regulations.

• Risk Assessments: Conducted comprehensive risk assessments to identify potential threats and vulnerabilities and provided recommendations for mitigation and improvement.

• Incident Response and Management: Collaborated with the first line of defense to respond to and manage security incidents, ensuring timely and effective resolution.

• Compliance Monitoring: Monitored compliance with internal policies and external regulations, and conducted regular audits to ensure adherence to cybersecurity standards.

• Training and Awareness: Developed and delivered cybersecurity training and awareness programs to educate employees on best practices and compliance requirements.

• Reporting and Communication: Prepared detailed reports and presentations for senior management, highlighting risk levels, assessment findings, and remediation progress.

• Led procurement process for cybersecurity vendors, aligning selections with organizational objectives and compliance standards.

• Performed vendor risk analysis and managed performance, incorporating value assessments to bolster strategic organizational planning.

• Successfully enhanced the organization's cybersecurity posture by implementing robust policies and controls, resulting in a major reduction in security incidents.

NYU Langone Medical Center

Information Security Risk Analyst New York Oct 2019 - Dec 2020

• Risk Management: Conducted comprehensive risk assessments to identify, evaluate, and mitigate cybersecurity risks.

• Compliance: Ensured compliance with relevant regulations, standards, and frameworks such as ISO 27001, NIST, GDPR, and HIPAA. Conducted regular audits and assessments to verify compliance.

• Policy Development: Created and updated cybersecurity policies and procedures to reflect changes in regulatory requirements and industry best practices.

• Incident Response: Collaborated with incident response teams to manage and resolve security incidents, ensuring timely and effective remediation.

• Collaborated with legal teams to integrate cybersecurity measures into privacy initiatives, ensuring compliance with relevant laws and regulations.

• Managed third-party compliance documentation and conducted security audits to uphold industry standard adherence.

• lead collaborative team meetings to align stakeholders, project leaders, and IT teams on cybersecurity best practices and project objectives.

Caring People Healthcare

Information Security Analyst (HIPAA) Bronx, New York Jun 2017 - Sep 2019

• Conducted regular audits and assessments to ensure compliance with HIPAA regulations and safeguard Protected Health Information (PHI).

• Developed and implemented security policies, procedures, and controls to protect sensitive data and maintain confidentiality, integrity, and availability.

• Monitored and analyzed security incidents, vulnerabilities, and threats, and provided timely responses to mitigate risks.

• Collaborated with cross-functional teams to design and implement security solutions and ensure compliance with industry standards and best practices.

United Nations Mission-DR. Congo

Information Security Analyst/Project Coordinator (Full Time) DR. Congo Jan 2010 - Apr 2017

• Risk Management: Maintained the Information Security and Risk Management framework, conducting risk analysis and implementing risk mitigation strategies.

• Project Coordination: Managed IT project logistics, including scheduling, resource allocation, and budget adherence, ensuring delivery of high-quality outcomes.

• Policy Development: Developed and executed cybersecurity strategies to improve organizational risk management and compliance with policies.

• Stakeholder Communication: Facilitated communication between senior management and vendors to address and comply with cybersecurity measures and regulatory standards.

• Audit and Compliance: Collaborated with auditors to conduct comprehensive audits and integrate security measures into Project Management Office processes.

• Team Collaboration: Partnered with PMO, IT, and Engineering teams to establish security protocols, manage project challenges, and ensure policy adherence.

• Led multiple IT projects to successful completion, ensuring alignment with organizational goals and compliance standards.

• Developed and maintained strong relationships with key stakeholders, ensuring effective communication and collaboration throughout project lifecycles.

Education

University of Roehampton -UK

Master of Science Project Management (MSc), Project management UK, London Takoradi Technical University -Ghana

Bachelor of Science Civil Engineering (BSc), Civil Engineering Ghana, Takoradi INFORTEC Logic Academy - USA

Cyber and IT Security Training/Certification, Cyber and IT Security US, New York Certifications

Certified in Risk and Information Systems Control (CRISC) ISACA 2024 Certified Information Security Manager (CISM) ISACA 2022 Certified Information System Auditor (CISA) ISACA 2022 Skills

Compliance Strategies, Policy Management, Access Controls, Incident Response, Threat Analysis, GDPR, Swift CSF, Vulnerability Assessment, Intrusion Detection, Risk Analysis, Strong Analytical Skills, Project Management, GRC, FFIEC CAT, HIPAA, NIST, NYCDFS 500, ISO, PCI DSS, TPRM, RMF, FISMA, Hands-on experience with GRC platforms (e.g., ServiceNow, OneTrust, ).

Contact this candidate