ELIZABETH MBENOH
Information Security Risk Analyst
Email: ada7w9@r.postjobfree.com
Lanham, MD 20706. Tell: 661-***-****.
OBJECTIVES
I am an efficient, confident and hardworking individual, skilled and meticulous with the ability to work with a team or independently with little or no supervision. I am dynamic, attention to detail and possess the ability to adapt quickly to changing environments and interact well at all levels. Excellent skills and experience in reviewing and implementing internal control procedures to ensure efficiency and mitigate risks gained over a 3 years period of professional record. I am looking to use my skills and expertise to help achieve Enterprise-wide information risk goals and objectives of Confidentiality, Integrity and Availability (CIA). I am legally permitted to work anywhere in the United States with no restrictions.
SPECIAL SKILLS AND TRAINING
Microsoft Suit
Analytical skills
Documentation
Multi-tasking work independently and with team
Good communication skills
STIG Viewer, Nessus (Tenable), Nmap.
Vendor Risk/ Third Party Security Risk Management
ISO 27001/ PCI DSS / HIPAA/ NIST/ FISMA/ FIPS
Plan of Action and Milestones (POA&M)
PROFESSIONAL EXPERIENCE
Third Party Risk Analyst
Washington Tech Solutions (W.T.S) 9/2018 – Present
Greenbelt, MD
Coordinate with stakeholders to initiate scope and plan controls assessments of new and existing vendor engagements.
Responsible for analyzing all new vendor contracts and pointing out areas of improvement to management.
Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls.
Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
Validate evidence from vendors before remediation plans are closed.
Responsible for managing and reviewing the employee entitlement access to internal systems of the company.
Support the VRM Program to effectively manage vendor risk in accordance with internal policy and regulatory requirements, ensuring strong oversight of all vendor risks and provide visibility of existing and emerging risks.
Plan and execute onsite security/ risk assessments for third party vendors.
Act as remediation analyst to work with vendors in remediating findings discovered during the onsite/virtual assessment.
Vendor Risk Manager
MBA. Tech 07/2017 - 08/2018
Washington DC
Responsible for conducting vendor risk assessments, with a focus on Information Security and Privacy.
Reviewed vendor compliance from a BCP/DR and Data Security perspective.
Worked with the appropriate business users and technology owners to ensure that for any identified risks that require mitigating actions are plans, developed and executed.
Reviewed services provided by vendor and define scope of assessment based on the Standard Information Gathering (SIG) questionnaire.
Identified the top human risks to the organization and the behaviors that need to change to mitigate those risks.
Assessed operational fitness of assigned third parties through due diligence reviews.
Articulate writing skills to support development content and communicating information security principles at all levels from executives to non-technical employees.
Reviewed and analyzed SOC 2 Type II reports of third parties/vendors and other evidences provided during a risk assessment.
Data Entry Clerk
Global Health Care 12/2016 – 07/2017
Washington DC
Handle the tasks of medical coding and medical billing.
Perform responsibilities of accounting and entering financial data of insurance and clients on MS Excel.
Responsible for providing administrative support by handling patients, Insurance queries and concerns.
Compiled statistical information for special reports.
Created monthly reports for record and closed terminated records. Verified and logged in deadlines for responding to daily inquiries.
Verified that information in the computer system was up to date and accurate.
Responsible for preparing and entering patient medical report in the system.
EDUCATION/CERTIFICATIONS
Bachelor Degree in Computer Science - University of Buea – Cameroon. 12/2014
CompTIA Security+ Certified
Certified Ethical Hacker (CEH) in progress
Certified Information Systems Security Professional (CISSP) in progress