Information Security Analyst

Esther Okyere McKinney, TX *****

**************@*****.***

973-***-****

Objective

Information security analyst professional seeking a position in an organization with focus on risk assessment, system security monitoring and auditing.

Key Skills

Security Assessment and Authorization – Perform, review and update risk assessment (RA) using NIST SP 800-30, NIST 800-37 and NIST 800-53 rev4 guidelines.

Vendor Risk/Third Party Risk Management, HIPAA, ISO 27001/27002.

Incidence Response Experience – identifying, investigating and responding to complex attacks.

Security planning.

Creating POA&M and ST&E to take corrective actions and evaluations.

Exceptional written and verbal communication, problem resolution, interpersonal, organizational and time management skills

Work independently or share workloads and deal with sudden shifts in project priorities.

Work Experience

03/17-02/20 Conduent (LTSS)

Position: IT Security Analyst

Provide security expertise and guidance in support of security assessments.

Perform security assessment on new and existing vendors before contracts are signed.

Develop new and improve upon existing information security risk assessment methodologies.

Perform security assessments on applications before they are used by business units.

Provide recommendations associated with findings on how customers/ vendors can improve their security posture in accordance with Conduent policies and regulatory frameworks - NIST/ISO/HIPAA/PCI DSS requirements.

Provide corrective action plan to remediate risk on the production systems.

Participate in annual reviews on all information security policies, standards, procedures and guidelines, recommends new policies and amendments, assures alignments with current regulatory requirements.

Supports employee security awareness program and help staff stay alert on emerging security issues.

05/15-01/17 Integra Service Connect (Amerigroup); Home based office, NJ

Position: Associate IT Security Analyst

Reviewed authorization documentation for completeness

and accuracy for compliance.

Validated information system security plans to ensure NIST control requirements are met.

Monitored security controls post authorization to ensure continuous compliance with the security requirements

Input data to ensure security projects are on track. Worked with systems and network administrators to develop implementation statement for security controls.

Reviewed SOX and GLBA internal controls and ensure compliance and ensured they are being performed as required.

09/14- 04/15 Emdeon (CHANGE): Clark, NJ

Position: Third Party Risk Analyst

Performed risk and control assessment for all high-risk third-party service providers to evaluate effectiveness of control for their applications or systems.

Supported sourcing managers and business units in conducting and validating risk by performing vendor risk assessments.

Implemented standard operating procedures. Created review plans to effectively monitor business line controls.

In charge of reviewing regulatory reports, SOC 1 and SOC 2 reports, certificates of insurance, and other reports associated with vendors included in the vendor program and escalate issues to the appropriate individuals.

Education

Bachelor of Science

Professional Trainings

Vendor Risk Management

NIST Risk Management Framework

The International Organization for standardization (ISO 27001/27002) auditing activities

Health Insurance Portability and Accountability Act (HIPAA)

Certification

Working towards CISA

Contact this candidate