RICHELLE AFRIYIE
Address: Silver Spring, MD
Tel: 240-***-****
***************@*****.***
OBJECTIVE
Detail-oriented and results-driven IT Compliance and Risk Analyst with strong problem solving skills seeking to obtain a position as an IT security analyst with a growing information security team which focuses on IT security and Risk, risk assessment. system security monitoring and auditing, audit engagements and testing IT security controls.
CONTROLS & FRAMEWORKS
Risk assessment, COSO/COBIT, Confidentiality, Integrity, Availability, Security Maintenance, Contingency Planning; Policies and Procedures, Compliance Testing, COSO/COBIT, Application control, Security maintenance, PCI DSS, FISCAM, FEDRAMP, ISO 27001:2013, ISO 27002:2013, SOC 2(Type II), SIG Questionnaire, NIST RMF (FISMA), NIST SP 800-53, 800 53A, 800-60, 800-18, 800-37, 800-30, 800-137, FIPS.
SOFTWARE/PLATFORM/ARTIFACT
Windows, MS Suite, Excel, Power-Point, PTA, PIA, SAR, POA&M, FIPS 199, SORN, RSA Archer, ServiceNow, Visio, Tableau, OneTrust, Security scorecard.
SUMMARY OF QUALIFICATIONS
Review, audit, and assess efficacy of management, operational, technical and security controls against risk management objectives.
Provide recommendations based on risk assessment for implementing programs, processes, and tools to address risks.
Control Auditing and Evidence collection.
Experience developing, reviewing, and updating Information Security Policies, Procedures and guidelines, Controls, Audit Documentation, and Risks.
Experience with continuous monitoring and POA&M management.
Adequate knowledge of NIST, ISO 27001, ISO 27002, SOC Report, SOC-2, PCI-DSS, COSO, COBIT, HIPAA, and HITRUST frameworks and guidelines.
Conduct vendor due diligence reviews for new relationships as well as on an annual basis.
Incidence response handling.
Implementing privacy and security controls.
Data privacy and protection.
Experience with third-party vendor management.
Enthusiastic and driven to learn and further career in Information Security; Interest in helping to develop, shape, and grow the security program across multiple lines of business.
Comfortable executing in a fast-paced and dynamic environment.
Can easily adopt to new environments
Have excellent analytical skills and presentation skills
Have excellent written and verbal communication skills
An extremely fast learner
Have excellent inter-personal skills
Can work independently and with a group
Great interest in learning and growing my career.
Strong leadership skills
PROFESSIONAL EXPERIENCE
IT SECURITY ANALYST SMARTHINK LLC BERWYN HEIGHTS, MARYLAND.
JUNE, 2020 - PRESENT
Conducting kick-off meetings in order to categorize systems based on NIST SP 800-60
Selecting security controls based on categorization.
Creating and updating the following Security Assessment and Authorization (SA&A) artifacts: Risk Assessment (RAs), Threshold analysis (PTA), E-authentication, Contingency Plan, Plan of Action and Milestones, Privacy Impact Analysis (PIA).
Conducting security control testing and assessments of the management, operational, and technical security controls to determine the overall effectiveness of security controls.
Conducting system security control testing and determining security compliance with requirements.
Responsible for data privacy and protection.
THIRD PARTY VENDOR MANAGEMENT
Gathering the right information and analyzing materials received from third-parties to determine the level of risk.
Documenting and communicating findings from third-party vendors.
Assess third-party security controls and identify gaps.
Reviewing SOC 2 reports
Developing mitigation strategies and managing them.
IT SECURITY COMPLIANCE ANALYST, AT&T- CONTRACTOR
SEPTEMBER, 2018 - MARCH, 2020
Analyzed and updated System Security Plan (SSP), Contingency Plan, Privacy Impact Analysis (PIA), System Security Test and Evaluation (ST&E), Risk Assessment (RA), E-Authentication, Threshold Analysis (PTA) and the Plan of Action and Milestone (POA&M).
Prepared Security Assessment and Authorization (SA&A) packages to ensure that management, operational and technical security controls adhere to NIST SP 800-53.
Categorized system’s C.I.A. using FIPS 199 and NIST SP 800-60 and documenting categorization processes.
Conducted self-annual assessment (NIST SP 800-53A)
Conducted I.T control risk assessment that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard (PCIDSS).
Performed vulnerability assessments by making sure that risks are assessed, evaluated and a proper action have been taken to minimize their impact on information and information systems.
Provided data privacy and protection.
Develop risk assessment reports. These reports identified threats and vulnerability applicable to the system.
SOX 404 COMPLIANCE TESTING ANALYST
Performed IT risk assessment and documented the system security key controls.
Ensured key controls were clearly identified, implemented and validated as necessary to ensure compliance.
Met with the IT team to gather evidence, develop test plans, test results and develop remediation plan for each area of the testing.
Wrote audit reports for distribution to management and senior management documenting the results of the audit.
Participated in the SOX testing of the General Computer Controls.
Evaluated clients key IT processes such as change management and system development.
JUNIOR IT SECURITY ANALYST, DSAM AIRDUCT FABRICATION LIMITED- JULY 2017 – JUNE 2018
ACCRA, GHANA
Advised management and workers on all IT needs and matters particularly security.
Conducted risk analysis and assessment.
Conducted vulnerability checks and mitigations on desktop computers and other devises.
Suggested additional responsibilities, training, and educational resources for improving employee performance and achieving promotion in compliance to company policies.
Communicating the need to keep login details private to avoid unauthorized access to information.
Creating awareness on fraudulent phone calls that might be received in store.
Managed projects and wrote reports.
PEOPLE COMPLIANCE OFFICER, MILLHOUSE VENTURES, ACCRA GHANA (INTERNSHIP) – MAY 2014 – SEPTEMBER 2014.
Reviewed employee’s data with the HR team and made appropriate changes to ensure the availability and integrity of employee data.
Organized compliance training for management and new employees to ensure we comply with legal laws to meet all auditing and compliance standards.
Maintained active communication to enhance risk and control awareness.
Provided great customer service to clients.
Wrote reports.
EDUCATION
MAY, 2017
BA GEOGRAPHY AND RURAL DEVELOPMENT, KNUST-GHANA
KEY SKILLS
Risk Monitoring and Regulatory Compliance
Risk Management
Authentication and Access Control
Vulnerability assessment
Network and System Security
Data privacy and protection
CERTIFICATIONS
Actively working to become a Certified Authorization Professional (CAP) and CISM.