Post Job Free
Sign in

Security Analyst Risk

Location:
Bowie, MD
Posted:
April 13, 2022

Contact this candidate

Resume:

Nkegoah Tasong Bless

Glenn Dale, Maryland, *****

PROFILE AND SUMMARY:

Availability to Interview: Phone/GVC: 24 hours Monday to Friday - 09:00 AM to 12.00 PM (EST) Availability to Start: 2 week

Currently Interviewing: Yes

Worked at Google previously: No

Summary: Nkegoah is a highly qualified, respected, dedicated, and result-driven Vendor Risk Analyst/Security Analyst with five years of consistent record of success in improving processes through Risk Management and enhancement initiatives in conducting vendor security and privacy control assessment. He has experience in security frameworks such as NIST, ISO 27001, HIPAA, CCPA, GDPR, and PCI DSS compliances. He is proficient in Vendor Risk Assessment and Management, Assessment, and Authorization, Vulnerability Management, Vendor Selection as well Vendor Categorization, Analyzing SOC reports, and creating risk assessment reports. He strives to maintain Confidentiality, Integrity, Availability, Privacy, and Security.

EDUCATION:

University of Buea, Cameroon 2013

Bachelor’s in computer science

CERTIFICATION:

Certified Information Systems Auditor (CISA) 2021

CompTIA Security+ 2021

CORE COMPETENCIES:

Word

PowerPoint

Excel

Outlook

OneNote

GRC Archer

Security ScoreCard,

Nessus

Due Diligent

SOC Reports

RFP/RFI

SLAs

SOW

PCI DSS

ISO 27001

HIPAA

NIST

GDPR

CCPA

OWAPS

EXPERIENCE:

MBA TECH, Arlington, TX Jan 2018 – Present

Vendor Risk Analyst

Perform vendor classification according to Data handling and Relationship as well as company policies and procedures.

Work with security and compliance team to get certified with security frameworks such as PCI-DSS, NIST, HIPPA, CCPA, and SOX

Review SOC 2 Reports, SIG Core, SIG Lite and gather evidence to complete vendor security assessment.

Forged strong relationships with vendors and business owners to ensure seamless vendor security assessment.

Conduct Risk Assessment on cloud vendors to make sure they are secure and maintaining the SOW. Training new employees on Vendor Risk Assessment best practices.

Create Vendor Risk Assessment Report and escalate issues when necessary.

Work with vendors to discuss appropriate remediation actions and deadlines for all identified gaps.

Analyze vendor’s processes to determine deficiencies within their controls that could violate applicable law, regulation, framework, or internal policies and procedures.

Perform a periodic vendor risk assessment to make sure vendor controls are properly implemented to ensure confidentiality, integrity, availability, and privacy throughout the contract.

Identify gaps and create a risk treatment plan/corrective action plan to track the gap remediation process as well as provide recommendations and work with vendors to make sure risks are being remediated in a timely manner.

I work with the legal, business, and procurement team to conduct proper due diligence in other to determine the right vendor for onboarding.

I work with the legal, financial, and procurement team in reviewing vendors’ contracts and making sure necessary security clauses are included within the contract. Speedway LLC, Enon, Ohio Feb 2016 -Jan 2018

Compliant/GRC Analyst

Assisted in the development, review, and maintenance of internal organization policies and procedures in accordance with applicable regulations such as ISO 27001, NIST 800-53 Framework Controls, HIPAA and PCI DSS.

Implement Information Technology General Control (ITGC) within our GRC Archer tool for new Applications.

Worked with control owners to complete self-test assessment within GRC Archer.

Review vulnerability scan report and work with the engineers to develop and track remediation plan Trained new employees on conducting regular day to day activities

Updated incidence response plan and developed new incident response tabletop exercise Worked with various teams to pass SOC 2 and other security certification.

Worked as a liaison between my organization and external auditors by gathering and providing the auditors with security evidence.

Developed quarterly phishing awareness test contents

Forged great working relationships with various team members in the organization

Develop high-quality supplier risk management solutions to support the achievement of business unit objectives.

Engage with Procurement, Risk Partners, and Supplier Managers to develop criteria for monitoring suppliers' risk and performance effectiveness.

Implement the Third-Party Risk Methodology and provide training/guidance to Procurement, Business Partners, Supplier Managers, and Suppliers.

Coordinate and manage Third Party risk assessments on set schedules and ensure appropriate remediation activities.



Contact this candidate