Data Analyst Security
Resume:
BETTY AMPOFO ***********@*****.*** 646-***-****
Summary
Certified IT Security professional with 5 years’ experience in Risk Management Framework/IT Security with focus on system security evaluation, assessments, and monitoring with NIST 800 series/FISMA standards. Hands-on experience with ITGC control testing working with subject matter experts (SMEs) to develop, review and document control implementation descriptions that meet or exceed the security-control compliance requirements. Experience with SOX, COBIT, PCI DSS compliance Testing. Proficiency in Excel and Data Visualization tools like Tableau. I can work independently and with a team to provide security detail required to ensure the confidentiality, integrity, and availability of information systems.
Skills/ Technical Tools/Controls
ITGC • SDLC/Agile Methodologies • GRC • Nessus • RMF Controls • SQL • Active Directory • Jira • Confluence • Microsoft Office Suite (Word, Excel, and PowerPoint) • ServiceNow • Python • ISO27001 • Tableau • Archer
Professional Experience
Swarovski North America Ltd., New York, July 2018 – Present
IT Auditor
Assist in performing audit testing procedures, including attribute-based controls, through various means – inspection, observation, and re-performance
Identify and define the root cause of control issues. Review and evaluate the adequacy of internal controls, and compliance with IT security policies and procedures. Provide recommended solutions to identified internal control concerns
In accordance with Department standards, learn to develop accurate and complete work papers that adequately support the work performed
For smaller and discrete projects or task assignments, may project manage assigned resources, generally interns and staff internal auditors as an in-charge auditor
Performing audit tests and preparing work papers which document work performed and conclusions reached
Prepares summary memoranda, closing conference agenda, planning meeting memos, etc., that accurately describe results of tests performed, the nature of control weaknesses and exposures and identify practical recommendations for improvements
Clearly documents and evaluates as part of audit projects assignments, the internal controls present in the manual and automated systems being reviewed, identifying internal control strengths and weaknesses
Trinity Advanced Systems Hartford, CT, May 2015 – July 2018
IT Risk Analyst
Developed, updated, and maintained appropriate Security Authorization (SA) packages based on NIST standards for systems to include development of final Authority-to-Operate (ATO) packages and Authority-to-Operate (ATO) recommendation
Advised and made suggestions to system owners on all matters involving the security of assigned IT systems.
Performed continuous monitoring activities by testing a portion of the security controls on my assigned systems
Ensured compliance with data security policies and relevant regulatory requirements in accordance with agency directives and applicable Risk Management Framework (RMF) requirements
Conducted and reviewed vulnerability scans (Nessus and Splunk) and identifies right Point of Contacts for remediation within the appropriate time frame
Glico General Insurance, New York, NY, May 2013 – May 2015
Cyber Security Analyst
Safeguarded information by conducting risk assessments, influencing policy and standards, and contributing to security awareness
Assessed and analyzed security risks in company policies and compliance activities before suggesting strategies and methods to effectively remediate security weaknesses
Performed third-party risk assessments on vendors and reported findings to the IT management team
Reviewed SOX controls and ensured appropriate performance
Generated detailed monthly, quarterly, and annual production reports to share data on insurance and claims
Works with clients to implement system security measures, assists with computer security plans and documentation and provides technical guidance and training
Paper Source, New York, NY, September 2012 – April 2013
Data Analyst Intern
Completed study of the in-house requirements for the data warehouse
Worked on all phases of Data Warehouse development lifecycle from gathering requirements to testing, implementation, data migration and support
Experience in Integrating SQL Server and Oracle
Presented PowerPoint briefings and executive summaries to line of business executives
Presented data analysis results to development teams and executive management
Managed the creation, design, implementation and support of multi-terabyte data warehouses on multiple RDBMS systems across the company
Provided excellent customer services, trained new employees, calculated loss and profit of the store on a daily basis
Education/Certification
ISACA Certified Information System Auditor
CompTIA Security+
City University of NY Lehman College 2012, Bachelor of Business Administration
Reference available upon request
Contact this candidate