MARY ADJOA BARNOR
**** ********** ****, **********, ** 23112 Phone: (804) – 309 – 6394
Email address: ***********@*****.*** /***********@*****.***
PROFESSIONAL SUMMARY
A highly skilled technical professional with notable expertise in IT compliance auditing, vulnerability management, and penetration testing, risk assessment, performing and documenting IT audits, controls implementation, and special projects. Adept experience in reviewing and implementation of operational, and IT procedures, and assessment of risk for each entity to determine compliance with policies and industry best practices. Identification and updating of Risk ranking as the IT universe changes. Versed with network and system security, vulnerability and penetration testing, authentication, and access control management and review.
CORE EXPERTISE
•Information Systems Security
•Vulnerability Assessment & Management
•System Documentation Development
•Security Policy & Procedure Development
•Project Management and Support
•Risk Remediation
•Database Management
•General Security Administrative skills
•Security Life Cycle
•Systems Risk Assessment
•Security Control Assessment
•A&A process Support
•Vender Compliance Management
•Third Party Risk Management
•Security Artifacts Review & Maintenance
•Cloud Computing
SOFTWARE, HARDWARE, TECHNICAL EXPERIENCE
•Governance, Risk, and Compliance Tools: Archer, PowerBI, Onetrust platform, etc.
•Vulnerability Scan Tool: Nessus, NMAP • Operating Systems: Windows,
•Regulatory Frameworks: CIS-20, NIST-800 -30/37/39/53, FIPS, FISMA, OMB, FedRAMP, PCI-DSS, HIPAA, ISO
27000/01
•MS Office suites: Word, Excel, PowerPoint, Microsoft SharePoint (Development and Maintenance)
•Critical Infrastructure: SCADA/ICS
PROFESSIONAL EXPERIENCE
Security Risk & Compliance Analyst (Remote) Thomson Reuters - Richmond, VA 07/2018 -Present
•Performed vulnerability assessment, assessment, assessed the weaknesses identified and prioritized the remediation based on the CVSS and tracked remediation with the relevant business unit and control owners.
•Conducted in-depth security assessment of information systems that evaluated compliance with administrative, physical, technical, organizational, and policies safeguards and assessed security control test plans to maintain HIPAA compliance based on Office of Civil Rights (OCR) protocol, NIST SP 800-66 Rev1 and security controls (NIST SP 800-53)
•Performed IT controls risk assessments, reviewed organizational policies and standard procedures and guidelines
•Developed security auditing plans and conducted General Computer Controls testing and participated in SOX testing of the General Computer Controls
2 P a g e
•Audited findings, developed HIPAA compliance reports and corrective action plans
•Identified security gaps, designed remediation plans, and made recommendations to the IT Management
•Collaborated with ISSO to investigate information security-related issues and created assessment reports and tracked remediation activities
•Communicate audit findings to management and identify opportunities for improvement in the design and effectiveness of key controls.
•Conducted Third Party Vendor Security Risk Assessment to assess the efficacy of cloud vendor controls in alignment with HIPAA and NIST 800-53rev4
•Host and facilitate kick-off meetings and presentations with system stakeholders/clients on the operational security posture for the systems in their purview and on security-related policies.
•Host and facilitate kick-off meetings and presentations with system stakeholders/clients on the operational security posture for the systems in their purview and on security-related policies.
Clearbridge Technology Group, Billerica, MA, 30047 05/2013-02/2018
•Establish and maintain good client relations during engagements.
•Assist in communicating the results of some audit projects to management via written reports and oral presentations.
•Effectively communicate information, issues, and audit progress to teammates and auditees.
•Utilize an understanding of the company’s information technology environment and how systems support business activities to coordinate and /or conduct audits as assigned, including specialized activities.
•Provide support for the SOC1 and SOC2 report audits, and the annual financial statement audit, including performing direct assistance testing related to Information Technology General Controls.
•Reviewed, analyzed, and documented business procedures such as Standard Operation Procedures (SOPs) for user needs in areas of licensing health, and safety guidelines.
•Assessed, analyzed, and stored audit logs and audited processes, practices, and documents to identify weaknesses
•Supported pre-assessment, assessment, and post-assessment activities.
•Ensured management, operational, and technical security controls adhere to a formal and well-established security requirement authorized by NIST 800 53 rev 4/5.
•Supported security assessment team in conducting the adequacy of the management, operational, privacy, and technical controls implemented.
•Performed user account provisioning, account reviews, and user account entitlement reviews
•Responded to service issues, problems, and critical situations to support the resolution and minimize downtime.
•Investigated security events such as problems, crises, critical situations, unauthorized access, and non-compliance • Monitored I.S. facilities and infrastructure access to audit and maintain security controls and to ensure compliance.
•Maintained logs on identification and data access (e.g., applications, networks, files, database management systems, etc.) to support compliance standards.
•Examined records and tested strategies to determine compliance with management directives
EDUCATION
Bachelor of Science Administration July/ 29/ 2010
Kwame Nkrumah University of Science and Technology, Kumasi
PROFESSIONAL CERTIFICATIONS
Security+ 12/2021
CISM 05/2022