Edward J. Simpson, MBA

South Brunswick, NJ

Tel # 732-***-****,

adsgjg@r.postjobfree.com

SUMMARY OF QUALIFICATIONS

An experienced Information Security professional with over 5 years proficiency in the field. I have experience in conducting critical assessments with Information Technology Security Controls such as NIST Risk Management Framework (RMF), Third Party Risk Management, System Monitoring, ISO, PCI DSS, HIPAA, Regulatory Compliance and Loss Mitigation. My vast mastery and expertise of the information system industry standards and the achievement to beat deadlines make me a great asset to any organization that are committed to staying on top of information security matters.

CONTROLS & FRAMEWORKS

TPRM, NIST RMF (FISMA), HIPAA, HITRUST, SIG Questionnaire, SOC 2 (Type II), PCI DSS, ISO 27001.

SOFTWARE & PLATFORMS

One Trust, RSA Archer, Hiperos, OneTrust, Google Suite, MS Suite, BitSight, Security Scorecard, ServiceNow.

TRAINING

ISO 27002:2022 Refresher Training, May 2022

SIG Questionnaire Overview Training, January 2021

FISMA Compliance Refresher Training, June 2020

Certification and Accreditation Document Review Training, March 2019

ISO 27002:2013 Training, May 2018

Information Systems Security Training, August 2018

Information Assurance Awareness Training, December 2017

Phishing Awareness Training, February 2016

EDUCATION & CERTIFICATION

Master’s in Business Administration

California Coast University, Santa Ana, CA

Bachelor of Science in Biology

Thomas Edison State University, Trenton, NJ

CISA Certification

Expected completion in December 2022

EXPERIENCE

Third -Party Risk Analyst March 2020-Present

Ernest & Young LLP (EY), New York, NY (Contractor)

Serve as an initial review and checkpoint of basic contract management risk compliance in line with the business policy. Develop a deep understanding of Third-Party Organizations related systems, processes, and policies.

Conduct reassessment of vendors periodically and monitor third-party vendors security practices and compliance with contractual terms and obligations.

Demonstrate the ability to appropriately influence business decisions, and the professional judgement for selecting the appropriate methods and techniques to do so.

Review the completion of contracts, Statements of Work (SOW) and Service Level Agreements (SLAs) and on ongoing basis and perform frequent performance and risk monitoring.

Effectively manage ERM implementations in the organization to ensure that all risks are reduced to the minimal level.

Collaborate with Technical Security personnel to review and interpret vendor due diligence materials, including audit reports and security risk assessment questionnaires.

Respond appropriately to third-party cyber risk incident, the related investigations, manage situations with discretion, sensitivity, and objectivity and with due consideration of chain of custody.

IT Compliance and Risk Analyst October 2018-March 2020

Chase Manhattan Bank, New Jersey (Contractor)

Partnered with legal, compliance, procurement, IT, and business team to identify specific third-party information risks and recommended appropriate risk treatment action plans with pragmatic solutions to risk and control issues.

Educated business teams on third -party information risk and recommendations.

Conducted third-party risk assessments by applying established criteria. Worked with business units to establish, maintain, and optimize role based third party controls across the organization

Reviewed services provided by vendor and defined scope of assessment.

Reviewed ISO and PCI-DSS standards to identify potential gaps in required documentations and processes.

IT Security Analyst June 2017-October 2018

Penn Medicine, Plainsboro, NJ (Contractor)

Reviewed HIPAA and HITRUST standards to identify potential gaps in required documentation and processes

Assisted in the assessment and review of new vendors with new and existing technology to ensure that all security controls are in place and effective.

Worked with third-party auditors to facilitate and monitor HITRUST and ISO certification programs.

Conducted third-party risk assessments, administered due diligence security questionnaire.

Gathered feedback from end users to continue to improve the systems

Performed risk assessments to determine potential security treats and vulnerabilities.

Participated in IT and Business Unit projects to ensure security policies are adhered to.

Contact this candidate