Edward J. Simpson, MBA
South Brunswick, NJ
Tel # 732-***-****,
****************@*****.***
SUMMARY OF QUALIFICATIONS
An experienced Information Security professional with over 5 years proficiency in the field. I have experience in conducting critical assessments with Information Technology Security Controls such as NIST Risk Management Framework (RMF), Third Party Risk Management, System Monitoring, ISO, PCI DSS, HIPAA, Regulatory Compliance and Loss Mitigation. My vast mastery and expertise of the information system industry standards and the achievement to beat deadlines make me a great asset to any organization that are committed to staying on top of information security matters.
CONTROLS & FRAMEWORKS
TPRM, NIST RMF (FISMA), HIPAA, HITRUST, SIG Questionnaire, SOC 2 (Type II), PCI DSS, ISO 27001.
SOFTWARE & PLATFORMS
One Trust, RSA Archer, Hiperos, OneTrust, Google Suite, MS Suite, BitSight, Security Scorecard, ServiceNow.
TRAINING
ISO 27002:2022 Refresher Training, May 2022
SIG Questionnaire Overview Training, January 2021
FISMA Compliance Refresher Training, June 2020
Certification and Accreditation Document Review Training, March 2019
ISO 27002:2013 Training, May 2018
Information Systems Security Training, August 2018
Information Assurance Awareness Training, December 2017
Phishing Awareness Training, February 2016
EDUCATION & CERTIFICATION
Master’s in Business Administration
California Coast University, Santa Ana, CA
Bachelor of Science in Biology
Thomas Edison State University, Trenton, NJ
CISA Certification
Expected completion in December 2022
EXPERIENCE
Third -Party Risk Analyst March 2020-Present
Ernest & Young LLP (EY), New York, NY (Contractor)
Serve as an initial review and checkpoint of basic contract management risk compliance in line with the business policy. Develop a deep understanding of Third-Party Organizations related systems, processes, and policies.
Conduct reassessment of vendors periodically and monitor third-party vendors security practices and compliance with contractual terms and obligations.
Demonstrate the ability to appropriately influence business decisions, and the professional judgement for selecting the appropriate methods and techniques to do so.
Review the completion of contracts, Statements of Work (SOW) and Service Level Agreements (SLAs) and on ongoing basis and perform frequent performance and risk monitoring.
Effectively manage ERM implementations in the organization to ensure that all risks are reduced to the minimal level.
Collaborate with Technical Security personnel to review and interpret vendor due diligence materials, including audit reports and security risk assessment questionnaires.
Respond appropriately to third-party cyber risk incident, the related investigations, manage situations with discretion, sensitivity, and objectivity and with due consideration of chain of custody.
IT Compliance and Risk Analyst October 2018-March 2020
Chase Manhattan Bank, New Jersey (Contractor)
Partnered with legal, compliance, procurement, IT, and business team to identify specific third-party information risks and recommended appropriate risk treatment action plans with pragmatic solutions to risk and control issues.
Educated business teams on third -party information risk and recommendations.
Conducted third-party risk assessments by applying established criteria. Worked with business units to establish, maintain, and optimize role based third party controls across the organization
Reviewed services provided by vendor and defined scope of assessment.
Reviewed ISO and PCI-DSS standards to identify potential gaps in required documentations and processes.
IT Security Analyst June 2017-October 2018
Penn Medicine, Plainsboro, NJ (Contractor)
Reviewed HIPAA and HITRUST standards to identify potential gaps in required documentation and processes
Assisted in the assessment and review of new vendors with new and existing technology to ensure that all security controls are in place and effective.
Worked with third-party auditors to facilitate and monitor HITRUST and ISO certification programs.
Conducted third-party risk assessments, administered due diligence security questionnaire.
Gathered feedback from end users to continue to improve the systems
Performed risk assessments to determine potential security treats and vulnerabilities.
Participated in IT and Business Unit projects to ensure security policies are adhered to.