Security Analyst Information
Resume:
Eugene Opoku-Mensah
New Jersey, United States. (*62) –704-3605 ******@*****.***
PROFESSIONAL SUMMARY
Information Security Analyst with 6 years of experience in policy documentation, compliance management and the implementation of security controls that mitigate risk in systems. Proficient in the use of GRC tools for risk management and real-time monitoring that reduces risk significantly to an acceptable range within the organization.
Key Skills
NIST Risk Management Framework (RMF)
Standards (NIST SP 800 Series, ISO, FEDRAMP)
Interpret and Communicate Insights
Technology Risk Management
Multitasking and priority assignments
Persistent Research
Security Policies, Standards and Procedure
Documentation
Risk Assessment and POA&M
Compliance (PCI DSS, HIPAA, GDPR, SOC, SOX)
Vulnerability Management (CVEs and CVSS)
Excellent Communication & Business Intuition
Tools: Service Now, Tenable io, Tenable cs, Tenable Nessus, Excel, SQL, AWS, Microsoft Office PROFESSIONAL EXPERIENCE
Information Security Analyst 08/2020 - Present
Newark Board of Education, Newark, NJ
Provide guidance on best practices on information security processes, controls, and FISMA compliance to team members
Develop patch and vulnerability management program to ensure that all enterprise devices maintain an approved patch compliance level
Coordinate with vendors and production team in creating organization-customized user-training documents, resulting in over 90% user satisfaction of the released application
Create an organizational risk strategy and performs enterprise-wide risk analysis and vulnerability assessments by monitoring using Nessus vulnerability tools to update virus protection systems on time
Assist System Owners and ISSO in preparing certification and accreditation package for IT System, ensuring that security controls adhere to industry requirement authorized by ISO 27001 and NIST 800- 53R5
Work with management and IT teams to ensure risk treatment and mitigation plans align with company’s goals
Built an end-to-end operation for the team to conduct assessments in efficient with minimum impact to the firm Cyber
Security Analyst 08/2018 – 07/2020
Felician University, Lodi, NJ
Assisted top management to identify and assign roles to team members in the risk management framework
(RMF) process, creating a robust security system for the organization
Performed security analysis using SIEM tools like Tenable to identify potential issues or areas of improvement
Created an organizational likelihood/impact scale and risk scale used in the organizational risk assessment that assisted top management in making decisions, saving the organization from common attacks in 2020
Supervised the production of policy documents for the creation of a business process model used for automation
Drafted and effectively communicated risk prevention strategies to staff, yielding 45% reduction of email spam
Deployed applications to create a warm site DRP, which led to a 95% access to all applications during a disaster
Project Manager 10/2013 - 07/2018
University of Electronic Science and Technology of China, Chengdu.
Collaborated to create system assessment report (SAR) and updated plan of action and milestone (POA&M), which assisted in the mitigation of residual risks
Consistently updated organizational risk register of new threats and vulnerabilities and recommended countermeasures to the incidence response plan (IRP) and disaster response plan (DRP)
Collaborated with business units and corporate partners to ensure solutions are built in consistent with the organization's policies, programs, architectural recommendations, and information security standards
Implement organization-wide procedures and industrial standards for performing complex experiments safely
Collaborated with QA teams on 3 Agile and SDLC projects, adhered to compliance and user requirements satisfaction, which ensured the completed projects were bug-free without before deployment
Managed teams in areas such as scheduling, and monitoring QA using Jira, which resulted in great departmental coordination on 2 parallel projects
Security Analyst 07/2011 - 07/2013
Bryan Lowe Orthopedic Hospital, Akuapem Mampong, Ghana
Led the IT team to perform an enterprise-wide assets identification and ownership and applied access control on all assets, securing over 10,000 patient documents from unauthorized access, or modification
Selected controls following FIPs 200 and NIST SP 800-53 in alignment with organizational goals to protect the PHIs and Electronic Health Records
Effectively communicated training documents to healthcare professionals on data usage guidelines that resolved 95% of frequent human errors which made possible to serve additional 35 customers
Performed daily updates and backups, which made data easily accessible in an unexpected server shut down, which saved the company from a loss amounting to $100,000
Worked with the VP, IT and Industry Regulators to ensure the Information Security team stays abreast with new regulatory, legal and/or compliance data security requirements
Performed HIPAA security risk assessments to identify and resolve vulnerabilities on people, processes and technology
ADDITIONAL WORK EXPERIENCE
Cyber Security Lead July 2018 – July 2022
Brooklyn Public Library, NY, U.S.A.
Developed role-based training materials for the Brooklyn Library Arts and Culture Department toward meeting ISO 27001 and SOC 2 compliance
Provided guidance for the analysis of underlying trends to identify process improvements, root causes, and scenario-based risk reduction efforts
Performed data-driven analysis to identify vulnerabilities and/or proactively determine potential threats to the library or areas of security improvement
EDUCATION
Master of Engineering, Computer Science & Technology 2013 University of Electronic Science and Technology of China, Chengdu, China
Developed a cloud storage scheme built on Hadoop (Big Data), called the Hierarchical Splitting and Clustering
Bachelor of Science, Computer Science 2010
University of Cape Coast, Cape Coast, Ghana.
Developed a java-based mobile study app for flexible learning at any time and anywhere PROFESSIONAL
DEVELOPMENT/AFFILIATIONS
Certification in Data Architecture Principles, Data Structure, and SQL, Cooper Union, NY, 2018
Certification in Software Quality Assurance Manual and Automation Testing, Cooper Union, NY, 2018
IEEE Computer Science Member, Association of Computer Machinery (ACM), Member since 2015
Contact this candidate