Brandon Atam
(Current Location: Baltimore, MD. Willing to relocate to Columbia, SC)
Summary:
Detail-oriented Third Party Risk/information security professional, supporting Home Depot as a GRC RISK / Compliance Analyst with 5 years’ experience in cyber security, Risk assessment, Vendor Management,
Vulnerability management, Control implementation, Assessment and Authorization, Privacy and Procedures, POA&M management, Continuous monitoring, and Risk
Management, System Monitoring and Regulatory Compliance in accordance with NIST,
FISMA GDPR CCPA, SOC 1,2, ISO 2700, PCI-DSS, HITRUST and industry best security standards. Dynamic IT professional with the ability to adapt well to changing environments and interact well at all levels. Ability to lead and direct, solve problems creatively, and make strategic decisions in fast paced environments.
Skilful in preparing Authorization Package – SSP, SAR and POA&M, IT Control function, Audit, information Security and Polices.
Skills:
Threat Analysis
TPRM
Data Security & Privacy
Policies
Control Assessment
Awareness and training
Critical thinking
RISK management
Vulnerability management
Vendor Management
SOX
SOC 1,2
Risk Assessment
Maintaining Risk Register
Great Experience on MS Excel/Power Point and SharePoint
Cyber Security / Information Security
Zen GRC Tool
Outlook
Organized
Financial Services
Organization and Time management
Verbal and written communication
Compliance / Risk Management
Security Policies
Archer
NIST Standards
SOX
FISMA
PCI
SQL
CCPA
GDPR
ISO 27001
Operating Systems
Active Directory
DHCP
Privacy
DNS
Network Security
Oracle
Security Analysis
System Administration
Remote Access Software
Microsoft Windows Server
Business Continuity Planning
Network Support
Service Now
SAP
Change management
Incident response
Disaster recovery
Privacy
SharePoint
Leadership
Data Privacy
VPN
Presentation skills
Help Desk
IT auditing
Accounting
Order fulfilment
Google Suite
Care plans
Case management
SAS
Azure
Microsoft 365
High availability
Content management systems
Splunk
Business analysis
Manufacturing
Regulatory reporting
Pivot tables
Cloud infrastructure
Certifications and Licenses:
CompTIA Security+ Certified.
Certified Information Systems Auditor (CISA) Certified.
Certified Information Systems Security Professional (CISSP) In Progress
Education:
Bachelor's Degree in Computer
University of BUEA 2016
Professional Experience:
The Home Depot, Maryland January 2020 - Present
Third Party Risk Analyst /Compliance Analyst
Ensured cyber security policies are adhered to and controls are implemented.
Knowledge in supporting a security program within industry leading compliance frameworks and regulations (ISO2700, GDPR, CCPA, NIST, HIPPA, SOC 1, 2).
Design and distribute change management materials with respect to security controls certification, exceptions, and remediation. (25%)
Review evidence such as SIG, SOC2, and PENTEST VUL scans results and policies.
Assisted, in the design, implementation, training, and maintenance of a common controls’ framework for continuous testing and monitoring of all information security controls. Lead information security compliance activities related to SOC2, PCI-DSS, and Sox.
Assisted in Analysing and updating existing Compliance Polices and related Documentations.
Educated Management and other departments regarding Compliances Polices.
Evaluated the Audit/Inspection Readiness process, procedure, and checklist artefacts periodically to ensure documentation is well updated and evaluate for optimization.
Assisted, in the design, implementation, training, and standardization of security controls for the processing, storage, and transmission of payment and PII data.
Participate in disaster recovery (DR) design, planning, implementation and testing activities for critical assets and processes.
Coordinate with risk owners to develop recommendations for risk response and monitoring plans.
Manages assessment/audit timeline for questionnaire, interview, evidence verification, and report preparation.
Facilitated Security Control Assessment, performed internal audits of systems prior to external auditing and Continued Monitoring Activities.
Support the development and maintenance of enterprise risk management policies, standards, procedures, tools, and information systems.
Interact with internal stakeholders to deliver risk analyses and perform related tasks
Find process gaps or areas of concern and develop recommendations for risk response and monitoring plans.
Find, document, and organize related metrics and prepare reports as asked.
Create, deploy, and support effective enterprise-wide security awareness training programs, phishing campaigns, and cyber security communications.
First Financial Credit union, Maryland October 2017 - September 2019
Third Party Risk Analyst
Work closely with the Constellation leadership team members to develop executive and corporate communication materials and presentations.
Validate RFI and RFP contracts evaluations when on boarding vendor when conducting Due diligence.
Collecting required due diligence, facilitating stakeholder review of due diligence, and obtaining stakeholder approvals for vendor on boarding.
Performing vendor risk assessment and on-going oversight reviews according to policies and procedures.
Review vendor-provided security artefacts (e.g., SOC 2 reports, ISO 27001, GDPR
Assist with third-party risk due diligence activities and evaluations for finding, assessing, mitigating, and managing risks related to vendors and service providers.
Partake in organization third party risk management using Archer, SharePoint and KnowB4
Participated in weekly security team meetings to provide, guidance and support for the development of enterprise security architecture.
Analyse risk and support Third party partner risk assessment activities.
Review vendor-provided security artefacts (e.g., SOC 2 reports, ISO 27001 certifications, Cyber insurance, SIG questionnaires, etc.)
Assisted with Third-Party Risk Assessments (TPRM Program) for new and potential vendors.
Assisted With ongoing vendor cyber security risk assessments to review complex technology and business risks related to vendor’s security controls/posture and determine acceptance to company framework of controls.
Help guide and perform remediation of issues identified during third-party assurance or internal reviews.
Liaise with key functional teams such as Technology, Legal, Privacy, BCP, Information Protection and relevant business stakeholders to perform third party security reviews on their new and existing vendors and identify risks that require remediation.
Assisted in comprehensive vendor security assessment, identify risk, determine appropriate risk levels, document risk in Archer GRC and recommend remediation or mitigation strategies to the business and/ or technology teams.
Review submitted questionnaires/policies and advise requestor on course of action
Coordinate with technology team members for follow-up of implemented controls and support the collection and validation of evidence as part of the risk remediation process.
Assist with third-party risk due diligence activities and evaluations for finding, assessing, mitigating, and managing risks related to vendors and service providers and maintain the Risk Register.
Partake in the organization's third-party risk management using Archer.
Knowledge in managing and development with SaaS tools and low-code/no-code technologies (Service Now, Archer, Knowb4 SharePoint).
Participated in weekly security team meetings to provide, guidance and support for the development of enterprise security architecture.