Email: adtsx9@r.postjobfree.com

Tel.: 774-***-****/774-***-****

Current Location: MA

Availability to Start: 1 Week Notice

Education:

MS in Cybersecurity (August 2022 – September 2023)

MA Monitoring and Evaluation from University of South Africa (2019-2021)

MSc. Biostatistics from University of Ibadan (2008-2010)

MPhil in Educational Administration from University of Cape Coast (2005-2008)

B.Ed. Mathematics from University of Cape Coast (2000-2004)

Member of ISACA (Member number: 1418470)

CISA certified professional (March-2022)

CISA Certificate number: 221897441

CompTIA Security+ professional

Risk Management:

Has over 5 years Risk Management experience, defined appropriate risk levels and corrective actions for issues identified on security assessment and compliance.

Assurance Testing:

Has over 3 years Assurance Testing experience, performed comprehensive Quality Assurance Testing and validated testing results from testing environments.

Data Analysis:

Has hands on experience with Data Analysis, conducted data analysis, work paper documentation, reporting, and remediation validation.

Technical Skills:

Proficient with QuickBooks, Microsoft Office Suite, Active Directory, Firewall, Python, SPSS, STATA, MS Excel. TCP/IP.

Core Skills:

Experience in system security monitoring, auditing and evaluation, A&A and Risk Assessment of GSS (General Support Systems) and MA (Major Applications).

Experience in the various assessment scope (that is; Information Security, Business Continuity, Cloud Multi-tenant Facility, Enterprise Vendor Management, Electronic Record management, and DDoS)

Remediation tester.

Perform Certification and Accreditation documentation in compliance with company standards

Develop, review and evaluated System Security Plan based NIST Special Publications

Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems.

Perform comprehensive Quality Assurance Testing (that is; manual testing methods).

Perform robust statistical analyses (using; Python, SPSS, STATA and MS Excel)

Professional experience:

Berkshirebank (Contractor) 2021- Up-to-Date

Serves as a subject matter expert to identify and address key third party related risks and areas of concern associated with new and existing third parties.

Perform Third Party risk assessments using the security controls implemented by the bank as a baseline/ guide.

activities including generation of assessment reports, validation of initial findings with management and business unit, follow-up on risk remediation’s and mitigation as well as process exception for high risk accepted by the business.

Conducts risk-based audits including all aspects of the audit lifecycle, risk assessment, planning, client coordination, fieldwork, data analysis, workpaper documentation, reporting, and remediation validation, with direction from senior team members.

Will Cyber Security Consulting Limited 2020 – 2021

United kingdom

Provided expert advice and guidance to all areas of the business on Information Security and Risk Management.

Developed and maintained collaborative relationship with relevant functions within Secure Design, Product Owners, Cyber Resilience Centre and Technical Leads to ensure successful delivery of information Security Management into projects.

Documented information security risk assessments identifying any issues or risks that need to be articulated to senior management for remediation and/or to follow formal risk acceptance governance processes through pre-RAC and RAC (Risk Action Control) meetings.

Identified information security gaps and advises on design of new controls and processes to be implemented by internal teams or third parties to facilitate remediation.

Responsible for scoping out and managing all Universal Credit ITHC requirements, engaging with third parties, managing technical prioritisation of features with the relevant stakeholders to remediate any risks/issues identified before go-live.

Clearly, communicated security solution designs, key recommendations and approaches to interested parties, stakeholders, project bodies and relevant governance forums through monthly Security Risk Assurance Forums reports.

Produced detailed metrics and reports based on information security risk analysis to reduce and mitigate risk through collaborative risk analysis workshop with Product Owners, Cyber Resilience Centre, Security Control Team, Technical Leads, Security Architects, Secure Design Leads and Business Analysts.

Apex Systems, Washington, DC 2018 – 2020

Third-Party Risk Analyst (Contractor)

Serves as a subject matter expert to identify and address key third party related risks and areas of concern associated with new and existing third parties.

Perform Third Party risk assessments using the security controls implemented by the company as a baseline/ guide.

Review security assessments performed by 3rd party and provide feedback. Define appropriate risk levels and corrective actions for issues identified on HITRUST security assessment and compliance.

Engage in post assessment activities including validation of initial findings with management and business unit, follow-up on risk remediation’s and mitigation as well as process exception for high risk accepted by the business.

Conducts risk-based audits including all aspects of the audit lifecycle, risk assessment, planning, client coordination, fieldwork, data analysis, work paper documentation, reporting, and remediation validation, with direction from senior team members.

Conducts kickoff meetings with vendors and Third-Party Managers to help identify and understand all technology involved in their service delivery and to also establish the scope of assessment

Emagine IT, Washington, DC 2016 – 2018

Security Control Analyst

Conducted periodic IT risk assessment and reviewed IA controls for any deficiencies. Deficient controls are then reported to the ISSO for appropriate mitigation actions

Initiated and led information security awareness and training program in order to inform the employees of their roles in maintaining a matured security posture

Conducted gap assessment during HITRUST certification processes

Contributed in weekly change management meetings in order to evaluate change requests (systems or application) that could lead to approval or denial of the requests, validated testing results from testing environments and promoted changes to production environment

Created and maintained security metrics in order to help senior management to make decisions

Performed bi-annual security policy review to make sure all information are current with the laws, directives and regulation

Conducted Business Impact Analysis (BIA) to analyze mission-critical business functions and identify and quantify the impact those functions if these are lost (e.g., operational, financial). BIA helped to define the company’s business continuity plan and IT internal control audit objective

Conducted security assessment with government agencies using cloud products, aiming at securing Authorization (ATO) as a 3PAO.

Conducted rigorous SOC 1 and SOC 2 audit reports for clients focusing mainly on controls design and their operational effectiveness.

Technical knowledge on TCP/IP and using Wireshark to manage live packets capture.

Contact this candidate