EBENEZER COBBY AGYAKO SAKA

adukhu@r.postjobfree.com 757-***-**** Norfolk, VA 23501

Summary

An experienced IT security analyst, Risk Management Professional with Extensive IT risk and control experience. Ample experience in consulting and working in various organization sector such as technology, healthcare and financial institution. Skilled in Risk Management, Information Security principles, Project Management, Risk Assessments, Due Diligence and various Audit Methodologies. Knowledgeable with NIST frameworks 800-53 rev 4, 800-37, 800-137, ISO 27001, IS031000, HIPAA Standards, SSAE 18: SOC 1 and SOC 2, SIG questionnaires and other third-party certifications. Skills

Risk Mitigation

Jira

Risk Assessment

Internal Assessment

Policy Review

SOC 2 review

PCI-DSS

Security Questionnaire

Experience

American Express Phoenix, AZ

Governance and Compliance Analyst

12/2019 - 10/2022

Reviewed company policies against best practices to better understand level of compliance.

Lead role in the third-party risk assessment process, which will include sending third party risk assessments to vendors, evaluating the risk level, recommending mitigating controls, documenting the assessment and following up on action plans.

Lead role in the security and privacy risk assessment processes for the company.

Experience auditing or working with security control frameworks such as NIST 800-53, Cybersecurity Framework for Improving Critical Infrastructure, CIS Critical Security Controls, ISO 27001/2 and COBIT

Work on both sides of the audit and assessment process, proven experience; how to test controls and how to design them specific to IT operation

Assist with security risk assessments on new or existing IT products, services, and technologies to analyze controls, identify and evaluate mitigating control opportunities and assign residual risk using the organizational risk management methodology

Manage the assessment and remediation of IT control deficiencies through collaborating with auditors and control owners to perform root cause analysis, design remediation plans, and update control design documentation

Perform risk assessments and synthesize analysis of the risk.

Assist in responding to regulatory examiner and third party auditor inquiries.

Conduct Third Party Risk Assessment

Leverage on PCI-DSS to answer Security questionnaire and do Risk assessment

Banner Health Arizona City, AZ

Information Security Risk Analyst

12/2017 - 10/2019

Lead in the aggregation, documentation, and improvement of information and cyber security frameworks and measures, and apply improvements to the risk management process. Continue to monitor, update, and adapt to ongoing risks.

Working closely with the Security Compliance Manager and Director to support with risk remediation and tracking.

Executes the day-to-day activities of HITRUST assessments (Readiness, Validated, Interim), including scoping and planning the engagements

Perform risk assessments, to effectively plan and execute compliance and professional standards

Perform review of completed vendor assessment questionnaires for conformance to program objectives and methodology

Perform risk assessments on organizational controls around information security including cyber and physical, business continuity and disaster recovery, resiliency, privacy, and governance.

Partner with the team to track Vendor Risk Management process- Conducts technical and policy-based information security risk reviews of third-party vendors.

Test implemented controls

Assist in IT and Information Security audits, and report on findings and ensure corrective actions are complete and sustainable

Support internal and external audit processes for relevant compliance concerns, including state regulations, privacy laws, and security frameworks

Equifax Alpharetta, GA

Cyber Security Analyst

09/2016 - 12/2017

Provide counsel to ensure that internally developed and commercially available business applications include adequate Information Security controls; Consult process owners on the identification, development and testing of Information Security controls for risk mitigation effectiveness

Collaborate closely with the various Security and Information Technology teams globally to insure that they follow Corporate Security Policies to protect the enterprise, and that policies, best practices, and Security Standards are implemented uniformly across the company

Experience and knowledge with leading and validating evidence for IT audits for ISO 27001, NIST 800-53, PCI, HIPAA, SOC 2, etc.

Document risk issues in the designated risk register

Provide risk remediation recommendations that the business and technology may implement to mitigate identified control gaps

Schedule and perform information risk assessments using company methodology; identify, document and communicate control deficiencies in business processes and technology systems

Participate in and influence information risk assessment process improvement.

Education and Training

Old Dominion University Norfolk, VA

Bachelor of Science in B.S in Mechanical Engineering &Technology 05/2004

Certifications

CompTIA Security Plus CE • GRC Professional Certification – In progress

Contact this candidate