EBENEZER COBBY AGYAKO SAKA
adukhu@r.postjobfree.com 757-***-**** Norfolk, VA 23501
Summary
An experienced IT security analyst, Risk Management Professional with Extensive IT risk and control experience. Ample experience in consulting and working in various organization sector such as technology, healthcare and financial institution. Skilled in Risk Management, Information Security principles, Project Management, Risk Assessments, Due Diligence and various Audit Methodologies. Knowledgeable with NIST frameworks 800-53 rev 4, 800-37, 800-137, ISO 27001, IS031000, HIPAA Standards, SSAE 18: SOC 1 and SOC 2, SIG questionnaires and other third-party certifications. Skills
Risk Mitigation
Jira
Risk Assessment
Internal Assessment
Policy Review
SOC 2 review
PCI-DSS
Security Questionnaire
Experience
American Express Phoenix, AZ
Governance and Compliance Analyst
12/2019 - 10/2022
Reviewed company policies against best practices to better understand level of compliance.
Lead role in the third-party risk assessment process, which will include sending third party risk assessments to vendors, evaluating the risk level, recommending mitigating controls, documenting the assessment and following up on action plans.
Lead role in the security and privacy risk assessment processes for the company.
Experience auditing or working with security control frameworks such as NIST 800-53, Cybersecurity Framework for Improving Critical Infrastructure, CIS Critical Security Controls, ISO 27001/2 and COBIT
Work on both sides of the audit and assessment process, proven experience; how to test controls and how to design them specific to IT operation
Assist with security risk assessments on new or existing IT products, services, and technologies to analyze controls, identify and evaluate mitigating control opportunities and assign residual risk using the organizational risk management methodology
Manage the assessment and remediation of IT control deficiencies through collaborating with auditors and control owners to perform root cause analysis, design remediation plans, and update control design documentation
Perform risk assessments and synthesize analysis of the risk.
Assist in responding to regulatory examiner and third party auditor inquiries.
Conduct Third Party Risk Assessment
Leverage on PCI-DSS to answer Security questionnaire and do Risk assessment
Banner Health Arizona City, AZ
Information Security Risk Analyst
12/2017 - 10/2019
Lead in the aggregation, documentation, and improvement of information and cyber security frameworks and measures, and apply improvements to the risk management process. Continue to monitor, update, and adapt to ongoing risks.
Working closely with the Security Compliance Manager and Director to support with risk remediation and tracking.
Executes the day-to-day activities of HITRUST assessments (Readiness, Validated, Interim), including scoping and planning the engagements
Perform risk assessments, to effectively plan and execute compliance and professional standards
Perform review of completed vendor assessment questionnaires for conformance to program objectives and methodology
Perform risk assessments on organizational controls around information security including cyber and physical, business continuity and disaster recovery, resiliency, privacy, and governance.
Partner with the team to track Vendor Risk Management process- Conducts technical and policy-based information security risk reviews of third-party vendors.
Test implemented controls
Assist in IT and Information Security audits, and report on findings and ensure corrective actions are complete and sustainable
Support internal and external audit processes for relevant compliance concerns, including state regulations, privacy laws, and security frameworks
Equifax Alpharetta, GA
Cyber Security Analyst
09/2016 - 12/2017
Provide counsel to ensure that internally developed and commercially available business applications include adequate Information Security controls; Consult process owners on the identification, development and testing of Information Security controls for risk mitigation effectiveness
Collaborate closely with the various Security and Information Technology teams globally to insure that they follow Corporate Security Policies to protect the enterprise, and that policies, best practices, and Security Standards are implemented uniformly across the company
Experience and knowledge with leading and validating evidence for IT audits for ISO 27001, NIST 800-53, PCI, HIPAA, SOC 2, etc.
Document risk issues in the designated risk register
Provide risk remediation recommendations that the business and technology may implement to mitigate identified control gaps
Schedule and perform information risk assessments using company methodology; identify, document and communicate control deficiencies in business processes and technology systems
Participate in and influence information risk assessment process improvement.
Education and Training
Old Dominion University Norfolk, VA
Bachelor of Science in B.S in Mechanical Engineering &Technology 05/2004
Certifications
CompTIA Security Plus CE • GRC Professional Certification – In progress