P a g e * *

Moses Owusu

Information Security Analyst Cybersecurity Analyst

Houston, TX 77035 • 347-***-****

LinkedIn • adv5x2@r.postjobfree.com

Summary

Insightful, results-driven professional with extensive experience in promoting information security through implementation of emerging technologies and governing regulations. Repeated success in risk assessments and mitigation, system security monitoring and auditing, testing information security controls implementation, and maximum operational impacts attainment with minimum resource expenditures. Strong practical understanding of Governance, Risk, and Compliance (GRC). Possess in-depth knowledge of standards and frameworks, including ISO 27001/27002, HIPAA 1996, Statements on Standards for Attestation Engagements (SSAE) 18, Service Organization Control (SOC) 2 Type II, Federal Information Security Management Act (FISMA), Control Objectives for Information and Related Technologies (COBIT), and Payment Card Industry Data Security Standard (PCI DSS). Transformational leader: partnering with cross- functional teams to deliver scalable robust solutions. Focused individual with detailed understanding of Health Information Technology for Economic and Clinical Health (HITECH) and Health Information Trust

(HITRUST) Alliance and Common Security Framework (CSF). Proficient in the applications of health management, electronic health records (EHR), health information technology (HIT), meaningful use. Committed to superior services through a positive attitude within fast-paced environments. Core Competencies

• IT Program Management • Information Security Management • Project Management

• IT Security Assessment • Risk Assessment & Mitigation • Cybersecurity

• Vulnerability Scanning • Policies Development • Strategic Planning

• Incident Management

• Microsoft Office • Team Leadership

Career Experience

Texas Department of State Health Services, Houston, TX 02/2020 – Present Information Security Risk Analyst (Contract)

Plan, conduct, and complete third-party risk assessment to evaluate vendor's control effectiveness utilizing ISO 27001, HITRUST, SOC 2 Type II, HIPAA, and HITECT (ARRA, 2009) governance, risk management, and compliance

(GRC) tools. Analyze the security of both new and current systems in light of HIPAA, HITECH, NIST 800-60, and NIST 800-53 rev5 regulations. Play a key role in controlling, eradicating, and preventing incidents damaging the environment, especially electronic protected health information (ePHI) of patients. Develop monitoring tools to review existing vendors for risk assessments as per vendor's risk level of the engagement. Employed monitoring tools (ServiceNow GRC) to enhance governance, risk, and compliance.

• Researched, identified, and capitalized on latest information technology security trends as well as engaged in initiating regulatory security risk assessments and audits using HIPAA, HITRUST, and ISO 27001/27002.

• Developed of information security policies using HIPAA safeguards/controls; applied HITECH to enhance HIPAA through promoting electronic health record systems (EHRs) to improve quality of care, safety and efficiency, improve coordination of care, enhance health status of the community receiving health care, among others.

• Defined, created, and implemented SOPs in line with security policies and standards of the organization.

• Conducted third-party risk assessment on vendors to understand risks they pose and evaluate their remediation efforts.

• Planned and conducted training and coaching sessions for new information security analysts.

• Planned and trained employees to raise their awareness about cyberspace activities to avoid phishing and social engineering impact on company security.

P a g e 2 3

• Administered and supported team members and empowered them to complete assignments within specified timelines.

• Audited internal and external security, scrutinized data, and security breaches, and investigated incidents to determine and eliminate issues; conducted risk assessments using NIST SP 800 series (e.g., NIST 800- 53 Rev 5).

Intec Logic Global, LLC, Houston, TX 05/2017 – 12/2019 Third Party Risk Analyst

Initiated and completed risk-based security audits of the company's internal systems, apps, and 3rd party cloud services. Articulated internal security findings to technical and non-technical stakeholders in the organization. Planned and created a system security planning (SSP) outlining FISMA standards and controls. Steered in-depth analysis to evaluate SOC 2 Type II reports of third parties and data center. Assessed security deficiencies in card industries using PCI DSS control measures. Applied GRC in promoting business interest and in alignment of federal and state laws. Gathered and communicated measurements of security threats and operational success to senior management. Ensured seamless activities by assuring execution of up-to-date measures on regulations and industry best practices. Employed COBIT framework to address and align business interests with governance, management, and compliance to promote improved security measures.

• Employed ISO 27001/27002, SOX, GLBA, COBIT for governance and management to enhance GRC in the financial industry auditing; GDPR and CCPA for protection of privacy of individuals.

• Used GRC tools to enhance security and compliance with federal and state laws that align with business interest through enactment of governance policies.

• Successfully completed a record amount of risk analyses, improving 2018 and 2019 net profit.

• Doubled company's profit in 2018 as compared to 2017 and attained 50% increase in 2019 as compared to 2018.

• Managed the progress of remediation steps on identified PCI DSS control deficiencies.

• Advised on security tools and process changes that enhanced PCI DSS compliance.

• Used internal auditing tools, such as standards and guidelines for compliance, e.g., PCI DSS and NIST SP 800 series, particularly NIST SP 800-53 R5 for control selection and implementation in Risk Management

(FISMA).

• Led training and coaching sessions for new information security team to improve skills and performance.

• Offered expert recommendations on technical, physical, and administrative control implementations as per findings.

• Planned and trained employees to raise their awareness about cyberspace activities to avoid phishing and social engineering impact on company security.

Montefiore Medical Center, Bronx, NY 02/2016 – 04/2017 Cyber Security Risk Analyst (Contract)

Employed appropriate security measures to guarantee confidentiality, integrity, and accountability of computer systems, networks, and information assets. Delivered active support with day-to-day audits and risk assessments and provided input in handling incident response situations. Performed walkthroughs, created test plans, recorded test results, and devised corrective action plans for each testing domain. Conducted IT operating effectiveness tests in multiple areas, including security, operations, change management, and email authentication.

• Used an organizational security architecture to strengthen security processes, procedures, and policies.

• Developed of information security policies using HIPAA safeguards/controls

• Collaborated and functioned closely with vendors, consultants, and internal SMEs to guarantee high-quality services to protect business entities and personnel.

• Used internal auditing tools like HIPAA safeguards and HITRUST Common Security Framework (HITRUST CSF) in auditing health-related security issues.

• Planned and trained employees to raise their awareness about cyberspace activities to avoid phishing and social engineering impact on company security.

• Protected and promoted cybersecurity following protected health data breach in 2015.

• Significantly improved hospital image by developing and maintaining incident-free environment. P a g e 3 3

• Analyzed security policies and procedures to determine and overcome gaps to achieve optimal security levels.

Medasource, Indianapolis, IN 02/2014 – 12/2015

Vendor Risk Analyst (Contract)

Oversaw and managed organizations vendor risk program through third-party risk assessment. Planned, initiated, and completed IT controls risk assessments, including detailed evaluation of organizational policies, standards, procedures, and guidelines. Devised a security baseline and test strategy to evaluate deployed measures. Documented and reported control failures and gaps per company policy, also produced and submitted management reports on remediation progress.

• Audited internal and external security, scrutinized data, and security breaches, and investigated incidents to determine and eliminate issues; conducted risk assessments using NIST SP 800 series (e.g., NIST 800- 53).

• Kept abreast of trends in the information security community, including methodologies, vulnerabilities, and products.

• Planned and trained employees to raise their awareness about cyberspace activities to avoid phishing and social engineering impact on company security.

• Researched and identified vulnerabilities across various companies, leading to significant improvement on their information security and potential risk reduction. Additional Experience

Public Health Epidemiologist II, NYC Department of Health and Mental Hygiene, New York, NY Public Health Sanitarian II, NYC Department of Health and Mental Hygiene, New York, NY Research Assistant, Korle-Bu Teaching Hospital (Univ. of Ghana Med. School), Accra, Ghana Education

Master of Business Administration (MBA), Plymouth State University, NH, Graduated 2013 – 2015 Bachelor of Science (B.Sc.) Biochemistry, University of Science and Technology, Kumasi, Ghana Professional Certification

Working towards CISSP

Contact this candidate