Ebenezer Owusu-Afriyie

CISM, CISA, CDPSE, CEH, ECSA, C CISO, ISO 27001:2013 LA

PROFILE

Over 14 years of networking, GRC and Security/Privacy experience.

Computer system, information technology and Information Security Management educated.

Collaborative, approachable, positive and authentic.

Extensive experience including;

oWorking with multiple vendors and open-source technologies.

oInformation Security Auditing/Implementing ISO27001 framework and conducting ISO27001 Certification Audits

oVendor Risk Assessment

oDeveloping robust information security architectures with an Agile Project Management delivery methodology and assisting in the development of client IT and security strategies.

oImplementing ISO27001 and provided training for clients

oCyber security workshops, vendor and risk assessments.

Track record of building successful relationship across all organizational levels, high achievement and motivation.

Experience working with, reporting to, and managing geographically dispersed teams.

PROFESSIONAL EXPERIENCE

MUFG Investor Services

Associate Director, IT, Information Security Manager

Oct 2022 Present

Tasks summary:

Conducting Vendor and monitoring Risk Assessment

Administer security awareness training assignments and follow-up for annual training, new joiners (incl. Contractors) and long-term leave returnees. Streamline and document the process followed.

Provide support in carrying out systems assessments using the SISRA module in the vendor portal, documenting the rationale for assessment points, following up with the owner, etc. and determining any issues that should be documented clearly in our vendor portal.

ISMS / Security frameworks lead – ISO 27001, NIST Cyber Security Framework

oDriving the adoption of these standards at a global level

oOperating an Information Security Management System (ISMS) - the global management system for information security which drives our security posture

oEngagement across multiple departments / teams, to secure their support in the adoption and operation of controls required

Policy & Procedures – review, development and implementation

oManagement of the information security policy suite - annual review, updates in line with risk posture / ISMS requirements

oProviding guidance to IT Security Operations in the development of Information Security Procedure documents

Security risk management – framework development, implementation and risk identification facilitation

oDevelopment and implementation of an appropriate framework for the timely identification of information security and related risk

oEngagement with internal teams, such as Operational Risk, to ensure alignment and consistency in the assessment of risk

KPI and KRI development – monthly reporting to CRC, EC and Information Security Governance Committee

oDevelopment of metrics - both KPIs and KRIs - to provide timely and accurate reporting on performance to internal committees and Boards

Third party security assurance – operating on-going assurance processes

oIn conjunction with Vendor Management, developing and implementing a security assurance process for ensuring that appropriate information security assurance is obtained from vendors where information security is a requirement

Data Privacy

oSupporting the Data Protection Officer in meeting the security requirements of relevant privacy legislation through the design and operation of effective controls

MUFG Investor Services

Information Security Manager

Dec 2019 Oct 2022

Tasks summary:

ISMS / Security frameworks lead – ISO 27001, NIST Cyber Security Framework

oDriving the adoption of these standards at a global level

oOperating an Information Security Management System (ISMS) - the global management system for information security which drives our security posture

oEngagement across multiple departments / teams, to secure their support in the adoption and operation of controls required

Policy & Procedures – review, development and implementation

oManagement of the information security policy suite - annual review, updates in line with risk posture / ISMS requirements

oProviding guidance to IT Security Operations in the development of Information Security Procedure documents

Security risk management – framework development, implementation and risk identification facilitation

oDevelopment and implementation of an appropriate framework for the timely identification of information security and related risk

oEngagement with internal teams, such as Operational Risk, to ensure alignment and consistency in the assessment of risk

KPI and KRI development – monthly reporting to CRC, EC and Information Security Governance Committee

oDevelopment of metrics - both KPIs and KRIs - to provide timely and accurate reporting on performance to internal committees and Boards

Third party security assurance – operating on-going assurance processes

oIn conjunction with Vendor Management, developing and implementing a security assurance process for ensuring that appropriate information security assurance is obtained from vendors where information security is a requirement

Data Privacy

oSupporting the Data Protection Officer in meeting the security requirements of relevant privacy legislation through the design and operation of effective controls

Bell Canada

Technical Security Consultant

Nov 2018 Oct 2019

Developing and implementing security practices; responsible for delivery of security services to the business and assisting in the development of client security architecture

Tasks summary:

Security architecture design, technology integration, and configuration

Development of standard builds for security technologies

Pre-sales support for security services

Performing physical PenTest

Security Framework: NIST, ISO27001

Conducting Cyber Security workshop

Security Assessment

Firewall and Switch Audit

Consulting with clients and preparing reports based on my

Mobile Penetrating Testing

Major clients include:

Insurance Company, PEI February 2019

VPN Tunnel Configuration

Task Summary:

Configure firewall on site

Setup internet connection

Configure VPN tunnel

Setup encryption and test the connection to make sure it was working.

Test the connectivity from both sides of the tunnel

Provide summary report to the client along with answering any questions that came up

New Brunswick Power February 2019

Hardening Cisco Layer 3 Switch

Task Summary:

NB Power requested to conduct a Lawyer 3 switch configuration assessment and make recommendations on hardening it, as well as recommend if the device needed an upgrade.

Conduct configuration review of the switch

Conduct presentation on my findings and my recommendation

Wrote a detailed report, including configuration to harden the device.

Conducted final Workshop after the report, present it and answer any questions that came up.

Network Innovations April 2019

Cyber Risk Management Services (Assessment Workshop)

Task Summary:

Conducted on-site assessment of client infrastructure, interview IT staffs to gather current state of IT infrastructure, process and staff deployment specifically for the design and maintenance of their security program.

Conducted an on-site assessment workshop gathering information on the following:

oServices / Critical Business Assets (Current State)

oBusiness Services (Target State)

oAttack Surface Information

oCompromise Assessment

Develop high-level summary of information gathered during the workshop

Provide a High-Level Recommendations based on information gathered during the workshop

Cape Breton Regional Municipality April 2019

Network Security Audit

Task Summary:

Conducted high level security assessment and policy review for CBRM. The assessment consist of testing and reviewing CBRM firewall, physical security, policy review etc.

Conducted Physical Security Review - A review of physical security controls and testing of controls to identify weaknesses in physical management of information assets and information systems

Conducted policy review - An assessment of current information security policy statements against a comprehensive framework for policies to address information security management, drawn from industry accepted standards and best practices.

Conducted Firewall rules - Testing of firewall and review of firewall rules and access lists, both ingress and egress. Overview of Unified Threat Management system and recommendations on conforming to industry standards.

Conducted remote access review - Review of remote access configuration to determine if appropriate measures have been implemented to reduce the risk level of offering network access services over the public Internet

Conducted Endpoint protection review - Assessment of endpoint protection strategy, implementation, and capability to reduce the risk of infection from malware.

Conducted office 365 Assessment - Review of implementation strategy of Office 365 and related services, including technical reviews to optimize configuration settings for security

Wrote a high level detailed report consolidated with other work that was conducted by Pentest Team

Provided detailed recommendations to improve their infrastructure and security roadmap including strategic technology recommendations for the next 3 5 years based on observations during the engagement.

New Brunswick Power June 2019

Endpoint Protection System Selection

Task Summary:

Conducted evaluation for the current NB Power endpoint protection environment vs other capabilities that exist leveraging the existing and new technologies to further enhance the endpoints.

Review technical architecture

Review applicable security strategy and policy

Review internal and external compliance requirements

Review current endpoint protection environment, including licensing current state

Identify and categorize endpoint protection Needs, Wants, and Nice-to-Haves

Research potential endpoint protection solutions

Present comparative matrix of options and projected cost

Marine Atlantic July 2019

ASA Cleanup Review

Task Summary:

Review ACL against firewall industry best practice

Review Routes, certificates and NAT statements for relevance

Provided a list of IP addresses (from the ACL’s, NATs, routes) and certificate details to Marine Atlantic for review.

Responses needed will include:

oIs the IP address still in use?

oIs the applicable ACL / route / NAT / Certificate still required?

oIf the item is identified as being present on both their ASA device, is it needed on both or only one ASA?

Implement the changes after clean up upon marine Atlantic approval

Create a list of recommendations on service changes, removals, enhancements

Make recommendations based on CIS Benchmark to harden the ASA

Provided a detailed report for the recommendations.

Create follow-up SOW for any service oriented changes based on recommendations

Bulletproof Solutions

Security Operations Analyst

May 2018 Nov 2018

Planning, installing, and supporting network security

Tasks summary:

Conduct daily threat feed for clients

Threat hunting

Phishing email assessment

Making security changes to various clients based on access we have to their infrastructure

Conducting daily threat hunt based on assigned client

Bulletproof Solutions

Governance Risk & Compliance Consultant

June 2017 May 2018

Tasks summary:

Responsible for leading and executing Professional Services including Governance, Risk and Compliance, specializing in technical reviews that include network security architecture, vulnerability assessment and penetration testing for gaming networks to comply with World Lottery Association best practice for security controls.

Performed the following security audits:

Data Analysis

Matching controls and making sure they compliant with ISO standard

Provide system analysis for lottery and gaming systems throughout the software development lifecycle. Drive business, technical and system requirements analysis specific to gaming systems

Clearwater Seafoods

IT Operation Analyst/Network Analyst

Mar 2015 – May 2017

Tasks summary:

Worked with ISP on improving network infrastructure and was responsible for wireless implementation and support for all location, as well as for updating network diagrams. Led efforts related to configuring and setting up routers/switches for unified communication projects, and implemented and supported VPN for all sites. Responsible for clearing wiring closet and following standard cabling for all locations, as well as for logistic for network implementation. Responsibilities also included change management; identification and fixing of network vulnerabilities; and creation/update/maintenance of network documentation. Responsible for developing/implementing policies, procedures, and associated training for network resource administration, security best practices, appropriate use, and disaster recovery. Performed risk and security assessment for all Clearwater sites, carried out wireless site survey, and completed risk assessment for each plant, providing recommendations reducing business being stalled for long periods of time. Audited AD and monitored access to the servers.

Clearwater Seafood’s

Service Desk Analyst

Aug 2013 – Mar 2015

Tasks summary:

Responsible for 24/7 service desk support, supporting existing infrastructure, server maintenance, and utilization of virtual platforms. Responded to inbound client communications including alerts, emails, phone calls, and in person communication, and supported client computing hardware (desktops, laptops, printers, PDA’s). Supported Clearwater’s corporate application suite (Siebel and Great Plains), and escalate or re-assigned complex or unresolved incidents. Provided guidance, assistance, and training for Clearwater customers and internal staff in technical and application areas, and assured timely resolution of incidents and service requests reported to Service Desk.

Government of Nova Scotia, Chief Information Office Jan 2013 – June 2013

Technical Analyst

Provided tier 1 or 2 support by troubleshooting and repairing hardware (computers, servers and equipment), infrastructure (networks), software (web-based applications, databases, word processing programs) and / or other IT equipment, peripherals or telecom equipment and implementing corrective action to ensure timely resolution of user’s IT issues. Provided wide range of technical installation services to internal clients for hardware including computers, networks, and other IT equipment. Installed, tested, and upgraded software, and recorded and documented hardware and software problems, system crashes, actions and solutions in incident and problem management system.

Government of Nova Scotia, Chief Information Office Aug 2012 – Jan 2013

Tier 1 Technical Supporter for OS Migration

Provided technical support to employees of the Government of Nova Scotia during migration from Novell to Microsoft Technologies. Troubleshot migration issues with client Workstations (Windows XP and Windows 7), software applications (Office 2010), user data, printers, email configuration (Outlook 2010) and VPN connections (Juniper). Provided telephone and email based, remote technical support to clients using tools such as Novell Zen-Works, Microsoft RDP and SCCM.

Research in Motion May 2012 – Aug 2012

Analyst, Blackberry Customer Technical Support

Delivered customer service, responding to product specific inquiries and other issues customers encountered. Acted as a representative of RIM for product specific customer inquiries and issues via inbound voice and email interactions. Providing technical support services for hardware, software and infrastructure, and utilized SAP to track customers’ orders and status.

PERSONAL INFORMATION

LANGUAGE(S)

English

Spoken and written

Twi

Spoken and written

EDUCATION

Information Security Management (Online),Graduate Certificate, Fanshawe College, London, Ontario

Bachelor of Information Technology, Cape Breton University, Sydney, Nova Scotia (2011)

Bachelor of Computer Science, University of New Brunswick, Fredericton, New Brunswick

Computer System Technician Diploma, Fanshawe College, London, Ontario (2008)

CERTIFICATIONS

Information Technology Infrastructure Library certified – ITILv3

GR750124729EO

ISO27001 Lead Auditor

ISLA1023591-2017-10

ISO27001 MS Auditor

Certified Ethical Hackerv10 (CEHv10)

ECC3145786209

Certified Chief Information Security Officer (C CISO)

ECC8534609127

Certified Information Security Manager (CISM)

2051352

Certified Information Systems Auditor (CISA)

20167425

Certified Data Privacy Solutions Engineer (CDPSE)

2006911

EC-Council Certified Security Analyst v10

ECC3145786209

MS-500

AZ-500

CONTINUING EDUCATION

2015

Global Knowledge

CCNA Boot Camp

2018

Udemy

NMAP

2019

Udemy

Mobile Application Hacking and Penetration Testing (Android)

2019

Udemy

GDPR Certification, data protection, privacy

2020

Social Engineering

2021

RMF for Systems and Organizations Introductory Course

NIST

2022

Excel 2021 Essential Training

2022

GDPR, GDPR Certification, data protection, privacy

COMPETENCIES

Network

Cisco, VoIP, Dell

RAS, SMTP, IMAP, POP3, NAT, RIP, EIGRP, OSPF, HSRP, VRRP, VLAN, Trunking, VTP, STP, GLBP, Ether Channel, IPsec VPN, SSL, VPN, L2TP VPN

Servers

Dell PowerEdge, Windows Server, VMware, Microsoft Exchange, Microsoft IIS, Kali linux

Security Devices

Cisco, Fortgate, Palo Alto

Security Software

Wireshark, Symantec Endpoint Protection, Trendmicro, Acronis, Nessus, Carbon Black defense, Burp suite

SIEM

IBM QRadar

Development

HTML, CSS

SECURITY CLEARANCE

Security Clearance level II

Goods and Service

Contact this candidate