Post Job Free
Sign in

Risk Analyst Database Administrator

Location:
Laurel, MD
Posted:
April 05, 2023

Contact this candidate

Resume:

.

CONTACT

Laurel MD

240-***-****

adwcvy@r.postjobfree.com

STANDARDS

• Risk Management Framework

(NIST SP 800- 30,37,53, and

53A)

• SAS-70/SSAE 18

• ISO 270001

• PCI DSS

• HIPPA

SKILLS

• Vendor Management and

Compliance

• Regulatory requirement and

Reporting

• MS Office ( Excel, Word,

PowerPoint) and Google suites

• Asset Management Vulnerability

• IT Risk Management

• Risk Identification

• IR Questionnaire

• SIG questionnaire

Compliance professional with detailed knowledge of security tools boasting over five years of experience working as a Third-party Risk Analyst skilled in Security Controls, NIST SP 800 series, ISO 270001, SSAE 18, ISO, PCI DSS, HIPPA and reviewing vulnerability scan reports, penetration testing report, SOC 2 Type 2 report, and BigSight/Security Scorecard report. In-depth knowledge of Compliance Testing, Risk Assessment, Policies and procedures, and Change Management. Knowledge in using tools such as ServiceNow, Google suites and excel spreadsheets for assessment. Highly adaptable and dedicated to forging strong relationships with cross-functional teams, executive managers, and stakeholders to drive cohesive operational systems effectively.

WORK EXPERIENCE

Third-Party Risk Analyst – KPMG (Contractor)

Washington, DC June 2021 – Present

• Conduct risk reviews and assessments for products, services, and operations based on the applicable

framework requirements from ISO/IEC 27001, and NIST Risk Management Framework.

• Review and validate provide documentation such as SSAE 18 Types-1&11 report, Vulnerability scan report, Penetrations testing report, ISO 27001, and SOC report.

• Review and evaluate all controls at the vendor site, Vendor practices, and processes to ensure data

confidentiality.

• Escalate issues of 3rd party vendor non-compliance with business stakeholders.

• Assist in the assessment, monitoring, and tracking of the TPRM lifecycle activities, risk assessment and due diligence.

• Ensure third-party adherence to contractual/regulatory compliance to minimize the risk of fines and reputational harm.

ATIM KOROMAH

CERTIFICATIONS

• Actively working on CompTIA

Security+

• Actively working on Certified

Information Systems Auditor

(CISA)

• Oracle Certified

Vendor Risk Assessor- Jacob’s Technology (Contractor) Washington, DC January 2019 – May 2021

• Conducted and evaluated third-party risk assessments, applying established criteria covering cyber security, data privacy, reputational, business continuity, and other risk domains.

• Reviewed vendor security questionnaires including the Shared Information Gathering (SIG) and supporting

evidence to evaluate vendor security posture.

• Reviewed third-party security documents using SOC 2 report, ISO 27001 certifications, and vendors.

policies/procedures to identify vulnerabilities and gaps in vendors' environment.

• Collaborated with internal partners and third parties to mitigate and resolve third party risks.

• Maintained strong working relationships with individuals and groups involved in managing information risks across the organization.

• Influenced vendors and business partners to ensure compliance with risk management policies.

Inherent Risk Analyst - Deloitte (Contractor)

Baltimore, MD January 2018 - December 2018

• Assisted the business team in completing the inherent risk questionnaire (IRQ) nomination form, for accuracy.

• Analyzed initial intake and inherent risk assessments completed by business owners and determine necessary follow-up.

• Assigned point values to questions and build a scoring system that determines the risk tier for each vendor.

• Reviewed the inherent risk questionnaire for

completeness and accuracy.

• Reviewed IRQ to determine the scope of work and the type of data the business unit shared with third parties.

• Tier vendors and determine their appropriate assessment. Database Administrator - Deloitte (Contractor)

Baltimore, MD July 2017 - December 2017

• Developed and monitored appropriate security procedures to safeguard the system from physical harm and viruses.

• Provided backup and recovery procedures as needed for all production and test databases.

• Managed schemas, indexing, objects, and partitioning tables.

• Participated in a 24X7 on-call rotation schedule for various production support, database maintenance,

housekeeping, and installs.

• Established database standards for operations, upgrades, migrations, and onboarding of new applications and clients.

• Created and implemented database designs and data models.

EDUCATION

Fourth Bay College, Sierra Leone

Bachelor of Arts Linguistics & Sociology

December 2007

.



Contact this candidate