SUMMARY
Review vulnerability scan results and coordinate patching and remediation efforts.
Advanced understanding of cyber threats, vulnerability management, and mitigative measure
Plan and run incident response tabletop test.
Comprehensive understanding of vulnerability management
Experience with ISO27001 and NIST 800-53
Interpret and apply information security policy and standards and perform internal & external security assessments and cyber gap analysis.
Review the operational effectiveness of technical and administrative internal controls.
Experience with HIPAA and HITRUST security requirements
Experience with Standardized Information Gathering (SIG) questionnaires.
EDUCATION/CERTIFICATION
B.S, Computer Science – University of Ghana 2007
CompTIA Security + 2018
Certified Ethical Hacker 2018
PROFESSIONAL EXPERIENCE
Finthrive LLC
Senior Security Compliance Analyst May 2023 to Present
Lead and manage the organization’s security compliance program, ensuring adherence to industry standards, regulations, and internal policies.
Conduct comprehensive risk assessments and vulnerability assessments to identify security weaknesses and provide recommendations for mitigation.
Collaborate with cross-functional teams to develop and implement security policies, procedures, and guidelines in alignment with NIST, ISO, and other industry frameworks.
Analyze security incidents and breaches, investigate root causes, and recommend corrective actions to prevent recurrence.
Blue Sky Solutions May 2022 to May 2023
Information Security Analyst
Conduct security assessment, following NIST Special Publication 800-53A guidance in support of obtaining an Authority to Operate new systems or existing systems that undergo significant change.
Coordinate security assessment activities with the appropriate system and security.
Document comprehensive security assessment results that fully describe the weaknesses and deficiencies discovered during the assessment.
Manage, prioritize, and complete client questionnaires, and risk assessments.
Support Audit and compliance programs by understanding and ensuring adherence to HIPAA, SOC, and other requirements from an information security perspective.
Analyze trends in questionnaires and based on new requests, recommend improvement of security policies and procedures.
Conduct vulnerability assessments and security impact analyses based on the NIST requirements.
Document security assessment results in the Cyber Security Assessment Management (CSAM) system.
Work with the Data Privacy team to put in place data handling policies in line with CCPA.
Review and Update System Security Plans using the NIST 800-18 as a guide.
Collect, review, update, and maintain IT Supporting artifacts based on the NIST 800- 53 Rev 4
General Electric, Houston August 2018 to May 2022
Information Security Analyst
Conduct NIST 800-53 and ISO27001-based security assessments on new systems added to the company network boundary.
Collaborate with critical service suppliers in adapting practices, policies, and procedures to conform to ISO 27001, NIST 800 standards, and CISA standards.
Provide expertise and assistance in the development of continuous monitoring programs and plans.
Categorized Information Systems based on processed data; Restricted, Confidential, and public data categories.
Review technical and security addendum with vendor and customer.
Perform Continuous threat monitoring and review to assess and prioritize vulnerabilities.
Provide oversight and advisement on proposed major change requests to IT System.
Develop security policy and procedural controls relating to Management, Operational, and Technical Controls
Manage, prioritize, and complete client inquiries (questionnaires, risk assessments, etc.)
Analyze trends in questionnaires and based on new requests, recommend improvement of security policies and procedures.
General Electric, Houston April 2015 to August 2018
End User Support Analyst
Followed Asset Management Policies and procedures to ensure the accuracy of all information.
Installed, maintained, and upgraded end-user hardware, software, and peripheral equipment collected,
Demonstrated ability to build strong relationships with business partners, vendors, and other TO organizations.
Partnered with the business and other TO departments for incident and problem resolution.
Served as an escalation point for all L1/L2 issues.
Maintain inventory tracking for hardware and software.
Proactively identify opportunities to educate business partners on leveraging the use of technology more effectively.
Harris County Community Services November 2013 to April 2016
Helpdesk Support Specialist
Helped turn business obstacles into technical solutions.
Simulated user problems to resolve operating difficulties.
Recommended systems modifications to reduce user.
Performed system administration-related tasks such as imaging and deploying Windows-based workstations and
Provided onsite and remote support for emergency activations and specials.
Provided technical advice, guidance, and informal training to attorneys and staff using hardware and software programs.
Performed root cause analysis and developed checklists for typical problems.