Compliance Analyst Information Security

PROFESSIONAL SUMMARY

Dynamic and results-driven Information Security and Compliance Analyst with over 8 years of experience in cybersecurity management, compliance assessment, and risk management frameworks. Proficient at conducting audits and assessments for certifications such as PCI-DSS, ISO 27001, and SOC to ensure information systems’ compliance, security and operational integrity. I am skilled in vulnerability assessment, documentation creation (SSP, POA&M), and risk mitigation using frameworks like NIST 800-53, RMF, and FISMA, with proven leadership in coordinating interna and external audits, and fostering cross-functional collaboration.

CORE COMPETENCIES

• Frameworks & Standards: NIST 800-53, RMF, PCI-DSS, ISO 27001, SOC, HITRUST, FISMA, FedRAMP

• Technical Expertise: Vulnerability Scanning (Nessus), Incident and Ticketing (ServiceNow), Configuration Management, Security Testing

• Risk Management: Assessment & Authorization (A&A), POA&M Management, Risk Mitigation, Continuous Monitoring.

• Communication: Policy Development, Compliance Reporting, Security Control Assessment, ATO Package Management, Security Awareness Training, Client and Audit Coordination

PROFESSIONAL EXPERIENCE

IT Security, Audit and Compliance Analyst

Teleperformance USA – September 2020 – Present

• Spearhead assessment and authorization (A&A) processes for operational information systems, ensuring compliance with NIST 800-53 and RMF standards.

• Collaborate with cross-functional teams to manage GRC program, security compliance and certification audit.

• Serve as project manager for external audit processes, achieving certifications for PCI-DSS, ISO 27001, SOC, and HITRUST.

• Develop and review security documentation, including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms) and risk assessment reports.

• Review vulnerability scans and implement continuous monitoring strategies to maintain organizational security posture with my team.

• Work closely with system owners and stakeholders to ensure complete and accurate documentation for ATO packages

Key Achievements:

• Led successful ISO/PCI/SOC and HITRUST external audits, achieving certifications within stringent timelines.

• Collaborated with my team to streamline audit preparation processes to enhanced compliance operations and reduce redundancy.

Information Security Analyst

Nationwide IT Services – September 2018 – July 2020

• Conducted security assessments using NISHT 800-53A as the baseline, ensuring the effectiveness of selected controls through testing and analysis.

• Developed, reviewed and updated security artifacts, including SARs, SSPs and POA&Ms.

• Provided strategic guidance to stakeholders on compliance requirements and risk remediation efforts.

Key Achievements:

• Help reduce non-compliance risks through security awareness training, and enhanced monitoring and documentation practices.

• Improved system security by implementing NIST-compliant vulnerability assessments.

Information Systems Security Analyst

Digital Global Connectors – July 2017 – June 2018

• Conducted comprehensive assessments of security controls using the NIST framework, ensuring compliance and system security.

• Created and updated security documentation, such as contingency plans, Security Assessment Reports (SAR) and privacy impact assessments (PIAs).

• Provided training and guidance to stakeholders and system owners on security validation processes and compliance requirements.

Key Achievements:

• Enhanced system readiness for audits by developing clear SOPs and remediation plans

Risk and Compliance Analyst

CVS Health Systems – September 2015 – May 2017

• Ensured compliance with HIPAA and protected health information (PHI) regulations.

• Conducted control risk assessments, technical reviews, and remediation tracking for audit readiness.

• Delivered compliance training and created detailed security reports for executive stakeholders.

• Collaborated with team to prepare and conduct audits to achieve HITRUST certification

Key Achievements:

• Improved PHI data management and reduced audit findings.

EDUCATION

• B.S., Cybersecurity Management and Policy – University of Maryland Global Campus

• Associate Degree in Cybersecurity – Montgomery College, Germantown, MD

• B.A., Communications and Media Studies – University of Media Arts and Communication (UniMAC) GIJ, Accra, Ghana.

CERTIFICATIONS

• CompTIA Security+

• Certified Information Security Manager (CISM) – In Progress

• PCI DSS Version 4 Transition Training

• Vendor Risk Management and Compliance Training

TECHNICAL SKILLS

• Software: MS Office Suite, Splunk, ServiceNow

• Tools: Nessus Vulnerability Scanner, GRC

• Networking: LANs, VPNs, TCP/IP, Firewalls

• Frameworks: NIST 800-53, RMF, ISO 27001, FedRAMP

ADDITIONAL INFORMATION

• Available for remote and hybrid opportunities.

• References available upon request.

Contact this candidate