Supply Chain Risk Management

Thomas Oteng-Sefah

Columbus, Ohio

Phone: 614-***-****

***********@*****.***

Overview:

Highly skilled IT Professional with a proven track record in developing and implementing security solutions in fast-paced environments. Expertise in risk assessment, mitigation, and compliance across the SDLC and GRC frameworks. Proficient in RMF, NIST 800 series, FedRAMP, and cloud security (SaaS, IaaS, PaaS). Strong understanding of industry standards (NIST CSF, PCI DSS, ISO27000, CIS, HITRUST). Excellent communication, interpersonal, and leadership skills with a focus on customer relationships.

PROFESSIONAL SKILLS

Management of Plans of Action and Milestones (POAMs) creates service tickets, and coordinates with system admins to ensure that project milestones related to security vulnerabilities or compliance are achieved.

Performed Nessus vulnerability scans, analyzing the results, collaborating with technical teams to address identified vulnerabilities.

Evaluates vendor’s security controls, and policies to identify potential security threats and vulnerabilities, which is crucial for risk management.

Determines the tier level of inherits risk by reviewing the intake or engagement forms submitted by relationship managers, allowing for informed decision-making regarding potential risk.

Performed system Gap analysis using the CIS (Center for internet Security) control framework helping to identify areas where security measures are lacking.

Reviewed and updated various company policies and procedures such as, Access Control, Contingency Plan, Incident Response Plan, and Logging, ensuring they remain effective and compliant.

Possess knowledge of performing PCI DSS (Payment Card Industry Data Security Standard) compliance, specially adhering to version 3.2.1 controls.

Third Party and Vendor Onboarding, Monitoring, and Offboarding.

WORK EXPERIENCE:

DHL SUPPLY CHAIN LOGISTICS Systems Analyst September, 2006 – Present

Develop policies and procedures to ensure information systems reliability, accessibility,

and prevention to defend against unauthorized access to systems, networks, and data.

Promoting awareness of security issues among management and ensuring sound security principles are reflected in organization’s visions.

Reviewed and validated all vendor controls to ensure data confidentiality.

Validated security questionnaires to ensure current data protection measures on vendor side.

Conducted risk assessments based on agreed procedures and guidelines.

Provided detailed reports of assessments to business owners and vendor management office.

Worked as a remediation analyst to ensure all gaps identified during assessment are remediated or mitigated timely.

Planned security risk assessments for all third party vendors.

Perform tasks related to compliance of Continuous Monitoring (ConMon), audit logs

review, security patching, software, and hardware configuration management.

Develops and updates system security contingency plans and disaster recovery procedures (DRCP).

Coordinate remediation plans with the patching team after Nessus vulnerability scans are conducted.

Develop and implement programs to ensure that systems, network, and data users.

are aware of, understand, and adhere to systems security policies and procedures.

Uses Archer to track various cybersecurity projects, as well as ServiceNow to resolve and escalate incidents.

Act as a liaison with auditors, both internal and external, ensuring compliance with privacy laws and implementing necessary controls to maintain a spotless audit track record.

Conduct thorough risk assessments for new applications and systems during RFI/RFP processes, resulting in the identification and mitigation of high-risk vulnerabilities before implementation.

Serve as a subject matter expert on vendor cybersecurity risk, leading risk assessments and meticulously reviewing applicable vendor security artifacts to ensure compliance.

Review and evaluate responses to security surveys, validating supporting evidence like SOC1/2 reports, ISO Certifications, Hitrust Certification, IT policies, and independent Penetration Test reports to identify security control deficiencies/gaps and provide recommendations, contributing to a 20% reduction in security control gaps.

Conduct rigorous assessments of vendor security controls, ensuring a high compliance rate with information security standards and identifying actionable areas for improvement.

Prepare comprehensive vendor assessment reports, deliver actionable recommendations for security control enhancements and driving continuous improvement efforts.

Collaborate with vendors to develop and validate remediation plans, resulting in a significant reduction in non-compliance findings and enhanced security control implementation.

Conduct thorough reviews of vendor services, establishing clear assessment scopes, and ensuring seamless alignment with security requirements.

EDUCATION AND CERTIFICATIONS

Devry University, (Keller Graduate School) Columbus, OH 2018

Masters of Business Administration in Accounting/Management

University of Cape Coast, Ghana West African

Bachelor of Education and Management 2002

CompTIA Security + (In Progress)

FISMA/RMF Training

Third Party Risk Management Framework Training

AREAS OF EXPERTISE/TECHNICAL SKILLS

Nessus, Archer, Sharepoint

Federal Information Processing Standards (FIPS) 199 and 200

National Institute of Standards and Technology (NIST Compliance) Special Publications

(SP) 800-53A, 800-53r4, 800-37, 800-59, 800-60, 800-66 and 800-34

ISO/IEC 27005

Federal Information Security Modernization Act (FISMA) Compliance.

MS Office 365

Contact this candidate