Information Security Risk Assessments

Emmanuel Shaft Boamah

Atlanta -

470-***-****

************@******.**

Summary

Goal-oriented IT professional with significant success in planning, analyzing, and implementing security plans and initiatives. Accountable for ongoing activities to preserve the availability, integrity, and confidentiality of my company and customer information in compliance with applicable information security laws, policies, and standards. Responsible for managing and performing vendor risk assessments as required. Knowledgeable in industry frameworks like ISO-27001, HIPPA, HITRUST, PCI-DSS, and SSAE16/18 (SOC 142). Skilled in industry GRC tools like Process Unity, ServiceNow, RSA Archer, One Trust, Tugboat logic

Skills

Risk Mitigation

Remediation

vendor tiering

security questionnaire

policy review

SOC 2 review

AML/KYC

Risk Assessment

Internal Audit

Control Mapping

Reporting and Documentation

Security Assessment Report

Transaction Monitoring

Experience

January 2023

to

Current,

Goldman Sachs New York, NY

Cyber Security Risk Analyst

Effectively and efficiently evaluate third-party risk assessments when provided by vendors

Provide technical, business, and information security analysis support in the design, development, and implementation of vulnerability management processes.

Participate in Corporate and Client facing audit engagements, as requested, to ensure adherence to applicable standards and compliance initiatives (e.g. NIST, FedRAMP, FFIEC, FINRA, PCI DSS, SOC I & SOCII, and others).

Knowledge of Industry Best Practice for data security and PCI compliance

Conducting internal PCI v3.2.1 or v4.0 SAQ-D assessments and understanding of PCI DSS v4.0

Mediate between vendors and business leaders utilizing knowledge of IT risk within the organization.

Organize and prepare various vulnerability scan result outputs and reports.

Collaborated with cross-functional teams to gather requirements and translate them into technical solutions on the ServiceNow platform.

Monitored platform performance and implemented enhancements to optimize system reliability and scalability on AML/KYC.

Work collaboratively with the Line of Business, Risk Liaisons, and Corporate Compliance to understand current Monitoring, Third Party Risk, and Compliance Risk Assessment practices.

Provide statistical reports to management on vulnerability remediation progress.

Develop and execute remediation planning to ensure requirements are met by the implementation date.

Serve as primary contact for technical vendor management for assigned tools.

Conducting a Third-Party Technology Risk Assessment

Effectively and efficiently evaluate third-party risk assessments when provided by vendors

Respond to assessment and audit requests from clients

Coordinate and manage internal and external assessment requests

Update and review Information Security policies and procedures

Interact with a variety of vendor contacts and drive responsiveness to surveys, requests for information, and other data to support audit and risk management.

December 2021

to

December 2023

Apple Bank New Jersey

Compliance Analyst

Document risk reports in various technology platforms and manage remediation activities.

Coordinate multiple vendor and authoritative resource vulnerability notifications to aggregate a weekly internal notification to all technical lines of business.

Assist with maintaining TPRM-related program documentation.

Assist with maintaining metrics, dashboards, and reports for TPRM activities

Contribute to the management and scheduling of information security and compliance related vulnerability scans.

Lead the execution, organization, verification, reporting, and evidence archival of User Access Certification campaigns.

Provide oversight of the information security controls and procedures, security compliance, and applicable security incident response, and documentation of procedures for global locations.

Review and analyze daily audit reports for indications of possible information security incidents and indicators of compromise.

Monitor for changes in regulations and standards affecting information security requirements, perform periodic assessments to ensure compliance with applicable information security laws. Monitor and routinely audit compliance of all information security procedures and policies on AML/KYC.

Provide applicable oversight and maintenance of the local information systems business continuity and disaster recovery plans, tests network security, system and software architecture, and design to ensure that data is secured during all lifecycle phases.

Conduct third party risk assessments in alignment with company security policies and Transaction monitoring.

Apply Information Security knowledge to address vendor risks regarding IT and business implementations in a timely fashion

February 2020

to

December 2021

InnovaCare Health Florida

Compliance Analyst

Classification and tiering of vendors by risks and risk impacts

Ensures third- (and increasingly, fourth) party vendor regulatory compliance

Coordinates internal and external resources related to 3rd Party Risk Assessments, audits, and compliance initiatives

Monitor third-party vendor assessments

Responsible for assessing the practices and posture of new & existing Third Parties

Document confirmed gaps and partner with business leaders and vendors on impacts and remediation

Identify and establish risks

Facilitating timely remediation of gaps and issues related to third-party program infrastructure

Monitoring and reporting on third-party risk trends

Education and Training

June 2019

SUM College – California USA

Bachelor of Arts - 2019

Contact this candidate