Data Privacy Risk Management

Soft Skills

Communication Collaboration

Problem-solving Analytical

Adaptability Time Management

Attention to detail Leadership

Organization Self-Motivation

Technical Skills

NIST Cybersecurity Framework

Security Auditing

Tenable Nessus

Splunk

Compliance Management

Security Configuration

Incident Response

Cloud Security

Regulatory Compliance

Black Kite

Core Competencies

Security Assessment & Authorization

Risk Management

Data Privacy & Security

Compliance & Governance

Technical Security Expertise

Certifications

Cyber Awareness Training (Coursera)

Risk Management Framework, NIST

800-37

Certified Information Systems

Auditor (CISA)

Certified information Systems

Manager (CISM)

CompTIA Security+

Education

BSc. Computer Science

Central University Accra, Ghana

06/2010 - 05/2014

SARAPHINA DANSO

Cybersecurity Analyst Risk Assessor Data Privacy & Governance Professional

908-***-****

**************@*****.***

4 Grzyb Terrace, Parlin, New Jersey

https://www.linkedin.com/in/saraphina-

danso/

Seeking a challenging Cyber Security Analyst position within a reputable organization in the Information Technology industry to leverage expertise in IT controls risk assessments, data privacy audits, and implementation of robust security controls. Proven ability to collaborate with cross-functional teams, effectively identify and mitigate security risks, and ensure compliance with industry standards, including NIST, FISMA, HIPAA, PCI, and ISO 27001. Eager to contribute to a leading-edge organization and drive innovation in cybersecurity practices.

Professional Summary

Conducted IT controls risk assessments and implemented remediation plans to address identified gaps.

Led data privacy audits and implemented strategies to enhance compliance with industry standards.

Performed security assessments of information systems to ensure compliance with NIST, HIPAA, and PCI standards.

Assessed vendor risks and collaborated with stakeholders to ensure the security of third-party relationships.

Developed and implemented security controls to mitigate risks and enhance overall security posture.

Experienced in using security frameworks such as NIST, FISMA, and ISO 27001. Conducted vulnerability assessments and recommended remediation actions to address identified weaknesses.

Developed and delivered security awareness training programs to enhance organizational security posture.

Possess strong analytical and problem-solving skills to address complex security challenges.

Career Timeline

Work Experience

Third Party risk analyst/ Data Privacy analyst

AGO Worldwide Consulting

Jun 2019 - Present

Security Control Assessor

Geek View Tek Solutions

Dec 2017 - Jun 2019

Third Party risk analyst/ Data Privacy analyst

AGO Worldwide Consulting (Severn, MD)

Responsibilities included: Conducting IT controls risk assessments, Performing data privacy audits, Implementing security controls, Ensuring compliance with NIST, HIPAA, PCI, and ISO 27001, Assessing vendor risks, Developing security awareness training programs, Using security frameworks such as NIST, FISMA, and ISO 27001, Conducting vulnerability assessments and Developing a system security plan (SSP)

Performed IT control risk assessments encompassing organizational policies, standards, guidelines, and procedures to identify vulnerabilities and recommend appropriate security controls.

Conducted thorough General Computer Controls testing, documented identified gaps, devised comprehensive remediation plans, and presented findings and recommendations to IT Management, contributing to improved security posture.

Jun 2019 - Present

Technical Skills

NIST RMF (SP 800-37), FISMA Compliance, ISO/IEC 27001, COBIT (Control Objectives for Information and Related Technologies), CIS Controls, Risk Assessment Methodologies, Security Control Frameworks, Compliance Management, Security Configuration, Risk Management, Incident Response, Cloud Security, Regulatory Compliance, OCI security Architecture, Compliance Auditing, NIST 800-53

Spearheaded a cross-functional team initiative to execute a comprehensive data privacy audit, uncovering critical vulnerabilities and implementing robust remediation strategies. Conducted IT general controls risk assessments and comprehensive risk audits leveraging industry-standard frameworks, including HIPAA, PCI, and ISO 27001, to ensure alignment with regulatory requirements and best practices. Developed meticulous security control test plans and conducted in-depth security assessments of information systems, evaluating the effectiveness of administrative, physical, technical, organizational, and policy safeguards. Assessed vendors throughout the Third-Party Cycle Framework (Onboarding, Due Diligence, Monitoring, Termination Plans, Off-boarding), ensuring rigorous scrutiny of vendor practices and adherence to security standards. Determined inherent risk ratings by efficiently tiering, assessing, and monitoring risks linked with vendors, providing valuable insights to inform risk management strategies.

Conducted annual risk assessments of third parties across a spectrum of risk domains, including financial, legal, information security, regulatory and contractual compliance, operational, reputational, and strategic, promoting a comprehensive approach to risk management.

Developed and executed security baseline controls and a comprehensive test plan to assess the implementation and effectiveness of security controls, strengthening the organization's security posture. Evaluated the adequacy of implemented management, operational, and technical security controls through a systematic security control assessment, contributing to a robust security framework. Collaborated in the development of an Information Security Continuous Monitoring Strategy to ensure ongoing effectiveness of all security controls, proactively addressing identified vulnerabilities, and supporting informed risk management decisions. Developed a comprehensive System Security Plan (SSP) to articulate federal information system security requirements

(FISMA) and delineate implemented security controls, enhancing transparency and compliance. Conducted meticulous walkthroughs, formulated comprehensive test plans, documented identified gaps, meticulously recorded test results and exceptions, and devised actionable remediation plans for each testing area, demonstrating a thorough approach to security assessment.

Achievements:

Successfully directed a cross-departmental team in conducting a comprehensive data privacy audit, resulting in a 90% improvement in compliance with internal and external privacy standards, showcasing a commitment to data protection and regulatory adherence.

Security Control Assessor

Geek View Tek Solutions (Frederick, MD)

Responsibilities included: Conducting security assessments, Ensuring compliance with industry standards, Performing vulnerability assessments, Developing and delivering security training programs, Collaborating with clients, Mentoring and training team members, Investigating security incidents Led security assessment engagements, conducting kickoff meetings to define scope, system boundaries, and gather key artifacts.

Conducted GAPP Maturity assessments to evaluate data governance, availability, privacy, and protection; recommended improvements.

Created Requirement Traceability Matrices (RTMs) to map NIST SP 800-53A controls to regulatory requirements and document assessment results.

Developed Security Assessment Plans (SAPs) and assessed moderate-impact systems for compliance with NIST SP 800- 53A Rev 4.

Performed security control interviews and evidence gathering using interviews, examinations, and testing methodologies. Authored Security Assessment Reports (SARs) with detailed findings and remediation recommendations. Reviewed ATO package components (e.g., FIPS 199, PIA, CP, CPT) to ensure FISMA and NIST compliance. Executed vulnerability assessments and scans; identified misconfigurations and tracked remediation via POA&M. Developed core security documents (FIPS 199/200, PTA, PIA, e-authentication) for new and existing systems. Delivered system and security training to team members, enhancing capability and compliance. Served as client liaison, aligning security initiatives with business goals and ensuring stakeholder satisfaction. Dec 2017 - Jun 2019

Contact this candidate