ABDUL SAMED TANKO
GOVERNANCE, RISK, AND COMPLIANCE (GRC) ANALYST
*************@*****.*** +1-701-***-**** WA
PROFESSIONAL SUMMARY:
With 12 years of experience as a GRC Analyst and Third-Party Risk and Compliance Analyst, I excel in developing and implementing robust Governance, Risk Management, and Compliance (GRC) frameworks. I have a proven record of accomplishment in conducting thorough risk assessments, managing vendor relationships, and ensuring adherence to regulatory standards such as ISO 27001, SOC 2, GDPR, PCI DSS, FISMA Compliance, and NIST Special Publication 800-53. My ability extends to implementing effective risk mitigation strategies and fostering a culture of compliance through training and collaboration across functional teams. I am dedicated to enhancing organizational security posture while staying abreast of emerging threats and industry best practices.
AREAS OF EXPERTISE:
Governance, Risk Management, and Compliance (GRC): Proficient in developing and implementing policies and procedures to ensure adherence to regulatory requirements and industry standards.
Cyber Security Tools Deployment: Experienced in deploying and managing advanced tools such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), and endpoint protection solutions to enhance organizational security posture.
Security Assessments: Skilled in conducting comprehensive security assessments, including vulnerability scans, penetration testing, and risk assessments, to find and prioritize security vulnerabilities. Threat Intelligence Analysis: Proficient in analyzing threat intelligence feeds and staying updated on emerging cyber threats to proactively mitigate potential risks.
Continuous Monitoring and Threat Hunting: Experienced in implementing continuous monitoring solutions and conducting proactive threat hunting activities to detect and respond to security incidents in real-time, minimizing the dwell time of threats within the environment.
Incident Response: Experienced in leading incident response efforts, including incident triage, containment, eradication, and recovery, to minimize the impact of security incidents on organizational operations.
Security Awareness Training: Capable of developing and delivering security awareness training programs to educate employees on security best practices and promote a culture of security awareness within the organization.
Compliance Management: Ability in managing compliance with relevant regulations such as GDPR, HIPAA, PCI DSS, FISMA, and industry standards like ISO 27001, ensuring alignment with legal and regulatory requirements. Risk Assessment and Mitigation: Skilled in conducting risk assessments, finding security risks, and implementing risk mitigation measures to protect organizational assets and minimize potential impact. CrossFunctional Collaboration: Effective communication and collaboration skills to work closely with crossfunctional teams including IT, legal, compliance, and business stakeholders to ensure alignment of security initiatives with organizational goals and aims.
PROFESSIONAL EXPERIENCE:
MORGAN STANLEY
Information Systems Security Officer- (ISSO) Dec 2020 – Present
•Provide guidance and advice to the Information System Owner (ISO) on the security controls applicable to information systems.
•Help with the design and implementation of information systems security policies, procedures, and practices.
•Monitor any changes to information systems and their environment and suggest proper measures.
•Identify, report, and respond to any potential security incidents.
•Participate in risk assessment processes, including the identification, analysis, and mitigation of security threats and vulnerabilities.
•Provide technical support in the completion of security assessments and/or risk analyses of systems. • Coordinate with other information security staff to ensure that the organization’s security posture meets right standards (e.g., ISO 27001, NIST 800-53, etc).
•Develop, coordinate, and implement incident response plans.
•Use of MASS to conduct security assessments and reviews.
•Review ACAS scan and input test results during assessment.
•Assessing the effectiveness of existing security controls and measures in place, including access controls, encryption methods, and intrusion detection systems.
•Document assessment findings, including identified vulnerabilities, weaknesses, and recommendations for improvement, in detailed reports.
CARDINAL HEALTH
Third Party Risk and compliance Analyst Aug 2017 – Nov 2020
•Conduct thorough due diligence on third-party vendors, resulting in the identification and mitigation of 75+ potential compliance risks.
•Develop and implement a third-party risk management framework, leading to a 30% improvement in vendor compliance and risk mitigation processes.
•Perform ongoing monitoring and periodic assessments of third-party vendors, ensuring continuous compliance with regulatory requirements and internal policies.
•Utilize tools such as OneTrust and BitSight to assess and check third-party risk, improving assessment efficiency by 35%.
•Coordinate with legal, procurement, and IT teams to address and resolve third-party compliance issues, reducing resolution time by 20%.
•Develop and support a comprehensive third-party risk register, tracking and managing over 150 vendor relationships.
•Create and deliver training sessions on third-party risk management and compliance for internal stakeholders, enhancing team knowledge and awareness.
•Conduct regular reviews and updates of third-party contracts to ensure compliance with regulatory standards and best practices.
•Develop and implement corrective action plans for non-compliant vendors, achieving a 25% reduction in non-compliance incidents.
•Analyze third-party risk data to generate insights and recommendations for improving the overall risk management strategy.
•Stay informed on industry trends and regulatory changes affecting third-party risk and compliance, ensuring the organization adapts to evolving requirements.
MOLINA HEALTHCARE
Risk and Compliance Analyst Jan 2013 – Jul 2017
•Designed and implemented a comprehensive risk assessment framework, enhancing the organization's ability to identify and manage emerging risks by 35%.
•Conducted quarterly compliance reviews and gap analyses, leading to the resolution of 90% of identified compliance issues within six months.
•Established and supported a risk and compliance database, tracking and documenting risk incidents and compliance breaches across 20+ projects.
•Collaborated with IT and cybersecurity teams to assess and mitigate technology-related risks, reducing the likelihood of data breaches by 25%.
•Developed risk mitigation plans and control measures, resulting in a 30% decrease in high-risk incidents.
•Facilitated risk workshops and training sessions for project teams, improving overall risk management capabilities and awareness among 100+ employees.
•Created and implemented compliance checklists and protocols, ensuring adherence to regulatory requirements and industry standards.
•Conducted internal audits and assessments, providing detailed reports and recommendations for risk and compliance improvements.
•Managed the organization's incident response plan, coordinating efforts to address and resolve compliance and risk incidents efficiently.
•Worked closely with external auditors and regulatory bodies during compliance audits, achieving positive audit outcomes and maintaining a strong compliance record.
•Utilized data analytics tools to check risk trends and compliance metrics, providing insights that informed strategic planning and risk management decisions.
EDUCATION:
BSc Computer Science CERTIFICATIONS:
Certified CompTIA Security
Certified Information Security Auditor (CISA) SKILLS
NIST ISO 27001 CIS Critical Security Controls Threat modeling IOC analysis Threat feed management Security system management IDS/IPS SIEM VPN Vulnerability assessment Risk analysis Mitigation planning
Incident handling Forensic analysis Digital forensics GDPR HIPAA PCI DSS Regulatory compliance
Trello Slack Jira Confluence Governance, Risk, and Compliance (GRC) FISMA Compliance NIST Special
Publication 800-53 Skilled Collaborator Solution Oriented Professional Policy Development and
Documentation Risk Management Framework (RMF) Security vulnerability assessment System Security
Plan (SSP) Assessment Report (SAR) Assessment and Authorization (A&A) Incident Response Plan Data Loss Prevention / Data security Risk control self-assessment TPRM PCI-DSS SOC SOX Risk Assessment and Mitigation Threat Hunting Palo alto Rapid7 Nessus Qualys Wiz SecurEnds Archer RSA Malware Analysis Security Awareness Training
ACHIEVEMENTS:
•As a GRC Analyst, I have consistently driven significant improvements in compliance and risk management. I developed and implemented robust GRC frameworks that reduced compliance gaps by 20% and identified
and mitigated over 60 security vulnerabilities. My use of advanced GRC tools like RSA Archer and ServiceNow GRC increased operational efficiency by 45%, while my vendor risk assessments ensured regulatory compliance for over 120 partners annually.
•I excel at fostering a culture of compliance through training and mentoring, and my incident response coordination minimized security incident impacts. I delivered strategic compliance reports to senior leadership, offering insights for continuous improvement. My proactive risk management and thorough compliance reviews led to a 30% improvement in vendor compliance and resolved 90% of identified issues within six months.
•In addition to my technical ability, I have a strong track record of cross-functional collaboration, working closely with IT, legal, procurement, and business teams to align security initiatives with organizational goals. This collaborative approach has enabled the seamless integration of risk management practices into daily operations, significantly enhancing the organization's overall security posture. My commitment to staying current with industry trends and regulatory changes ensures that our GRC practices are still effective and up to-date, safeguarding the organization's assets and maintaining compliance with evolving standards.