Risk Management Internal Audit
Resume:
LYDIA
ANSAH
********@******.** 571-***-****
Woodbridge, VA 22191
PROFESSIONAL SUMMARY
A seasoned Governance, Risk, and Compliance (GRC) Analyst with 5 years demonstrated history of adeptly overseeing governance, risk, and compliance endeavors. Proficiency lies in establishing and upholding compliance frameworks by prevailing industry benchmarks and regulatory mandates including ISO, NIST, GDPR, and FedRAMP. Skilled in conducting comprehensive risk evaluations, formulating policies and protocols, and fostering collaborative efforts across diverse teams to ensure organizational adherence. Possesses keen analytical insight, meticulous attention to detail, exceptional communication, and interpersonal proficiencies. Proficient in utilizing various GRC platforms.
SKILLS
Policy Analysis
Vendor Risk Management
Risk Assessment management.
Security Questionnaire
Business continuity Assessment (BIA)
Report Writing
Regulatory Compliance Audit
ISO Compliance
Service Now
GRC Tools
NIST-800
POA&M
Vulnerability Management
Security and Assessment Documentation
WORK HISTORY
Information Systems Security Officer (ISSO)/GRC Analyst Pacific Life - Lynchburg, VA 12/2023 - 04/2025
Assisting senior-level management and/or project managers in coordinating activities with internal audit, compliance, regulatory, security, and operations.
Support risk assessments and update the Archer with risk scores and status.
Successfully led a first-time FedRAMP certification process for an organization, completing the entire FedRAMP package including drafting the System Security Plan (SSP) and all necessary attachments, demonstrating thoroughness and attention to detail.
Support internal audit planning and execution through Archer.
Collaborate with system administrators, engineers, and developers to create or update system/site policies, procedures, and process guides.
Monitors for threats, vulnerabilities, and incidents and ensure system configurations follow SOC 2 security requirements.
Experienced in writing and updating policy, standards, process, and procedures to meet industry regulations and best practices.
Conduct security risk assessments and provide recommendations to senior management, which led to the successful mitigation of high-risk vulnerabilities and a decrease in overall security risks.
Coordinate auditing activities for compliance programs which include, but are not limited to, controls that meet SOC 2 Type 2, ISO 27001 family, FedRAMP, GDPR, Third party risk management and Data Privacy
Monitored and tracked remediation progress using the eMASS tool, and developed comprehensive test plans, documenting results and exceptions.
Collaborated with penetration testers during security assessments to understand testing objectives, scope, and methodologies.
Serve as a liaison on information security governance matters, providing guidance and support to internal stakeholders and external auditors.
Compliance /GRC Analyst Cetera Financial Group - San Francisco, CA 07/2022 - 12/2023
Assisting senior-level management and/or project managers in coordinating activities with internal audit, compliance, regulatory, security, and operations
Ensuring adherence to standard processes, procedures, and controls
Participating in project/engagement meetings and overseeing project task tracking
Communicating with internal project/engagement team members
Providing ongoing guidance to one or more businesses regarding their consumer compliance risks, regulatory obligations, and measures to mitigate these risks.
Conducting compliance risk assessments and reviewing compliance policy and training content
Documenting critical regulatory requirements and ensuring that business units have established controls in line with these requirements.
Overseeing regulatory changes, evaluating their impact, and monitoring the business unit's efforts to address them.
Assessing consumer compliance risks and controls for new or improved product and service offerings
Reviewing and offering risk-related feedback on disclosures, marketing materials, business policies/procedures, and other compliance-related content
Collaborating with various cross-functional teams, such as legal, risk, and business units, to ensure compliance with consumer protection laws, regulations, and policies.
Maintaining current and comprehensive knowledge of key U.S
Consumer protection, privacy, and banking laws and regulations, as well as the most recent interpretations
Leading and/or supporting Compliance team projects, initiatives, and process enhancements as necessary.
IT Risk Analyst 5 - Richmond, VA 01/2020 - 07/2022
Evaluated third-party applications for compatibility with organizational risk requirements before deployment into production environment.
Offering day-to-day guidance to one or more businesses regarding their consumer compliance risks, regulatory obligations, and measures to mitigate these risks.
Conducting compliance risk assessments and reviewing compliance policies and training materials
Ensuring that key regulatory requirements are documented and that business units have established controls aligned with these requirements.
Evaluating consumer compliance risks and controls for new or updated products and service offerings
Reviewing and providing risk-related feedback on disclosures, marketing materials, business policies, and other compliance-related content
Collaborating with cross-functional teams, including legal, risk, and business units, to ensure compliance with consumer protection, privacy, and banking laws and regulations.
Maintaining up-to-date knowledge of relevant U.S
Consumer protection, privacy, and banking laws and regulations, as well as the latest interpretations
Driving or supporting Compliance team projects, initiatives, and process enhancements as required
Enhanced IT risk management by implementing comprehensive assessments and monitoring processes.
EDUCATION
University of Ghana - Ghana 06/2009
Bachelor of Science: computer science: Information Technology
CERTIFICATIONS
CompTIA Security+
CompTIA CASP+
PROJECTS
Vendor Risk Management.
Risk Assessment management.
Security Questionnaire.
Business continuity Assessment (BIA).
Report Writing.
Vulnerability Management
Contact this candidate