Risk Management Information Security
Resume:
PATRICE ASSASIE GYIMAH
Dumfries VA, ***** 571-***-**** ******************@******.**
Summary
Results-oriented Cybersecurity Risk Professional with a compelling track record in fortifying organizational security through the implementation of robust controls. Proven expertise in real-time detection and prevention of cyber threats, aligning seamlessly with industry-standard guidelines. Core strengths lie in elevating security controls, delivering expert risk analysis, and managing risks comprehensively. Recognized for refining contract reviews and enhancing information security clauses. Skilled in diverse evaluations across applications, infrastructure, healthcare, finance, insurance, and other critical domains. Well-versed in industry frameworks, eager to apply strategic insights in a GRC or TPRM role, ensuring organizations navigate risks with resilience.
Skills
Analytical Thinking
Business Impact Analysis
Communication
Customer Relations
Team Collaboration
Problem-solving aptitude
Risk Mitigation
Documentation and Reporting
Remediation Management
Business Intelligence
Project Management
Compliance Analysis
Technical Skills
ISO-27001
PCI-DSS
NIST -80053
Risk Management
SOC 1 and 2
Network Security
Application Security
Third Party Risk Management
Control Assessor
Compliance
Audits
Experience
Principal Risk/ Controls Manager
Capital One Financial 04/2024- Present
Ensure thorough risk assessments for all third-party vendors, ensuring compliance and regulatory audit obligations.
Collaborate with cross-functional departments within Security, Procurement, and Legal on process improvements and workflow integrations to provide improved customer experience.
Led independent security reviews across multiple IT systems, ensuring compliance with controls and regulations.
Supported the analysis of SOC 1 and 2 reports, identifying control gaps and recommending improvements.
Supported audits, efficiently escalating vendor issues for timely resolution.
Implemented and monitored DLP policies to prevent unauthorized data exfiltration, particularly for sensitive financial information across integrated platforms.
Contributed to security architecture reviews for hybrid cloud environments, specifically assessing AWS security configurations and compliance controls.
Provided Detailed reports of assessments to business owners and the vendor management office, communicated associated risks and remediation actions.
Led annual Application Profile Reviews for third-party vendors
Facilitated the development and documentation of Risk Management Procedures and guidelines.
Monitoring of systems, applications networks to ensure efficient operations and compliance to regulations and procedures.
Managed and documented JIRA ticketing to include user Stories, Backlogs and Sprints
SR IT Third Party Risk Analyst 12/2022 to 03/2024
GoHealth Illinois City, IL
Led third-party risk assessments, ensuring compliance with global data protection regulations.
Translated technical security concepts for legal, sales, and marketing teams during contract reviews.
Provided Detailed reports of assessments to business owners and the vendor management office, communicated associated risks and remediation actions.
Utilized e-GRC tools such as RSA Archer to ensure secured and prompt communication of findings and deployment of questionnaire to the vendor and to track vendor progress on remediation.
Tiered/Categorized vendors based on the level of data they have access to, performing continuous monitoring by assessing tools during onsite visits and ensure data protection at all sites.’
Ensured third-party relationships adhered to company policies and procedures and complied with regulatory guidelines and industry best practices.
Reviewed corrective action plans, validated remediation controls, and followed up on processes.
Managed strategic customer audits and Security Services responses, ensuring proactive risk management.
Cyber Security Risk/ Third Party Risk 08/2021 to 12/2022
US Bank McLean, VA
Led internal audits, conducted risk self-assessments, and fortified security controls for early risk detection.
Conducted in-depth third-party risk assessments, vendor reviews, and controls testing.
Mitigated third-party risks through robust vendor assessments and compliance monitoring.
Assessed third-party vendor capabilities concerning DLP strategies and secure data handling within their cloud services, including AWS-based solutions.
Reviewed network security architectures for third-party integrations, specifically evaluating hybrid cloud connectivity and AWS security group configurations.
Engineered a backup app with the Engineering Team, fortifying system resilience post-security breaches.
Orchestrated BCP and DR Testing, leveraging Cutover Software for streamlined business recovery automation.
Provided expertise in SOC 1 and SOC 2, ensuring strict adherence to security trust criteria.
Security Control Assessor/ Vendor Relations 05/2019 to 06/2021
FORVIS Tysons Corner, VA
Conducted in-depth risk-based security assessments of housed, cloud, vendor, and third-party hosted environments, assessing risks.
Evaluated and monitored procedures and internal controls for physical security over data centers and computer operations, network communications, database management systems, change management overall IT areas, and operating system security.
Executed access reviews, contributing to robust security compliance and data protection measures.
Supported the implementation of DLP solutions by accessing data flows and identifying sensitive information across various systems.
Assisted in reviewing cloud security postures, including initial assessments of AWS environments, to identify potential vulnerabilities.
Conducted testing and monitoring activities to assess and uphold security standards.
Managed third-party onboarding, analyzing risk assessments for new engagements, and bolstering vendor risk management.
Education
Master of Science: Management & Strategy 08/2019
Michigan State University East Lansing, MI
Bachelor of Science: Economics 09/2015
Strayer University Virginia, USA
Associate of Applied Science: Business/IT Applications 09/2004
ECPI University Virginia Beach, VA
Certifications
CRISC
Comptia Security +
Contact this candidate