Risk Management Technical Support

EDWARD GARBRAH

Mobile: 267-***-**** Email: *******@*****.***

EXPERIENCE SUMMARY

Risk Management & Security Assessments: Risk analysis, vulnerability assessments, security control evaluations, security risk management planning

Compliance & Regulatory Frameworks: NIST SP 800-53, NIST SP 800-66, HIPAA, PCI DSS, ISO 27001, SOX, Risk Management Framework (RMF)

Cybersecurity & IT Governance: Security authorization reviews, threat modeling, assurance case development, governance frameworks

Systems & Networking: Active Directory, Microsoft Entra ID, Intune, Group Policy, VMware View, Citrix, SCCM, Windows Server, Linux

ITSM & Technical Support: ITIL processes, ServiceNow, incident management, troubleshooting, change management, vendor security assessments

Cloud Security & Compliance: Cloud provider security audits, identity and access management (IAM), security policies enforcement

Automation & Scripting: PowerShell, Bash, Ansible

Privacy & Healthcare Security: HIPAA security reviews, privacy compliance, data protection strategies, third-party/vendor security assessments

Security Tools & Operations: SIEM platforms, intrusion detection/prevention (IDS/IPS), endpoint security solutions, firewall management

EXPERIENCE

Liberty Mutual Insurance

(Information Security Analyst) February 2023 – March 2025

●Performed vendor security assessment on new or existing vendor provided services

●Performed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and polices safeguards to maintain HIPAA compliance base on Office of Civil Right (OCR) protocol, NIST SP 800-66 Rev1 and security controls (NIST SP 800-53)

●Conducted IT controls risk assessments that include reviewing organizational policies, standards, procedures and guidelines

●Analyzed organizational information security policy needs based on stakeholder interactions, develop and publish policy, standards, security handbook, and procedures for implementation ensuring alignment with leading IT Security Frameworks

●Created remediation strategies for weaknesses based on priorities

●Conducted Security assessments on internal hosting applications within health systems and assessing control gaps.

●Development of HIPAA compliance reports, documenting auditing findings and development of corrective actions plans

●Developed Remediation Plans regarding the results of the HIPAA Security

●Provided support and security related guidance to system owners, business units, PMs and other stakeholders.

●Complete risk assessments, security requirements analysis, and security testing for existing and new applications.

●Created assessment reports and track remediation activities

●Communicated with IT client team to gather evidence, developed test plans, testing procedures and documented test results and exceptions

Cencora

(Security Control Assessor) January 2021 – February 2023

●Conducted risk assessments, provided recommendations and engaged in remediation activities

●Developed and implemented security standards, and researched on the latest security trends

●Performed security awareness campaigns and regularly educating the staff on emerging security issues to be alert to protect the hospital

●Conducted third party/vendor security assessment for new and existing application

●Monitored, reported and educated staff on HIPAA security and Privacy compliance

●Reviewed and Analyzed reports of third parties and Data Center

●Assisted in the development of key security standards and guidelines by performing an in-depth security assessment

using frameworks like PCI DSS, ISO 27001 and SOX to help gain compliance

●Routine development of HIPAA compliance reports, documenting auditing findings and corrective actions

●Demonstrated ability to manage a privacy program in an integrated healthcare delivery system

●Led role in healthcare with emphasis on implementation of health information privacy programs in patient care environment

U.S. Bank NY

Sr. Tech Service Desk Analyst February 2016 – December 2020

Provided technical support for workstations, mobile devices, and printers ensuring timely resolution of hardware and software issues.

Utilized ITIL processes to manage incidents, requests, and changes, improving overall service management and reducing downtime.

Worked with ServiceNow ITSM system to track and document all service desk interactions, ensuring comprehensive records and seamless workflow.

Supported Citrix and VMware View environments, enhancing Virtual Desktop Infrastructure and user

experience.

CERTIFICATIONS

- CompTia Security +

EDUCATION

DeVry University Fort Washington, PA

Associates Degree in Applied Science

Contact this candidate