Information Security Risk Management

PRINCE FRIMPONG

*************@*****.***

614-***-****

PROFESSIONAL SUMMARY

Experienced Information Security and Compliance Consultant with a strong track record in third-party risk management, regulatory compliance, and information security frameworks. Demonstrates extensive expertise in assessing vendor risks, designing security policies, and executing comprehensive compliance audits across sectors. Skilled in leading cross-functional teams to embed robust security measures, align with industry standards (ISO 27001, NIST CSF, PCI DSS, GDPR), and support clients in meeting certification requirements.

EXPERIENCE

OHIO HEALTH

IT RISK MANAGER (THIRD PARTY VENDOR RISK ASSESSOR)

05/2020 - PRESENT

· Oversaw third-party vendor risk operations, ensuring the meticulous recording of vendor engagements and the prompt upload of contracts into centralized systems for outsourced services.

·Directed in-depth assessments of third-party vendor risks, crafting detailed evaluations that pinpointed significant vulnerabilities and reinforced the importance of compliance and robust security practices in vendor management.

· Formulated practical solutions for mitigating security exceptions, emphasizing remediation approaches that complied with PCI standards and bolstered organizational security frameworks.

·Discovered and analyzed system weaknesses, driving the execution of risk reduction strategies to resolve penetration testing findings and strengthen overall security defenses.

·Executed continuous evaluations of risks associated with both established and newly introduced technologies, ensuring proactive identification and resolution of potential cybersecurity threats.

·Collaborated with diverse teams—including IT, HR, Legal, and Security— to tackle compliance obstacles, maintaining strict adherence to PCI requirements, corporate policies, and external regulatory expectations.

·Played a pivotal role in governance, risk, and compliance (GRC) initiatives by delivering well-structured risk reports and critical metrics to executive stakeholders, guiding informed decision-making on risk mitigation priorities.

NETWORK CENTER INC

Information Technology Security Assessor

05/2016 - 04/2020

·Oversaw comprehensive Third-Party Vendor Risk Assessments, delivering in-depth evaluations that uncovered vulnerabilities, identified compliance gaps, and emphasized the importance of integrating robust security controls in vendor operations.

·Managed and enhanced vendor risk management programs, ensuring the accurate documentation of third-party engagements and the seamless upload of contracts into the Vendor Risk Management (VRM) system in accordance with organizational policies and standards.

· Designed and implemented strategic solutions to address security exceptions, prioritizing remediation efforts that aligned with PCI compliance requirements and fortified the organization's overall security framework.

·Conducted detailed analyses of system vulnerabilities, spearheading the development and deployment of mitigation strategies to resolve findings from penetration tests and vulnerability scans.

· Performed continuous risk assessments for existing systems and emerging technologies, proactively identifying and mitigating potential cybersecurity threats before they could escalate.

· Collaborated with cross-functional teams, including IT, HR, Legal, and Security, to address compliance challenges, ensuring strict adherence to PCI standards, organizational policies, and relevant regulatory frameworks.

· Played a key role in governance, risk, and compliance (GRC) reporting by translating technical cyber risk assessments into actionable insights, providing senior leadership with critical data to guide strategic decisions on risk prioritization and mitigation.

· Established strong partnerships with internal and external stakeholders, fostering alignment on vendor risk management strategies and promoting consistent advancement toward organizational security objectives.

· Maintained and regularly updated vendor risk policies and procedures to ensure they reflected evolving regulatory requirements, industry standards, and best practices, enhancing the efficiency and effectiveness of the risk management framework.

·Provided subject matter expertise in optimizing the VRM system, ensuring it served as a reliable and centralized repository for vendor contracts, due diligence records, and risk mitigation efforts, driving operational efficiency.

KEYBANK

IT AUDITOR

06/2013 - 05/2016

·Conducted comprehensive evaluations of IT systems to ensure compliance with regulatory requirements and internal policies, reducing overall risk exposure by 20%.

·Identified and addressed critical weaknesses in cybersecurity practices, strengthening data confidentiality, integrity, and protection.

·Designed and implemented risk-focused audit strategies, streamlining processes and reducing audit timelines by 15%.

·Collaborated with cross-functional teams to implement corrective actions, improving IT governance and enhancing internal control mechanisms.

·Performed detailed assessments of IT infrastructure, including network security, software controls, and data protection, leading to a 30% improvement in compliance levels.

·Prepared clear and actionable audit reports for executive leadership, driving improvements in IT security policies and practices.

·Contributed to the development and refinement of disaster recovery and business continuity plans, ensuring organizational resilience during IT disruptions.

·Leveraged analytical tools to optimize audit procedures, identify emerging risks, and support proactive decision-making.

·Evaluated third-party vendors to verify adherence to organizational standards and security protocols, reducing external risk exposure by 25%.

·Mentored junior team members in IT audit methodologies, enhancing their skills and improving the quality of audit outcomes.

·Analyze risks from fintech partnerships by utilizing data and develop mitigation strategies

·Identify and evaluate risks across the product lifecycle with attention to inherent risks, customer impact, process gaps, and control weaknesses

·Develop and maintain a registry of controls to manage fintech risks and utilize for future testing and monitoring

·Contribute to the enhancement of our risk taxonomy and risk assessment methodology for fintech and product domains

·Conduct regular reviews of partner and product data to validate reporting accuracy, detect anomalies, and escalate emerging risk patterns

·Partner with cross-functional teams—including Product, Legal, Compliance, and Financial Crimes—on risk identification for new products, features, and integrations

·Create reports on control performance, Key Risk Indicators (KRIs), and Key Performance Indicators (KPIs)

·Support risk and compliance teams in reporting strategic insights for senior leadership and the Board

·Conduct fintech partner risk assessments including Third Party Risk Management programs.

·Assist with automation of risk reporting and data pipelines to support more timely and actionable insights in collaboration with BaaS Compliance Lead and Product teams

·Contribute to strategic risk enhancements, scenario planning, and forward looking risk assessments

·Complete other projects and duties as assigned

·

Education

VALLEY VIEW UNIVERSITY, VVU

BA ACCOUNTING

CYBERSECURITY TRAINING/SKILLS/STANDARDS

·Compliance & Frameworks: NIST Guidelines Publications, PCI DSS, ISO 27001, IT Security Compliance, NIST SP 800-53, SP 800-53A, SP 800-37, NIST SP 800-171, FIPS, FISMA, FedRAMP, Risk Management Framework (RMF), NISPOM.

·Assessment & Authorization: Certification and Accreditation (C&A), Assessment and Authorization (A&A), Vulnerability Assessment, Network Vulnerability Scanning, Information Assurance, System Risk Assessment, HIPAA & PRIVACY ACT training.

·Tools & Software: Nessus Vulnerability Scanner, ACAS, HBSS, SCAP, Splunk, SharePoint, Nexpose, Power BI, Archer.

·Documentation & Procedures: PTA, PIA, SSP, CP, SAR, POA&M, ATO, ISA, MOU/A, IDS, IPS.

·Office Tools: Microsoft Office.

KEY SKILLS

Good interpersonal communication skills, Results-oriented, Initiative and Creativity, Fast Learner, and Ability to adapt, Critical Thinking, integrity, multi-tasking, strong organizational skills, Strong attention to details, Team builder and player.

CERTIFICATIONS

·CISM – Certified Information System Manager

·CompTIA Security +

Contact this candidate