Analytical skills, Effective Communication skills, Portfolio Analysis
Resume:
CHARLES AMANQUAH
Bordentown, NJ 609-***-**** *****************@*****.*** https://www.linkedin.com/in/charles-amanquah
INFORMATION SECURITY/RISK MANAGEMENT ASSOCIATE
Highly skilled and meticulous professional with over 10 years of leadership in information security, risk management, operations management, strategic planning and analysis and project management. Experience in streamlining and improving risk processes, enhancing productivity, and implementing effective solutions. Ability to develop security policies and procedures & guidelines and execute comprehensive audit plans, assess complex IT environments, and effectively communicate findings to management. Solution-oriented, highly analytical individual with expert-level knowledge and experience in Sarbanes-Oxley (SOX), NIST, FISMA Security Content, SOC 2, IT Control Frameworks, Vulnerability Management, Security Assessment Framework, Cybersecurity Administration, POA&M, Incident and Contingency Planning and Risk Management. Excellent communicator and skilled at building and developing relationships with management, internal departments, clients, and external parties to achieve business and financial in fast paced environment
TECHNICAL SKILLS
PCI-DSS, ITGC, SOX, HIPAA, SOC1 and 2 Review, OCC, FISMA, NIST Standards, SSP, ST&E, SSAE18/SOC, ISO 27001/27002, GDPR, COSO, COBIT, Risk Assessments, Audit Engagements,
Power Microsoft Office (MS), Excel Power Pivot, MS Access
Risk Management & Basell II
PROFESSIONAL EXPERIENCE
KAIROS VISION CONSULT Remote, CT April 2019 – Present
Information Security and Risk Management
Leads IT risk management projects as Subject Management Expert (SME)
Collaborates with business departments to evaluate the impact of critical business decisions on information security threats, vulnerabilities, and risks.
Manages the development and implementation of new IT system security plans to meet NIST Standards
Documents, audits, and reports on security compliance with the internal departments and information security management.
Leads SOX end-to-end walk-throughs of each in-scope process/application, including assessment of control design and system functionality.
Executes testing procedures to evaluate the design and operating effectiveness of controls, principally IT General and Automated application controls, key report, SDLC, and Cybersecurity testing.
Documents accurate, logical, and detailed work papers that effectively describe the audit objective, control testing procedures and results, and conclusions reached.
Collaborates with IT team in developing control design and standard operating procedures to support internal controls documentation.
Supports project management activities throughout all phases of SOX work which will include monitoring project plans and assigned areas, tracking engagement progress and reporting to managers. Updates the risk control matrix to maintain relevant documentation for the audit plan.
Supports IT Systems deployments, upgrades and significant enhancements, risk assessing applications and collaborating on controls design and standard operating procedure development and implementation.
Takes ownership of individual assignments, delivering high quality and timely audit work papers.
Establishes and maintains excellent relationships within the team, co-sourced audit team, with business and technology stakeholders, and with external auditors.
Participates in weekly meetings to determine changes within the operation and IT processes to recognize areas of risk and define audit plan base on risk assessment methodology
Updates System Security Plans (SSP) based on NIST Standards and conduct annual self-assessment
Supports the Security Assessment and Authorization (SA&A) by testing for the soundness of management, operational, technical and privacy controls
Reviews, analyzes, and evaluates the security controls used to protect the data of the organization
Creates Security Assessment Reports (SAR) to record vulnerabilities and associated risks
Updates plan of action milestone (POA&M) and risk assessments based on findings assessed through monthly updates
Administers industry standards including ISO, and COBIT to keep risks at an acceptable level within the information system
Develops policy and procedural controls relating to management, operational and technical controls.
Revise the vulnerability management program to create dashboards that automates exception process and tracks trending metrics against vulnerability standards
Ability to think strategically and proactively identify opportunities to streamline or enhance risk processes and governance.
Participate in regulatory reviews, internal audits, and compliance testing as needed.
Collaborate with business units, risk owners, and control partners to gather, validate, and analyze risk and control data.
KAIROS VISION CONSULT Remote, CT June 2017 – April 2019
(Third Party Risk Management)
Conducted risk assessment and formulated a road map for risk mitigation
Assessed business practices and identified opportunities to promote third-party risk management
Documented and reported all risk issues to vendor assessment management team and business partners
Built strong physical and technical security controls from ground up
Developed and implemented new IT Security Policies to meet NIST standards
Selected baseline security control requirements for systems based on NIST SP 800-guidance
Assisted with collection of documentation from stakeholders to close POA&M items
Prepared and maintained security documentation (SSP/ RA/ CP/ PIA/ FIPS) categorization
Assists in the development of security education and awareness programs within the organization
Review and challenge vendor purchase requisitions (PRs) to determine vendors that required enhanced vendor risk assessment and due diligence
STANDARD CHARTERED BANK Accra, Ghana May 2011 – June 2017
Senior Risk Officer
Ensured the risk management framework and policies were effectively communicated and implemented across the function and for administered related governance and reporting processes
Managed the integrity of the group’s risk/return decisions to ensure that credit risks for clients were properly assessed and risk/return decisions were transparent in accordance with policies and procedures
Exercised credit risk approvals authority with retail banking clients
Communicated the strategic intent and collective agenda for the retail banking credit function
EDUCATION AND CERTIFICATION
Certified Information Systems Auditor (CISA)
Executive Master of Business Administration GIMPA Ghana
Bachelor of Arts, Economics and Management University of Ghana Legon, Ghana
Contact this candidate