Accomplished IT Security & Risk Professional
Resume:
ALFRED ACQUAYE
+1-914-***-**** **************@*****.*** Norfolk, Virginia, United States
Professional Summary:
.A dedicated technology professional with five years of extensive experience in IT, vulnerability and risk assessment, compliance, and leveraging best practices to help businesses boost their defences and safeguards toward maximizing their investment in technology with the least acceptable risk. A proven ability to build technical architecture and specifications with senior IT leaders. Excellent problem-solving and creative solution skills. Strong collaboration and communication skills with the ability to lead and influence teams. A solid understanding of project management concepts and time management. High-quality documentation and client presentation skills. I am self-motivated and committed to continuous learning in cybersecurity.
Technical Skills:
Information Security Governance Risk & Compliance (GRC) Risk & Vulnerability Management Security & Privacy Risk Management Data Lifecycle Management (Retention, Archival, Disposal, Legal Hold) Data Classification Frameworks Secure Coding Practices Application Security Strategy Compliance Audits & Assessments Policy Development & Risk Mitigation
Vendor Risk Assessments Privacy Compliance & Data Protection Incident Response & Breach Management NIST GDPR
CCPA HIPAA ISO 27001 OWASP Top 10 Collibra Informatica Alation Gimmal Vulnerability Scanning Tools
Certifications:
•CISA – Certified Information Systems Auditor
•Sec+ – CompTIA Security+
Professional Experience:
Senior Vulnerability Analyst
City of Norfolk, Norfolk, United States 12/2023 – Present
Advise the business on strengthening and managing their control environment concerning oversight of procedures/processes, accurate regulatory reporting and filings, governance documentation, risk control self-assessments, and control design and new product controls.
Support design and building of an end-to-end enterprise application security program, including a centralized and decentralized model for application security testing, code scanning, issue tracking, issue remediation, key metrics, and application logging.
Run large-scale programs that span the enterprise to deploy and manage dynamic scanning solutions.
Evaluate third-party tools and solutions from a security perspective.
Work with the architecture team to implement best practices around cookie and session storage.
Develop, maintain, and report on crucial application security metrics – both as a program and on an individual basis; creating metric templates and scoring models
Coordinate with engineering, business, and technical subject matter specialists to identify and mitigate Information Security issues and incidents.
Assist with Pen Testing of web-facing applications and run DAST for vulnerability assessment.
Manage and design the issue management around web application vulnerabilities, their tracking, reporting, metrics, resolution, and validation.
Take a proactive approach to dealing with threats by using threat analysis to determine the most vulnerable components of an application and fortify them.
Conduct deep-dive sessions with development teams and understand attack surfaces, threats, security controls, and security design flaws.
Established and maintained strong working relationships with various stakeholders, especially within our engineering teams, to ensure timely remediation.
Explained associated risks, identified dependencies, and facilitated remediation by providing necessary details and context.
Distributed tasks and assign tickets to optimal teams for resolution and track completion against established SLAs
Maintained awareness of evolving vulnerabilities and exploit techniques
Performed vulnerability and risk assessments of systems and networks within the networking environment
Performed host, network, cloud, application-based, and process-based security control assessments.
Assessed the impact of reported vulnerabilities and help implement mitigation strategies based on severity.
Provided technical assistance for internal system assessments supporting the Authorization and Accreditation process.
Worked and coordinated with various teams, such as the Security Incident Handling and Response team and the SIEM management team.
Improved security service solutions and offerings by staying current on security conferences, seminars, reading, research, and testing.
Maintained, improved, and leveraged an objective, quantitative risk assessment model.
Coordinate with all relevant personnel to obtain pertinent vulnerability information and findings concerning network security.
Maintained a consolidated vulnerability list that includes new and existing vulnerabilities and ranks them quantitatively in risk.
Conducted briefings on vulnerabilities and current risk exposure and provided remediation recommendations.
Evaluated the design and effectiveness of the control environment; tracked, monitored, and maintained control issues; developed and assisted with remediation plans; and prepared compliance summaries.
IT Risk & Compliance Specialist
Dollar Tree and Family Dollar, Chesapeake, United States 03/ 2022 – 12/2023
•Developed and implemented a custom secure configuration module for a high-traffic internal application, reducing misconfiguration-related incidents by 45% and ensuring compliance with internal security policies and industry frameworks (e.g., NIST, OWASP).
•Supported the Enterprise Risk team by documenting control processes, analyzing control test results, and updating procedural documentation.
•Participated in walkthroughs with business owners to understand risk control frameworks and drafted process narratives for compliance reporting.
•Assisted in conducting vendor assessments by reviewing risk questionnaires, SOC reports, and insurance documentation for critical suppliers.
•Contributed to the creation of risk heat maps and inventory dashboards used in quarterly audit committee presentations.
•Researched and presented updates on regulatory developments (e.g., GLBA, FISMA revisions) that informed internal compliance strategy.
•Coordinated IT risk and compliance activities across cloud and on-premises infrastructure, aligning practices with COBIT 5 and CIS Controls.
•Performed risk assessments for infrastructure upgrades and cloud migrations, highlighting key access control and encryption gaps, which were remediated pre-launch.
•Assisted with the development of IT General Controls (ITGCs) and control test plans in support of SOX and PCI DSS readiness efforts.
•Worked with the Business Continuity team to update the organization’s Business Impact Analysis (BIA) and Disaster Recovery Plans (DRPs), including participation in tabletop exercises and incident response tests.
Drafted and refined
GRC Analyst
Kelly Services, Newport News, United States 03/2018 – 01/2022
•Identified and contained multiple phishing campaigns through proactive email threat analysis, reducing user impact by 70% and contributing to enterprise-wide awareness training improvements.
•Spearheaded enterprise risk assessments across multiple departments and third-party engagements, identifying key operational, compliance, and cybersecurity risks in alignment with NIST 800-53, COSO ERM, and ISO 27001 frameworks.
•Utilized a GRC platform (e.g., RSA Archer, ServiceNow GRC) to document and maintain risk records, update risk treatment statuses, and generate executive dashboards for risk reporting.
•Represented Risk in high-visibility PMO projects, ensuring significant risks were identified, monitored, and escalated. Successfully integrated risk reviews into project lifecycle milestones, improving risk visibility at the planning phase.
•Partnered with business units to conduct process-level risk interviews and walkthroughs, resulting in the creation of updated control narratives, flowcharts, and populated risk assessment templates for leadership review.
•Co-authored and maintained Enterprise Risk Management policies and procedures, ensuring alignment with regulatory guidance, industry best practices, and internal audit recommendations.
•Facilitated the risk lifecycle for multiple teams, guiding them through identification, analysis, mitigation, monitoring, and periodic certification. Reduced average remediation time by 30% through improved tracking and follow-ups.
•Supported third-party risk management by helping establish vendor risk profiles, streamlining risk onboarding, and participating in vendor risk reviews in partnership with Procurement, Legal, and ISO.
•Collaborated closely with the Information Security Office to align IT risks with enterprise risk objectives, including support for security audits and policy implementation initiatives.
•Contributed to business continuity and disaster recovery efforts by reviewing and updating Business Impact Analysis (BIA) reports, supporting scenario planning, and validating recovery time objectives (RTOs) for mission-critical processes.
IT Support Help Desk
Inter-Con Security Systems, Accra-Ghana 06/2013 – 05/2017
•Performed vulnerability scanning and security configuration assessments across enterprise systems.
•Identified security weaknesses and worked closely with system owners to implement mitigation strategies.
•Created risk assessment reports aligning security issues to NIST, FISMA, and ISO 27001 standards.
•Assisted with internal audits and continuous monitoring tasks to ensure control implementation.
•Provided Tier II/III security support, including incident response and log analysis.
Education:
•MS in Cybersecurity, Dominion University, Norfolk, United States, 05/2024
•BSc in Cybersecurity, Old Dominion University, Norfolk, United States, 05/2023
Contact this candidate