Cybersecurity Risk & Cloud Security Professional
Resume:
Kwame Oduro
Phone: 815-***-**** Email: ********@*****.***
OBJECTIVE
Experienced Cybersecurity professional with over five (5) years of expertise in cyber risk management, information assurance, vulnerability management, threat analysis, application security, data security, and Vendor Risk Management across on-premises and cloud environments, including AWS. Proven ability to manage enterprise vulnerability management programs, identify risk exposures, and execute effective remediation action plans that strengthen organizational security posture.
Strong knowledge of cloud security architecture, AWS security services, Data Loss Prevention (DLP) strategies, data classification, and data protection controls to safeguard sensitive information in hybrid and cloud-native environments. Well-versed in security frameworks, technologies, and best practices with emphasis on FISMA/NIST, SOC 1 & SOC 2, PCI DSS, and ISO/IEC 27001.
Hands-on experience with the NIST 800 Series, cloud and system security monitoring, auditing, Security Assessment & Authorization (SA&A), and comprehensive risk assessments for General Support Systems (GSS) and Major Applications (MA). Recognized as a collaborative team player and proactive security advocate who partners effectively with cross-functional and cloud engineering teams to reduce risk and ensure compliance.
PROFESSIONAL CERTIFICATIONS
CompTIA Security+
Certified Authorization Professional (CAP)- In progress
Certified Information System Auditor (CISA)- In progress
EDUCATION
Ms. Information Security System May 2019 to present
LEWIS UNIVERSITY, ROMEOVILLE, IL
Bachelor of Science July 2003
UNIVERSITY OF SCIENCE AND TECHNOLOGY, KUMASI, GHANA.
AREAS OF EXPERTISE
Vendor Risk Management, RMF, Continuous Monitoring, Risk Assessment, Change Management, Contingency Planning; NIST 800-53, FIPS, FISMA. ISO 270001.
SUMMARY OF QUALIFICATION
Vendor Risk Management
Perform Security Assessment and Authorization (SA&A) documentation
Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems
Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A
Excellent with NIST RMF and Agencies Ongoing Authorization process.
Working knowledge of FISMA controls with the ability to develop and document controls
Knowledgeable about NIST publication including FIPS 199, SP 800-60, SP 800-53rev4, SP -800-137 and FEDRAMP
Ability to Develop and manage POA&Ms
Ability to multi-task, work independently and as part of a team
Strong analytical and quantitative skills
Effective interpersonal and verbal/written communication skills
Strong background in Networking
WORK EXPERIENCE
SnapLogic Inc. July 2022 to Present
Cyber Security Analyst- Data Security
Develop and maintain internal security and compliance controls aligned with company policies, regulatory requirements, and cloud security best practices.
In depth knowledge of firewall security control that monitors and filters network traffic to allow legitimate traffic and block unauthorized or malicious access between networks and data encryption program, e.g. (TLS 1.2) or (TLS 1.3)
Maintain patch management of servers and provide detailed compliance reports on a
routine basis to management.
Strong knowledge of proxies which is used with integration platforms like SnapLogic to control outbound API to enforce security policies, log traffic, and restrict external access.
Administer and support Data Loss Prevention (DLP) controls across AWS cloud environments, SaaS applications, endpoints, and data repositories to safeguard sensitive and regulated data.
Define, implement, and tune DLP policies to detect, monitor, and prevent unauthorized access, sharing, or exfiltration of data in cloud and hybrid environments.
Perform and document control testing; lead remediation efforts to address identified security gaps across cloud infrastructure and applications.
Investigate DLP alerts and cloud security incidents, conduct root cause analysis, and coordinate remediation to reduce data leakage and insider risk.
Lead compliance audits and partner with cross-functional teams to collect evidence related to AWS, cloud security controls, and regulatory frameworks.
Maintain access reviews, IAM controls, and security logs supporting AWS, SaaS platforms, and enterprise systems for audit readiness.
Lead the Vendor Risk Management program, including onboarding, renewals, and security/privacy assessments for cloud and SaaS vendors.
Support Security RFXs covering security architecture, cloud controls, compliance, privacy, and third-party risk.
Partner with Legal on data privacy, cloud security controls, and customer contract technical guidance.
Maintain customer-facing security and compliance documentation, including cloud security reports, whitepapers, and internal/external knowledge bases.
Champion Security Awareness and Training initiatives focused on data security, cloud risk, and privacy.
Manage the lifecycle of the organization’s Vulnerability Management program, including cloud assets and integrations.
Define, track, and report security and compliance metrics, performing daily monitoring of cloud infrastructure, applications, and security events.
Collaborate with engineering, IT, legal, and business stakeholders to align AWS and cloud security programs with enterprise objectives.
Ryder Inc September 2010 to July 2022
Cyber Security Analyst (Vendor Risk Management)
Performed comprehensive third-party risk assessments for new and existing suppliers in alignment with organizational security, data protection, and compliance standards.
Led kickoff meetings with system owners to define assessment scope, timelines, data classification, and security requirements.
Conducted working sessions with supplier points of contact to validate assessment details, data handling practices, and security controls.
Requested, analyzed, and validated supplier security documentation, including SOC 2 Type II reports, vulnerability scan results, penetration test reports, information security policies, and data protection controls.
Assessed supplier Data Loss Prevention (DLP) capabilities, including controls for preventing unauthorized data exfiltration, improper data sharing, and data leakage involving sensitive and regulated information.
Evaluated supplier data security controls related to encryption, access management, secure data storage, transmission, retention, and disposal practices.
Reviewed supplier documentation to ensure alignment with internal information security, data security, and privacy policies, identifying gaps and control deficiencies.
Communicated identified risks, findings, and data security exposures to business stakeholders and system owners.
Conducted Privacy Impact Assessments (PIA) for systems collecting, storing, or processing PII, ensuring compliance with privacy and data protection requirements.
Performed Disaster Recovery and Business Continuity reviews to validate supplier resiliency, backup strategies, and data recovery capabilities.
Partnered with business owners to review assessment findings, recommend remediation plans, and track corrective actions to closure.
Reviewed and supported risk acceptance, waivers, and exception requests, ensuring appropriate governance and executive approval.
Developed and maintained standard operating procedures (SOPs) and documentation to support vendor risk, data security, and assessment workflows.
Assisted control owners in reviewing and submitting security and data protection artifacts to validate remediation and support risk closure.
Washington Mutual Bank August 2006 to July 2010
Security Analyst
Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)
Assisted the organization in preparing certification and Accreditation package for its IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by SOC and PCI DSS
Conducted Self-Annual controls assessment.
Performed Vulnerability Assessment. Made sure that risks are assessed, evaluated and a proper action have been taken to limit their impact on the Information and Information Systems
Created standard templates and SOPs for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
Conducted I.T controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy, and compliance with the Payment Card Industry Data Security Standard
Met with IT team to gather evidence, develop test plans, testing procedures and document test results and exceptions
Designed and conducted walkthroughs, formulated test plans, test results, and developed remediation plans for each area of the testing
Assisted in third party security audits and worked with the proper team to develop mitigation
Defined and implemented measurements and reporting of security metrics
Evaluated risks associated with 3rd party vendors by assessing their cybersecurity maturity
Contact this candidate