Post Job Free
Sign in

Senior Cybersecurity GRC Analyst

Location:
Waldorf, MD
Posted:
July 10, 2026

Contact this candidate

Resume:

DANIEL OSEI APPIAH

Email: ***************@*****.***

Mobile: +1-614-***-****

Columbus, Ohio

PROFESSIONAL SUMMARY

Senior Cybersecurity Governance, Risk, and Compliance (GRC) Analyst with 6+ years of experience leading IT risk assessments, regulatory compliance initiatives, and audit readiness across complex enterprise environments. Proven expertise in IT General Controls (ITGC), SOX, third-party risk management (TPRM), and security control testing aligned to NIST CSF 2.0, NIST SP 800-53, ISO/IEC 27001, COBIT, PCI DSS, HIPAA, HITRUST and SOC 2. Strong background in evidence evaluation, risk reporting, and stakeholder communication, with the ability to translate technical risk into executive-level insights. Adept at supporting internal audits, regulatory examinations, and continuous compliance programs within regulated industries. PROFESSIONAL EXPERIENCE

Senior GRC Analyst

COLUMBIA BANK May 2022 – Present

Led enterprise-wide cybersecurity risk assessments to identify control gaps, emerging threats, and residual risks across people, processes, and technology ecosystems.

Authored and maintained comprehensive risk assessment reports and documentation, providing clear and actionable insights to senior management and stakeholders for informed decision-making

Review data sources and identify, categorize, and classify data based on sensitivity and compliance requirements.

Coordinated disaster recovery (DR) drills, collaborating with internal teams to validate DR readiness and enhance operational resilience

Build customized inventory of third-party relationships, automated vendor assessments and continuously monitored changes to trigger reassessments

Proposed improvements to make operational activities more automated, effective, efficient, and consistent.

Led the roadmap and transition from PCI-DSS 3.2.1 to PCI-DSS 4.0, imbibing the changes and educating stakeholders

Managed the risk register for identified operational and technical vulnerabilities, ensuring timely remediation.

Information Security Compliance Analyst

Fourth IT Consulting September 2018 – April 2022

Defined, measured, and reported Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to monitor risk trends and inform leadership decisions.

Coordinated with external auditors and operations teams to obtain audit evidence for in-scope IT systems to support the annual audit such as SOC 1&2, ISO-27001, HITRUST, and PCI-DSS.

Conducted comprehensive risk assessments to identify potential security vulnerabilities and threats.

Monitor security alerts and events using SIEM tools to identify potential threats and vulnerabilities.

Developed, tested, and updated business continuity and disaster recovery plans ensuring alignment with organizational risk appetite

Performed quarterly risk register reviews; managed and monitored remediation and exceptions of cybersecurity risks.

Developed, implemented, and maintained cybersecurity governance artifacts, including policies, standards, procedures, and control narratives.

Assessed vendor security posture across identity and access management (IAM), incident response, business continuity, and network security domains.

Conducted vulnerability assessments and qualitative risk analyses to support ongoing threat detection and mitigation planning.

Risk & Compliance Analyst

OHIO HEALTH August 2016- August 2018

Provided risk-based communication to both technical and non-technical stakeholders, translating audit findings into business-impact language.

Ensured all vendor relationships are documented, and all contracts related to vendors that provide outsourced services are uploaded in the system.

Responded to external requests for Security Questionnaires, Due Diligence, Vendor Risk Assessments, and other categories that require responses.

Supported security awareness and compliance training programs, driving maturity in cyber hygiene and organizational compliance culture.

Supported the annual IT risk assessment and audit planning process using risk-based prioritization techniques to allocate resources efficiently.

Conducted third-party/vendor risk assessments, reviewed SOC reports, conducted evidence validation, and assessed supply chain and data protection risks.

Prepared audit deliverables, risk summaries, and compliance documentation for internal and external auditors.

SKILLS

Communication & Leadership: Written and verbal audit feedback, stakeholder engagement

Tools & Technologies: Audit Board, ServiceNow, onetrust, ProcessUnity, Bitsight, MetricStream, Splunk, SharePoint, Nexpose, Power BI, Archer, AWS, Drata, Archer GRC, Microsoft Office Suite, Smart Sheet, SIEM/XDR tools, SharePoint, Nessus Vulnerability Scanner, Evidence Evaluation & Documentation.

CERTIFICATIONS

Certified Information Systems Manager (CISM)

CompTIA Security +

AWS Solutions Architect

EDUCATION

Bachelor of Science, Actuarial Science

University for Development Studies, August 2012 – May 2016



Contact this candidate