DANIEL OSEI APPIAH
Email: ***************@*****.***
Mobile: +1-614-***-****
Columbus, Ohio
PROFESSIONAL SUMMARY
Senior Cybersecurity Governance, Risk, and Compliance (GRC) Analyst with 6+ years of experience leading IT risk assessments, regulatory compliance initiatives, and audit readiness across complex enterprise environments. Proven expertise in IT General Controls (ITGC), SOX, third-party risk management (TPRM), and security control testing aligned to NIST CSF 2.0, NIST SP 800-53, ISO/IEC 27001, COBIT, PCI DSS, HIPAA, HITRUST and SOC 2. Strong background in evidence evaluation, risk reporting, and stakeholder communication, with the ability to translate technical risk into executive-level insights. Adept at supporting internal audits, regulatory examinations, and continuous compliance programs within regulated industries. PROFESSIONAL EXPERIENCE
Senior GRC Analyst
COLUMBIA BANK May 2022 – Present
Led enterprise-wide cybersecurity risk assessments to identify control gaps, emerging threats, and residual risks across people, processes, and technology ecosystems.
Authored and maintained comprehensive risk assessment reports and documentation, providing clear and actionable insights to senior management and stakeholders for informed decision-making
Review data sources and identify, categorize, and classify data based on sensitivity and compliance requirements.
Coordinated disaster recovery (DR) drills, collaborating with internal teams to validate DR readiness and enhance operational resilience
Build customized inventory of third-party relationships, automated vendor assessments and continuously monitored changes to trigger reassessments
Proposed improvements to make operational activities more automated, effective, efficient, and consistent.
Led the roadmap and transition from PCI-DSS 3.2.1 to PCI-DSS 4.0, imbibing the changes and educating stakeholders
Managed the risk register for identified operational and technical vulnerabilities, ensuring timely remediation.
Information Security Compliance Analyst
Fourth IT Consulting September 2018 – April 2022
Defined, measured, and reported Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to monitor risk trends and inform leadership decisions.
Coordinated with external auditors and operations teams to obtain audit evidence for in-scope IT systems to support the annual audit such as SOC 1&2, ISO-27001, HITRUST, and PCI-DSS.
Conducted comprehensive risk assessments to identify potential security vulnerabilities and threats.
Monitor security alerts and events using SIEM tools to identify potential threats and vulnerabilities.
Developed, tested, and updated business continuity and disaster recovery plans ensuring alignment with organizational risk appetite
Performed quarterly risk register reviews; managed and monitored remediation and exceptions of cybersecurity risks.
Developed, implemented, and maintained cybersecurity governance artifacts, including policies, standards, procedures, and control narratives.
Assessed vendor security posture across identity and access management (IAM), incident response, business continuity, and network security domains.
Conducted vulnerability assessments and qualitative risk analyses to support ongoing threat detection and mitigation planning.
Risk & Compliance Analyst
OHIO HEALTH August 2016- August 2018
Provided risk-based communication to both technical and non-technical stakeholders, translating audit findings into business-impact language.
Ensured all vendor relationships are documented, and all contracts related to vendors that provide outsourced services are uploaded in the system.
Responded to external requests for Security Questionnaires, Due Diligence, Vendor Risk Assessments, and other categories that require responses.
Supported security awareness and compliance training programs, driving maturity in cyber hygiene and organizational compliance culture.
Supported the annual IT risk assessment and audit planning process using risk-based prioritization techniques to allocate resources efficiently.
Conducted third-party/vendor risk assessments, reviewed SOC reports, conducted evidence validation, and assessed supply chain and data protection risks.
Prepared audit deliverables, risk summaries, and compliance documentation for internal and external auditors.
SKILLS
Communication & Leadership: Written and verbal audit feedback, stakeholder engagement
Tools & Technologies: Audit Board, ServiceNow, onetrust, ProcessUnity, Bitsight, MetricStream, Splunk, SharePoint, Nexpose, Power BI, Archer, AWS, Drata, Archer GRC, Microsoft Office Suite, Smart Sheet, SIEM/XDR tools, SharePoint, Nessus Vulnerability Scanner, Evidence Evaluation & Documentation.
CERTIFICATIONS
Certified Information Systems Manager (CISM)
CompTIA Security +
AWS Solutions Architect
EDUCATION
Bachelor of Science, Actuarial Science
University for Development Studies, August 2012 – May 2016