Profiles search

Akosua F.

Vulnerability Management |Compliance |Threat Detection |Third Party Risk Management| IT Audit |GRC | HiTRUST | SOC2 Audit Reports |PCI DSS| CompTia Security+| CISM|Data Privacy
Ft. Washington, MD, United States
Details

Education: Cyber Security Management and Policies

Information Technology

University of Maryland Global Campus



Bachelor of Science - BS

Human Resources Management/Personnel Administration, General

Central University College

Experience: 2023 : Present

Prescient Security

Information Security Consultant

• Leveraged a variety of tools to identify threats, assess risks, and produce

reports.

• Supported upgrades of Tenable.io, Nessus Manager, Nessus scanners

• Considerable amount of knowledge in system planning, Configuration within Tenable and

vulnerability

Assessment, systems monitoring and regulatory compliance

• Engaged teams with the prioritization and remediation of patching, Application Security,

offensive Security findings

• Effectively communicated the impact of operations, compliance and cybersecurity gaps to

multiple audiences, encouraging remediation activities to enhance their cybersecurity posture

• Provided skilled advice and consultancy to resolve the security findings with internal

development teams to help influence and drive security compliance

• Evaluated the status of Cyber control programs through analysis of cyber metrics

• Scheduled discovery and vulnerability scans according to business needs.

• Supported monthly vulnerability review meetings

2022 : 2022

Relias

Cyber Security Auditor

Vulnerability Management :

My responsibilities include vulnerability scanning and remediation processes.

Use vulnerability scanners to scan devices for vulnerabilities.

. Vulnerability Management : My functions include performing infrastructural and application-based security vulnerability assessment in accordance with industry accepted standards and procedures. I am also tasked with analyzing system services, operating systems, network and applications with the intent of discovering security gaps to further protect cerner assets.

. Tenable.io - scanning of internal/external assets

. Proactively monitor exploits and vulnerabilities to ensure our organization is staying on top of threats.

. Conventional Reporting - taking data from vulnerability scans and turning that into actionable items

. Provide analytical support and consultation for vulnerabilities with internal teams

. Understand company security policies/standards and government regulationsPrepare and present

. Creating reports that document vulnerability trends within our environments key areas for improvement

2022 : 2022

Relias

Cyber Security Admin

• Conducted information security assessments of third-party vendors to determine their ability to protect confidential data in a due diligence process.

• Met with various control owners to gather evidence, developed test plans, testing procedures and document test results and exceptions.

• Reviewed vendors documentation, such as SOC 2 Type II reports, Information Security policy program, Data Flow Diagrams, Pentest Report, Vulnerability Scan Report etc., to aide in risk analysis of vendors in support of due diligence.

• Advised business team on vendor’s security posture and residual risk.

• Analyzed and updates System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).

• Assisted System Owners and ISSO in preparing certification and Accreditation package for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 Rev 4.

• Categorized systems using FIPS 199 and NIST SP 800-60.

• Ensured that risks are assessed, documented, and takes proper action to limit their impact on the Information and Information Systems.

• Created standard templates for required security assessment and authorization documents, including risk assessments, security assessment plans and reports, contingency plans, and security authorization packages.

• Conducted IT controls risk assessments that includes reviewing organizational policies, standards and procedures and provides advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard.

2017 : 2021

Swiftlearn IT Solutions

Information Security Risk Analyst

• Performed IT risk assessment and document the system security keys controls.

• Met with IT team to gather evidence, develop test plans, testing procedures and documented test results and exceptions.

• Designed and Conducted walkthroughs, formulated test plans, test results and developed remediation plans for each area of the testing.

• Wrote audit reports for distribution to management and senior management documenting the results of the audit.

• Wrote audit reports for distribution to management and senior management documenting the results of the audit.

• Developed a Business Continuity Plan and relationship with outsourced vendors.

• Evaluated client’s key IT processes such as change management, systems development.

2016 : 2017

Milden Systems

Information Assurance Analyst

Company: Prescient Security

Years of Experience: 7

Skills Business Continuity, Business Continuity Planning, Career Path Planning, Certified Information Security Manager (CISM), Change Management, Compliance Management, Cybersecurity, FedRAMP, FIPS 199, FIPS 200, Identity & Access Management (IAM), Incident Response, Information Security, Information Security Analyst, Information Security Awareness, Information Security Governance, Information Security Management, Information Security Standards, ISO 27001, IT Audit, IT Risk Management, IT Security Assessments, IT Strategy, MOU/ISA, NIST, NIST 800-53, NIST 800-53A, NIST 800-171, Payment Card Industry Data Security Standard (PCI DSS), Payment Industry, POA&M, Remediation, SAP, SAR, Security, Security Audits, Security Awareness, Security Controls, Security Information and Event Management (SIEM), SOC 2 Type 2, Software Development Life Cycle (SDLC), SOX 404, SSP, Tenable Nessus, U.S. Federal Information Security Management Act (FISMA), U.S. Health Insurance Portability and Accountability Act (HIPAA), Vulnerability, Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning
About As an Information Security GRC Analyst, I am passionate about safeguarding critical assets, mitigating risks, and ensuring regulatory compliance for organizations in the ever-evolving landscape of cybersecurity. I am passionate about ensuring the confidentiality, integrity, and availability of sensitive information. I strive to make a positive impact by creating a secure environment that protects both business interests and customer trust.



Experience:

With several years of experience in the field, I have developed a strong understanding of governance, risk, and compliance frameworks. I have successfully implemented and managed information security programs, including the development of policies, procedures, and standards. My expertise extends to conducting risk assessments, vulnerability assessments, and penetration testing, allowing me to identify potential vulnerabilities and provide actionable recommendations to strengthen security postures.



Skills:

My skill set encompasses a wide range of competencies in information security, governance, risk management, and compliance (GRC). I possess a solid understanding of industry standards such as ISO 27001, NIST Cybersecurity Framework, and PCI DSS. I am well-versed in conducting gap analyses, developing risk mitigation strategies, and leading security awareness training programs. Additionally, I have hands-on experience with security tools and technologies, including SIEM platforms, vulnerability scanners, and data loss prevention systems.



Collaboration and Communication:

Working collaboratively with cross-functional teams is a key strength of mine. I excel at building strong relationships with stakeholders, including IT teams, legal departments, and executive leadership, to ensure alignment of security objectives with business goals.



Continuous Learning:

I am committed to continuous learning and staying up-to-date with the latest trends and emerging threats in the information security landscape. This allows me to adapt and implement effective security controls and strategies to counter evolving cyber threats effectively.



Certifications:

I hold relevant certifications in the field of information security, Certified Information Security Manager (CISM), currently working towards my Certified in Risk and Information Systems Control (CRISC).



If you are looking for an Information Security GRC Analyst with a proven track record in mitigating risks and enhancing security postures, I welcome the opportunity to connect and explore how I can contribute to your organization's success.