Akosua F.
Education:
Cyber Security Management and Policies
Information Technology
University of Maryland Global Campus
Bachelor of Science - BS
Human Resources Management/Personnel Administration, General
Central University College
Experience:
2023 : Present
Prescient Security
Information Security Consultant
• Leveraged a variety of tools to identify threats, assess risks, and produce
reports.
• Supported upgrades of Tenable.io, Nessus Manager, Nessus scanners
• Considerable amount of knowledge in system planning, Configuration within Tenable and
vulnerability
Assessment, systems monitoring and regulatory compliance
• Engaged teams with the prioritization and remediation of patching, Application Security,
offensive Security findings
• Effectively communicated the impact of operations, compliance and cybersecurity gaps to
multiple audiences, encouraging remediation activities to enhance their cybersecurity posture
• Provided skilled advice and consultancy to resolve the security findings with internal
development teams to help influence and drive security compliance
• Evaluated the status of Cyber control programs through analysis of cyber metrics
• Scheduled discovery and vulnerability scans according to business needs.
• Supported monthly vulnerability review meetings
2022 : 2022
Relias
Cyber Security Auditor
Vulnerability Management :
My responsibilities include vulnerability scanning and remediation processes.
Use vulnerability scanners to scan devices for vulnerabilities.
. Vulnerability Management : My functions include performing infrastructural and application-based security vulnerability assessment in accordance with industry accepted standards and procedures. I am also tasked with analyzing system services, operating systems, network and applications with the intent of discovering security gaps to further protect cerner assets.
. Tenable.io - scanning of internal/external assets
. Proactively monitor exploits and vulnerabilities to ensure our organization is staying on top of threats.
. Conventional Reporting - taking data from vulnerability scans and turning that into actionable items
. Provide analytical support and consultation for vulnerabilities with internal teams
. Understand company security policies/standards and government regulationsPrepare and present
. Creating reports that document vulnerability trends within our environments key areas for improvement
2022 : 2022
Relias
Cyber Security Admin
• Conducted information security assessments of third-party vendors to determine their ability to protect confidential data in a due diligence process.
• Met with various control owners to gather evidence, developed test plans, testing procedures and document test results and exceptions.
• Reviewed vendors documentation, such as SOC 2 Type II reports, Information Security policy program, Data Flow Diagrams, Pentest Report, Vulnerability Scan Report etc., to aide in risk analysis of vendors in support of due diligence.
• Advised business team on vendor’s security posture and residual risk.
• Analyzed and updates System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).
• Assisted System Owners and ISSO in preparing certification and Accreditation package for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 Rev 4.
• Categorized systems using FIPS 199 and NIST SP 800-60.
• Ensured that risks are assessed, documented, and takes proper action to limit their impact on the Information and Information Systems.
• Created standard templates for required security assessment and authorization documents, including risk assessments, security assessment plans and reports, contingency plans, and security authorization packages.
• Conducted IT controls risk assessments that includes reviewing organizational policies, standards and procedures and provides advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard.
2017 : 2021
Swiftlearn IT Solutions
Information Security Risk Analyst
• Performed IT risk assessment and document the system security keys controls.
• Met with IT team to gather evidence, develop test plans, testing procedures and documented test results and exceptions.
• Designed and Conducted walkthroughs, formulated test plans, test results and developed remediation plans for each area of the testing.
• Wrote audit reports for distribution to management and senior management documenting the results of the audit.
• Wrote audit reports for distribution to management and senior management documenting the results of the audit.
• Developed a Business Continuity Plan and relationship with outsourced vendors.
• Evaluated client’s key IT processes such as change management, systems development.
2016 : 2017
Milden Systems
Information Assurance Analyst
Company: Prescient Security
Years of Experience: 7
Experience:
With several years of experience in the field, I have developed a strong understanding of governance, risk, and compliance frameworks. I have successfully implemented and managed information security programs, including the development of policies, procedures, and standards. My expertise extends to conducting risk assessments, vulnerability assessments, and penetration testing, allowing me to identify potential vulnerabilities and provide actionable recommendations to strengthen security postures.
Skills:
My skill set encompasses a wide range of competencies in information security, governance, risk management, and compliance (GRC). I possess a solid understanding of industry standards such as ISO 27001, NIST Cybersecurity Framework, and PCI DSS. I am well-versed in conducting gap analyses, developing risk mitigation strategies, and leading security awareness training programs. Additionally, I have hands-on experience with security tools and technologies, including SIEM platforms, vulnerability scanners, and data loss prevention systems.
Collaboration and Communication:
Working collaboratively with cross-functional teams is a key strength of mine. I excel at building strong relationships with stakeholders, including IT teams, legal departments, and executive leadership, to ensure alignment of security objectives with business goals.
Continuous Learning:
I am committed to continuous learning and staying up-to-date with the latest trends and emerging threats in the information security landscape. This allows me to adapt and implement effective security controls and strategies to counter evolving cyber threats effectively.
Certifications:
I hold relevant certifications in the field of information security, Certified Information Security Manager (CISM), currently working towards my Certified in Risk and Information Systems Control (CRISC).
If you are looking for an Information Security GRC Analyst with a proven track record in mitigating risks and enhancing security postures, I welcome the opportunity to connect and explore how I can contribute to your organization's success.