Theresah Nyantakyi, MS
Education:
Master of Science (MSc)
Health Informatics
Northern Kentucky University
2008 : 2010
Bachelor of Arts (BA)
Geography and Political Science
University of Ghana
2002 : 2006
Experience:
2018 : Present
Elevance Health
Information Security Analyst
• Collaborated with IT team on security assessment using concepts (CIA, risk, vulnerabilities, threats) for risk identification and security solutions development.
• Designed and reviewed policies and SOPs to ensure regulatory and industry standard compliance.
• Conducted assessments using NIST Cybersecurity Framework, CIS Controls, ISO27001, NIST 800-53, OWASP Top 10, MITRE ATT&CK, and CIS Framework to evaluate clients' security posture and compliance with legal and regulatory requirements.
•Assisted in creating security governance plans that aligns with business goals and industry standards.
•Designed security plans using frameworks : CIS, NIST CSF, ISO 27001, SOX, HIPPA, FISMA RMF, NIST 800-53, and to establish a security baseline and protect organizational assets.
•Led risk management initiatives by conducting risk assessments, gap analysis, threat modeling, and utilizing frameworks such as OWASP Top 10, MITRE ATT&CK Framework, and CIS Framework to identify, analyze, and mitigate risks.
•Developed incident response, business continuity, and disaster recovery plans, and coordinating IR, BC, and DR teams.
•Leveraged automated tools for security enforcement and monitoring, ensuring proactive identification and resolution of security issues.
•Utilized SIEM for systems and network security-focused log analysis.
•Developed and conducted frequent employee cybersecurity awareness training with simulations.
•Assisted in cybersecurity audits, SLA management, and SOC 1&2 reports, ensuring regulatory and industry standard compliance.
• Conducted vendor and third-party risk assessments and security controls review; documented gaps for remediation.
• Reviewed and validated third party responses against artifacts, communicate security posture and decisions to the appropriate stakeholders.
2018 :
Elevance Health
Information Technology Security Analyst
•Designed policies and SOPs that aligned with regulatory and industry standards.
•Authored security incident reports, highlighting breaches, vulnerabilities and remedial measures.
•Provided consultation services with selection and compliance to appropriate security frameworks (CIS, NIST CSF, ISO 27001, NIST 800-53).
•Utilized vulnerability scanning tools and validated remediation based on the analysis of results.
•Conducted security audits and risk assessments to detect vulnerabilities and determine suitable security safeguards.
•Developed and managed Plan of Actions and Milestones (POA&M) and mitigation strategies for vulnerabilities.
•Educated clients on secure configuration guidelines to mitigate vulnerabilities.
•Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.
•Performed weekly system audits of help desk tools to maintain security adherence for critical infrastructure.
•Assisted in vulnerability testing of software applications and servers prior to network deployment.
•Utilized collaboration systems like Confluence and Jira ticket-tracking to support requests within the Linux environment with command line tools
2016 : 2018
Anthem
Information Security Analyst
•Explained technical information in clear terms to promote better understanding for non-technical users.
•Created tailored cybersecurity content, SOPs, and issue resolutions, improving security posture for Support Team.
•Utilized malware tools to eliminate 1,000+ vulnerabilities and virus attacks monthly from client computers.
•Ensured compliance with appropriate frameworks (CIS, NIST CSF, ISO 27001, NIST 800-53).
• Knowledgeable on NIST Cybersecurity Framework and how the Identify, Protect, Detect, Respond, and Recover categories comprise and facilitate an information security program.
•Semi-quantitatively analyzed cybersecurity risk using NIST SP 800-30 methodology to identify top system vulnerabilities.
•Performed threat modeling for higher likelihood of threat events.
• Drafted Information Security policy for authorized access and authenticator management for internal and third-party personnel.
•Ensured policies aligned with business goals, feasible to implement, and practical for compliance by ensuring purpose, scope, authority, and policy statements incorporate operational perspective and constraints.
2014 : 2016
Anthem
Information Security Analyst
2012 : 2014
WilmerHale
WHDS Project Lead
Company: Elevance Health
Years of Experience: 11