Profiles search

Theresah Nyantakyi, MS

Information Security Analyst | Information Technology Analyst | Cybersecurity Analyst | Information Risk Analyst | Third Party Risk Analyst | IT Risk Analyst
Monroe, OH, United States
Details

Education: Master of Science (MSc)

Health Informatics

Northern Kentucky University

2008 : 2010

Bachelor of Arts (BA)

Geography and Political Science

University of Ghana

2002 : 2006

Experience: 2018 : Present

Elevance Health

Information Security Analyst

• Collaborated with IT team on security assessment using concepts (CIA, risk, vulnerabilities, threats) for risk identification and security solutions development.

• Designed and reviewed policies and SOPs to ensure regulatory and industry standard compliance.

• Conducted assessments using NIST Cybersecurity Framework, CIS Controls, ISO27001, NIST 800-53, OWASP Top 10, MITRE ATT&CK, and CIS Framework to evaluate clients' security posture and compliance with legal and regulatory requirements.

•Assisted in creating security governance plans that aligns with business goals and industry standards.

•Designed security plans using frameworks : CIS, NIST CSF, ISO 27001, SOX, HIPPA, FISMA RMF, NIST 800-53, and to establish a security baseline and protect organizational assets.

•Led risk management initiatives by conducting risk assessments, gap analysis, threat modeling, and utilizing frameworks such as OWASP Top 10, MITRE ATT&CK Framework, and CIS Framework to identify, analyze, and mitigate risks.

•Developed incident response, business continuity, and disaster recovery plans, and coordinating IR, BC, and DR teams.

•Leveraged automated tools for security enforcement and monitoring, ensuring proactive identification and resolution of security issues.

•Utilized SIEM for systems and network security-focused log analysis.

•Developed and conducted frequent employee cybersecurity awareness training with simulations.

•Assisted in cybersecurity audits, SLA management, and SOC 1&2 reports, ensuring regulatory and industry standard compliance.

• Conducted vendor and third-party risk assessments and security controls review; documented gaps for remediation.

• Reviewed and validated third party responses against artifacts, communicate security posture and decisions to the appropriate stakeholders.

2018 :

Elevance Health

Information Technology Security Analyst

•Designed policies and SOPs that aligned with regulatory and industry standards.

•Authored security incident reports, highlighting breaches, vulnerabilities and remedial measures.

•Provided consultation services with selection and compliance to appropriate security frameworks (CIS, NIST CSF, ISO 27001, NIST 800-53).

•Utilized vulnerability scanning tools and validated remediation based on the analysis of results.

•Conducted security audits and risk assessments to detect vulnerabilities and determine suitable security safeguards.

•Developed and managed Plan of Actions and Milestones (POA&M) and mitigation strategies for vulnerabilities.

•Educated clients on secure configuration guidelines to mitigate vulnerabilities.

•Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.

•Performed weekly system audits of help desk tools to maintain security adherence for critical infrastructure.

•Assisted in vulnerability testing of software applications and servers prior to network deployment.

•Utilized collaboration systems like Confluence and Jira ticket-tracking to support requests within the Linux environment with command line tools

2016 : 2018

Anthem

Information Security Analyst

•Explained technical information in clear terms to promote better understanding for non-technical users.

•Created tailored cybersecurity content, SOPs, and issue resolutions, improving security posture for Support Team.

•Utilized malware tools to eliminate 1,000+ vulnerabilities and virus attacks monthly from client computers.

•Ensured compliance with appropriate frameworks (CIS, NIST CSF, ISO 27001, NIST 800-53).

• Knowledgeable on NIST Cybersecurity Framework and how the Identify, Protect, Detect, Respond, and Recover categories comprise and facilitate an information security program.

•Semi-quantitatively analyzed cybersecurity risk using NIST SP 800-30 methodology to identify top system vulnerabilities.

•Performed threat modeling for higher likelihood of threat events.

• Drafted Information Security policy for authorized access and authenticator management for internal and third-party personnel.

•Ensured policies aligned with business goals, feasible to implement, and practical for compliance by ensuring purpose, scope, authority, and policy statements incorporate operational perspective and constraints.

2014 : 2016

Anthem

Information Security Analyst

2012 : 2014

WilmerHale

WHDS Project Lead

Company: Elevance Health

Years of Experience: 11

Skills Agile Project Management, Business Continuity Planning, Collaborating, Cybersecurity, cybersecurity audits, cybersecurity awareness training, Cybersecurity Incident Response, Cyber Security Risk, Detailed Oriented, Excellent communication skills, Flexible, In-depth Knowledge of the project lifecycle, Incident Response Planning, Information Security Management, Information security policy developement, Leadership, NIST, NIST Cyber Security Framework, Organization Skills, Portfolio Management, Portfolio Planning, Problem solving, Process Improvement, Project Leadership, Project Management, Project management methodologies, Project Management Office (PMO), Project Managment, Project Portfolio Management, Quality Assurance, Quality Auditing, Quality Control, Reporting, Results Driven, Risk Assessment, Risk Management, Risk management skills, Software Development Life Cycle (SDLC), Software Project Management, Test Execution, Testing, Test Planning, Third Party Risk Management (TPRM), Time managment, Tracking and monitoring, User Acceptance Testing, Waterfall Project Management
About Highly skilled and results-driven Information Security professional with over five years of experience developing and implementing security solutions in fast-paced environments. Demonstrated expertise in implementing security frameworks, conducting risk assessments, setting baselines, developing policies and procedures and ensuring compliance with legal and regulatory standards. Experienced in developing and conducting cybersecurity awareness training. Skilled in vulnerability management and incident response with a proven history of delivering exceptional risk management support and committed to enhancing cybersecurity posture and protecting organizational assets. Experienced in conducting third party risk assessment and reviewing responses. Seeks a challenging position where I can contribute my skills and experience to safeguard critical information assets and learn new skills.