- Certied Information Security and Risk Management professional with years of experience carrying out Information Systems Audit, Security Risk Assessment, and Risk Management in order to ensure vulnerabilities and potential risks are identified and appropriately managed, hence reducing the likelihood and impact of threats to within risk appetite.
- Professional dedicated to protecting organizational assets by ensuring adequacy of internal controls and regulatory compliance.
Sr. IT Risk Analyst
- Responsible for developing and managing the Information Security Risk Management Program.
- Developed and mplementing a plan that creates a risk averse culture where risk management is integrated in business processes, and management is well informed to make risk aware business decisions.
- Plan and execute various security risk assessments, ensuring identified risks are effectively and efficiently managed.
- Risk analysis and risk modeling.
- Coordinate and facilitate monthly risk management committee meeting.
- Update management on risk management efforts and enterprise IT risk profile on a periodic basis.
- Develop, review and revise information security policies.
- Third party vendor risk management, review and analysis of attestation reports such as HITRUST, ISO & SOC 2 reports.
- Monitoring to ensure existence of required controls, adequacy of existing controls, and identifying variations in risk & control indicators.
- Manage risk regsiter, make recommendations and develop action plans to bridge identified gaps.
Sr. IT Audit & Risk Analyst
- Responsible for Information Security Risk Assessments, ensured vulnerabilities and risks were proactively identified and managed on a continuous basis.
- Identified variations in risk and control posture by monitoring key risk and key control indicators
- Documented risk treatment decisions and monitored implementation of agreed action plans.
- Developed, reviewed and revised information security policies
- Managed the IT Audit program, HIPAA, ITGC Audit; planning, fieldwork (walk through and detail testing) and reporting.
- Point of contact for external auditors regarding IS Risk and Audit projects.
- Periodically scanned the network and systems for vulnerabilities, with the aid of auditing tools such as Nessus scanner.
- Implemented Capacity Maturity model and Balanced Score cards to assist in evaluating maturity of processes, and effectiveness of IT projects.
- Supported enterprise - wide security awareness program.
- Reviewed third party attestation documents including SOC 2 reports.
- Facilitated control self-assessments, and assisted with Payment Card Industry (PCI) compliance assessment.
- Consulted on IT projects, such as Workday acquisition and implementation.
- Prepared detailed reports of information security risk and audit ndings.
IT Security Auditor
- Performed Information Technology Audits and Security Risk Assessments.
- Made recommendations to mitigate identified risks and ensured compliance through monitoring.
- Performed walk-through and detail testing of IT general controls, as well as around HIPAA Security and Privacy rules.
- Responsible for developing, writing and reviewing security policies.
- Evaluated maturity of processes and made recommendations for improvement.
- Reviewed network diagram, identified points of entry and potential vulnerabilities such as single point of failures, or absence of IPS/IDS.
- Reviewed SOC 2 reports, as well as policies, procedures, and modules for completeness.
- Scanned the network with the aid of auditing tools for vulnerabilities.
- Assisted with PCI Audit and data security evaluation.
- Prepared detailed reports of audit ndings.
- Performed and documented audit activities in accordance with professional standards based on frameworks.
- Conducted IT audit eldwork; walkthrough and detailed testing of controls.
- Assisted management in identifying gaps between controls and processes, made recommendations to bridge gaps as well as to treat identi ed control weaknesses based on risk appetite.
- Facilitated control self-assessments.
- Accurately documented and prepared detailed reports of audit ndings.
- Responsible for the daily running of branch operations, ensured compliance with policies and procedures, as well as regulatory requirements.
- Trained and evaluated staff performance in accordance with company standards.
- Provided exceptional service delivery, ensured queries and complaints were responded to timely and effectively.