REYNOLDS ADJEI
Summary
Detail-oriented Senior Compliance Analyst with 7 years of experience in performing IT Audit, Vendor/ Third Party Risk Assessment and Security Control Assessment with in-depth knowledge of HITRUST, SIG, SSAE 18 (SOC 1, SOC 2), NIST 800-53, NIST 800-37, NIST 800 -137, PCI-DSS to achieve Confidentiality, Integrity and Availability of Information Systems. In depth knowledge of Access Control, Audit and Accountability, Compliance Testing, Risk Assessment, Change Management, Security Maintenance, Policies, Procedures, and Incident Response. Experienced with GRC tools like RSA Archer, ServiceNow, Process Unity, Bitsight and Logic Manager.
Overview
8
8
years of professional experience
1
1
Certification
Work History
Snr Compliance Analyst
JP Morgan Chase
12.2022 - Current
- Reviewed and validated all controls at the vendor site to ensure data confidentiality.
- Validated security questionnaires during the onsite visit, to ensure up to date data protection on vendor site.
- Using GRC tool like Service Now to conduct Risk Assessment.
- Conducted on-site risk assessments based on agreed upon procedure guidelines.
- Seasonally worked with TPRM team to ensure third party relationship adhere to company's policies, procedures and compliant with regulatory guidelines and industry best practices.
- Designed and constantly upgrading suppliers' questionnaires to ensure all areas of new threat discovered are covered.
- Administer questionnaires to all vendors to determine the effectiveness of control.
- Perform continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites.
- Facilitate remediation for any third-party related operational issues as needed.
- Assessed operational fitness of assigned third parties through due diligence reviews.
- Perform internal and external IT risk assessments using applicable Risk Matrix templates, Risk Assessment Matrix, Risk Control Self -Assessment and Risk Management life cycle also provided recommendations on mitigation options.
- Collaborating with and assisting PCI DSS team to ensure satisfaction of PCI DSS requirement.
- Worked with PCI team to perform Gap assessment to identify, understand and bridge Gaps.
- Collected and documented artifacts for PCI DSS for compliance and monitoring.
- Assisted in implementation of PCI DSS controls and procedures standards to ensure compliance.
- Support within Governance, Risk and Compliance (GRC) initiatives within the wider Information Security Management team where required.
- Implemented and documented policies and procedures, ensuring well-documented processes.
Third Party risk analyst/ Information Security Analyst
Oracle
01.2021 - 12.2022
- Enhanced TPRM program, facilitating effective third-party IT risk assessments and case management.
- Conducted vendor risk assessments, formulated remediation roadmaps, and validated vendors through SIG questionnaires and supporting documentation.
- Identified and measured risk associated with vendor security controls, documenting and reporting findings to stakeholders.
- Managed case work, tracked vendor requests, and maintained reporting and escalation procedures.
- Communicated vendor information security issues to stakeholders and provided detailed assessment reports to business owners and the vendor management office.
- Evaluated and aligned IT security policies with industry frameworks such as NIST 800-53.
- Participated in Incident Response activities, reviewing and editing event correlation rules, performing triage, and evaluating attribution and adversary details.
- Conducted security awareness training, simulated phishing tests, and reviewed controls for Administrative, Technical, and physical safeguards.
- Collaborated with technical assurance experts to address customer project needs and developed strong customer relationships.
- Participated in audit walkthroughs, completed SOC reviews and gap assessments, and ensured compliance with regulations and internal policies.
- Developed and maintained strong customer relationships, enhancing customer satisfaction and trust in GRC services.
- Liaised with external auditors during annual audits, ensuring timely remediation of deficiencies.
- Assisted in the development of the organization's GRC program and integrated risk management activities into business processes.
- Conducted regular audits and assessments to identify compliance risks and developed policies to mitigate them.
- Developed and implemented new IT Security Policies to meet NIST standards, creating Security Assessment Plans (SAPs) and documenting findings in Security Assessment Reports (SARs).
Compliance Analyst/IT Auditor (Contract)
Liberty Mutual Insurance
02.2018 - 11.2021
- Prepared audit scopes, reported findings, and presented recommendations to enhance data integrity and operational efficiency.
- Conducted IT General Controls (ITGCs) and IT Application Controls (ITACs) testing to assess design and operational effectiveness.
- Reviewed SOC 2 Type I, SOC 2 Type II, and SOC 1 Type II reports, communicating engagement status and escalating potential issues to management.
- Utilized project management tools to monitor audit timelines and provide transparent status updates.
- Managed multiple projects simultaneously through effective prioritization and multitasking.
- Developed, updated, and enforced compliance policies and procedures aligned with industry regulations, including ISO 27001, SOC 2 Trust Service Criteria, NIST Cybersecurity Framework, GDPR, and CIS Benchmark.
- Identified and assessed risks associated with third-party vendors and monitored internal compliance risks.
- Ensured compliance with policies, procedures, and regulations, including SOX 404, while providing training and guidance to staff.
- Collaborated with legal, IT, and risk management teams to align compliance policies with the organization's risk management strategy.
- Conducted internal audits to ensure adherence to policies and identify areas for improvement, providing compliance status reports to management.
- Stayed informed on industry regulations and best practices, continuously learning about new compliance developments.
- Assessed IT infrastructure for compliance with SOX, PCI DSS, HIPAA, SOC 1/SSAE 18, and SOC 2 standards.
- Conducted risk assessments and developed strategies to mitigate threats to information security systems.
- Collaborated with cross-functional teams to address compliance issues and implement corrective actions.
- Utilized tools such as Nessus, Splunk, and Power BI for vulnerability assessments and compliance reporting.
Education
Bachelors - Computer Science
Kwame Nkrumah University Of Science and Technology
01.2011
Bachelors - Technology
New York City College Of Technology
01.2015
Skills
- Risk assessment and management
- Compliance auditing
- IT governance
- Policy development
- Vendor oversight
- Information security
- SOC compliance
- Critical thinking
- Data protection
- Effective communication
- Attention to detail
- Proactive problem solving
- Stakeholder engagement
- Project management
- Maintenance and repair
- Positive attitude
- Team collaboration
- Cultural awareness
- Training and development
Certification
- CompTia Security+
- CISM (In View)
Timeline
Snr Compliance Analyst
JP Morgan Chase
12.2022 - Current
Third Party risk analyst/ Information Security Analyst
Oracle
01.2021 - 12.2022
Compliance Analyst/IT Auditor (Contract)
Liberty Mutual Insurance
02.2018 - 11.2021
Bachelors - Computer Science
Kwame Nkrumah University Of Science and Technology
Bachelors - Technology
New York City College Of Technology