Adwoa Acheampong
Rockville,MD
Summary
Experienced IT Security professional specializing in Third-Party Risk Management and Vendor Assessment. Proven track record as a Risk and Compliance Lead. Skilled in categorizing vendors, producing comprehensive risk assessment reports, and conducting thorough audits. Deep knowledge of industry regulations and standards including GDPR, FedRAMP, ISO 27001, NIST, HIPAA, and PCI-DSS to ensure data confidentiality, integrity, and availability. Known for strategic risk identification and implementing effective security frameworks that promote a proactive security culture. Committed to leveraging innovative technologies to drive business growth and optimize systems and networks. Strong leadership and communication abilities with a dedication to fostering secure and compliant environments.
Overview
8
8
years of professional experience
1
1
Certification
Work History
Information Security Risk and Compliance Lead
College of the Holy Cross
Worcester, MA
12.2022 - Current
- Develop and maintain the Information Security Management System (ISMS) to ensure thorough governance, risk management, and compliance (GRC) coverage throughout the organization
- Ensure compliance with relevant security standards (ISO 2700, NIST framework) across all systems managed by IT, Security, and technical teams
- Develop, update, and enforce information security policies, procedures, and guidelines to ensure compliance and effectively mitigate risks
- Support risk management initiatives and lead audit preparations, including conducting business continuity exercises and maintaining comprehensive documentation
- Manage and lead the security awareness training and phishing simulation programs, driving a 20% increase in compliance and a 45% reduction in security incidents
- Support the business in documenting, assessing, and remediating issues identified during audit examinations and risk assessments
- Ensure compliance with industry and legal requirements frameworks and guidelines (e.g., MA 201-CMR-17, PCI-DSS, SP 800-171, GDPR, HIPAA, FERPA)
- Manage the Third-Party Vendor Risk Program ensuring data privacy and sound security practices
- Provide regular management reports to showcase measurable progress and drive continuous improvement, thereby enhancing the effectiveness and maturity of the programs
- Identify vulnerabilities and collaborate with the server operations team to resolve security issues and implement remediation measures in line with SLA requirements
Third-Party Risk Manager
United Site Services
Westborough, MA
01.2022 - 12.2022
- Educated and built awareness around the third-party vendor risk program
- Managed third-party risk for 100+ vendors and partners, identifying potential risks and finding ways to reduce them, which helped lower overall risk by 25% in the first year
- Conducted in-depth due diligence and risk assessments for new vendors, focusing on financial, operational, legal, and cybersecurity risks, ensuring compliance with industry regulations such as GDPR, PCI-DSS, and HIPAA
- Developed and implemented risk mitigation strategies, including contractual clauses, cybersecurity safeguards, and insurance requirements, leading to improved vendor performance and enhanced regulatory compliance
- Monitored third-party performance through regular audits and ongoing assessments, identifying and addressing potential risk issues proactively, reducing vendor-related disruptions by 30%
- Established and enforced internal policies for third-party risk management, leading to a 15% improvement in compliance audit scores and significantly reducing exposure to operational and legal risks
- Prepared and presented risk reports to senior executives, ensuring clear communication of risk findings and strategic recommendations for mitigating high-impact third-party risks
- Develop policies and procedures for the third-party vendor risk program in collaboration with legal, contracts and risk management teams, establishing an integrated workflow
Risk Management Specialist
NWN IT
Waltham, MA
10.2020 - 01.2022
- Conducted risk assessments on new third-party vendors and established remediation timelines for identified issues, enhancing overall vendor compliance
- Corresponded with vendors to ensure new third-party due diligence and supporting documents are properly captured
- Assessed vendor controls to identify and communicate key deficiencies to business and information security management
- Monitored corrective action plans against agreed-upon timelines and reviewed evidence for closure
- Periodically reached out to vendors hosting data regarding current threats to ensure they are taking necessary steps to reduce exposure
- Reported assessment outcomes, risk levels, and associated recommendations to remediate issues
- Contributed to the team’s continuous improvement efforts by identifying opportunities and helping implement them
Risk Specialist
E-Clinical Works
, Remote
10.2019 - 10.2020
- Facilitated vendor risk evaluations and remediation processes, communicating areas of risk and non-compliance
- Developed documentation to support third-party risk assessments, ensuring thorough evaluation of vendor responses
- Conducted periodic performance and risk reviews of existing third parties
- Assisted with regulatory compliance efforts, ensuring adherence to HIPAA, GDPR, and other standards by performing regular audits and policy updates
- Developed and implemented risk mitigation plans to address vulnerabilities in IT security, regulatory compliance, and financial operations, significantly improving risk management controls
- Conducted comprehensive risk assessments across operational, financial, and IT domains, identifying key risks and recommending mitigation strategies that reduced overall risk exposure by 15%
- Prepared and presented risk reports for senior management, helping to inform strategic decision-making and prioritize risk mitigation efforts
Jr. Security Analyst
Acceptance Now
Worcester, MA
03.2017 - 10.2019
- Participated in security awareness training sessions for employees
- Assisted in the development and implementation of security policies, standards, and procedures
- Conducted periodic security administration tasks, including security audits and compliance checks
- Monitored security alerts using SIEM tools to detect potential threats, escalating high-priority incidents to senior analysts
- Assisted in vulnerability scans of systems and applications, identifying security weaknesses and helping prioritize patches for remediation
- Investigated security incidents, assisting in the analysis and documentation of potential breaches, helping to implement immediate corrective actions
Education
Associates of Science - Computer Systems Engineering
Quinsigamond College
Worcester, MA09-2018
Skills
- Identity and Access Management: OKTA
- Network Security: Palo Alto Networks, Rapid7
- Vulnerability Assessment: Nessus, Rapid7
- Security Operation: SIEM tools
- Risk Management: Third-party risk assessment
- GDPR, NIST, HIPAA, FERPA, PCI-DSS
- Security Training: Arctic Wolf MSA, Phishing simulations
- Security policy creation and implementation
- Ability to manage multiple projects
- Strong written and verbal skills
Certification
- Certified Cyber Security Associate
- Certified Network Associate
- Certified Information Systems Auditor (CISA)
Timeline
Information Security Risk and Compliance Lead
College of the Holy Cross
12.2022 - Current
Third-Party Risk Manager
United Site Services
01.2022 - 12.2022
Risk Management Specialist
NWN IT
10.2020 - 01.2022
Risk Specialist
E-Clinical Works
10.2019 - 10.2020
Jr. Security Analyst
Acceptance Now
03.2017 - 10.2019
- Certified Cyber Security Associate
- Certified Network Associate
- Certified Information Systems Auditor (CISA)
Associates of Science - Computer Systems Engineering
Quinsigamond College
Similar Profiles
Hans Christian DinterHans Christian Dinter
Kimball Captain at College Of The Holy CrossKimball Captain at College Of The Holy Cross
Thushara ThomasThushara Thomas
Library Student Assistant at College of the Holy CrossLibrary Student Assistant at College of the Holy Cross
Rebecca MorinRebecca Morin
Head Librarian at Worcester Art Museum & College of the Holy CrossHead Librarian at Worcester Art Museum & College of the Holy Cross