Alex Elange Bokwe
Martinsburg,WV
Summary
A detail-oriented Security Analyst with over 6 years expertise in assessing controls, running vulnerability scans, developing reports, and performing system continuous monitoring. Well versed in ISO 27001, PCI DSS, HI-TRUST, HIPPA and NIST compliance. Constantly striving to bring both knowledge, growth and value to my organization. Strong values in confidentiality, integrity, availability, security, and privacy. Always seeking new challenges and personal growth opportunities. Adaptable in a quick changing environment with ability to interact at all levelsand Accreditation (C&A), Security Risk Management, Risk Assessment, Access Control, and System Monitoring. I am proficient in assembling Security Authorization Packages using NIST Special Publications such as 800-53 Rev-4, 800-53A, 800-60, 800-30, 800-37, 800-137, 800-18, as well as FIPS 199, FIPS 200, OMB guidelines, and industry best security standards. I have experience preparing and updating key documents, including the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), and Plan of Action & Milestones (POA&M). My goal is to maintain the confidentiality, integrity, availability, and privacy of all systems I manage.
Overview
6
6
years of professional experience
2
2
Certification
Work History
Risk Analyst
NextThreat (contract)
Clarksburg, WV
01.2022 - Current
- Responsible for analyzing all new vendor contracts and pointing out areas of improvement to management
• Verify that the vendor follows all regulatory, information requirement and applicable processes and standard
• Assess Vendor Risk Profile to determine CIA rating, conduct reassessment of Vendor and prepare VRA Report
• Act as remediation analyst to support work with vendors in remediating findings discovered during the onsite/virtual assessment
• Access both inheritance risk questionnaire, SIG questionnaire, SOC report, Pen Test, Vulnerability Scan report from SEIM tools, Cyber insurance to validate vendor appropriate implementation of information security control
• Communicate vendor information security issue to stakeholder, ensuring a clear understanding of associated risk and plan of action for remediating such risk
• Create IT security documentation and workflow to assist with audit, incident response and vendor requirements
• Support the VRM Program to effectively manage vendor risk in accordance with internal policy and regulatory requirement, ensuring a strong oversight of all vendor risk and provide visibility of emerging and existing
• Perform awareness and training on all new hires
• Keep compliance documentation and policies up to date in preparation for assessment
• Knowledge of industry standard scoring models such as CVSS (Common vulnerability scoring system)
• Review/analyze automated scan results and research on CVE numbers via OWASPs, NVD, US-CERTS to develop remediation plans.
SA-Security Analyst
BMG Money INC (contract)
Miami, FL
01.2020 - 12.2022
- Leading the effort in the development, review, implementation and maintenance of policies, procedures, standards and guidelines in accordance with applicable regulations and company standards including NIST 800-53, GDPR, HIPPA, ISO 27001 and 13485 Framework Controls
• Familiar with STRIDE and CVSS threat modeling standard
• Setting up meeting with engineers, analyst and business line for different projects in all aspects from development to commercial launch
• Leading the effort on security and compliance to bring my organization to a proper security posture
• Tasked with building a solid security posture from existing and new control requirements
• Provide needed Professional recommendations on tools, processes, standards and business needs.
Audit/Compliance Analyst
FLATTER,INC. (contract)
Washington, DC
07.2017 - 12.2019
- Created security documentation for incident response, audits, and log management to assist with workflow
• Scheduled and attended meetings with the IT team to gather documentation and evidence about their control environment in preparation for audits
• Performed risk assessments quarterly to make sure system weaknesses are well documented and mitigating processes are put in place
• Assist in the implementation, documentation and maintenance of policies, procedures, standards, and guidelines in accordance with applicable regulations including ISO 27001, PCI DSS, NIST 800-53 Framework Controls
• Performed system risk assessment to identify and implement appropriate security countermeasures
• Conducted research and maintained proficiency in computer networks, tools, techniques, countermeasures, and trends in computer network vulnerabilities and network security such as Tenable.io and CyberArk
• Executed vulnerability scans and assist stakeholders' interpretation of scan results through presentation on Excel and PowerPoint
• Documented, triaged, and investigated vulnerability data
• Automated vulnerability scans based on use case and work with team to review scan reports
• Worked within the vulnerability life cycle processes such as analysis, detection, prioritization, and reporting data analysis
• Worked in a team to execute IT Compliance processes to help manage IT annual testing for internal and external audits, risk assessments, and regulatory, legal and policy compliance
• Supported IT project planning, budgeting, project monitoring, reporting, issue tracking acceptance testing, and security assessment
• Helped to identify security risks in the hardware, software, and systems used by the organization
• Obtained approval for changes to rules, processes and policies relating to information technology, application analysis, software development, and systems integration. - Utilized GRC tools such as GRC archer, BitSight, Tablue and ServiceNow to maintain regulatory compliance and enforce information security policies
- Developed Security Assessment Plans (SAPs) and executing control testing to ensure compliance with NIST SP 800-53A and cybersecurity policies
Education
MBA - Business Finance
Riga Technical University
06-2021
Bachelor of Science - Accounting
Catholic University Instituted of Buea
12-2015
Skills
- Trend Analysis
- Team Collaboration
- Incident response
- Security testing
- Accounting record analysis
- Time management
- Adaptive person
- Leadership and Decision-Making
- Security Documentation
- Threat analysis
- Risk assessment
- Data analysis
- Training and awareness
Certification
- CompTIA Security+ certified
- CISM
Tools and compliance
Nessus Tenable, Archer, KnowBe4, ServiceNow, Splunk,27001, PCI DSS, HIPAA, FISMA, HITRUST, GDPR, NIST 800 Series, FIPS 199/200, FEDRAM, SSPs, POA&M, SAR, SAP, SRTM, CP, PTA, PIA, SORN, Contingency plan, SOC Report (SOC1, SOC2), SIG Review, SharePoint/CSAM/Archer
Education and Training
false,other
Work Preference
Work Type
Full TimePart TimeContract WorkLocation Preference
HybridRemoteImportant To Me
Work-life balanceCareer advancementCompany CultureFlexible work hoursTeam Building / Company RetreatsTimeline
Risk Analyst
NextThreat (contract)
01.2022 - Current
SA-Security Analyst
BMG Money INC (contract)
01.2020 - 12.2022
Audit/Compliance Analyst
FLATTER,INC. (contract)
07.2017 - 12.2019
MBA - Business Finance
Riga Technical University
Bachelor of Science - Accounting
Catholic University Instituted of Buea