Hi, I’m
Angela Morrison
Lithonia,GA
Summary
Proactive and Detail-oriented IT professional with 5+years of professional experience in Information System Security, Governance Risk Compliance (GRC), Third-Party Vendor Risk Management (TRPM), IT Governance, Risk Management, and Regulatory Compliance. Very knowledgeable about the Risk Management Framework (RMF), System Development Life Cycle (SDLC), NIST-CSF, Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS), ISO, HIPAA, PCI-DSS, and SOC with the applicable NIST standards. Results-oriented Analyst skillful in managing and breaking down large volumes of information. Proactive at heading off issues in operations, workflow and production by uncovering trends affecting business success.
Overview
7
years of professional experience
1
Certification
Work History
Corp-city
Cybersecurity GRC/TPRM Analyst
08.2019 - Current
Job overview
· Perform I.T controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy, and compliance with NIST SP 800-58, PCI DSS, ISO 27001/2, and CIS
· Coordinate with clients and vendors to support Third-Party Vendor Risk Management processes in various areas to validate vendor risk assessment through a questionnaire assessment process.
· Create SAR or Executive Summary report with the audit team based on Third-party Vendor risk assessment findings and review remediation reports from Vendor to resolve findings appropriately
· Support System Owners and ISSO in preparing Certification and Accreditation package for companies IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53
· Ensure risks are assessed, evaluated and appropriate action is taken to limit their impact on the information system
· Prepare and compile required Security Assessment and Authorization (SA&A) documents in a timely manner to facilitate a smooth ATO certification process.
· Enhance internal audit function to further align to company strategy and analyst identified risk to select control that commensurate with the risk
· Create and manage Plan of Action and Milestone POA&M/POAM reports to track identified system vulnerabilities until each one is resolved and approved for closure by the Information System Security Manager (ISSM).
Largo.
GRC Analyst
09.2017 - 06.2019
Job overview
- Implemented and maintained compliance programs in alignment with HIPAA regulations, ensuring the protection of sensitive healthcare information.
- Conducted risk assessments and audits to identify vulnerabilities and recommend mitigation strategies, resulting in improved security posture.
- Developed and documented policies and procedures based on the NIST framework to enhance governance and risk management practices.
- Collaborated with cross-functional teams to address security incidents, investigate breaches, and implement corrective actions.
- Provided training and awareness programs to educate employees on cybersecurity best practices and compliance requirements.
- Generated reports and metrics to track compliance status, identify trends, and present findings to senior management.
Education
Georgia State UniversityAtlanta, GA
Bachelor of Science from Nursing
01.2027
Central University CollegeGhana ,Accra
Bachelor of Arts from Accounting
12.2014
Skills
- Regulatory Compliance
- Trend modeling
- System Analysis
- Risk Mitigation
- Information Gathering
- Documentation And Reporting
- Project Management
- Data Integrity Assurance
- Team Collaboration and Leadership
- Strategic Planning
Certification
- CompTIA Cybersecurity Analyst (CySA+)
- HIPAA Compliance Certification
- NIST Framework Certification
Timeline
Cybersecurity GRC/TPRM Analyst
Corp-city
08.2019 - Current
GRC Analyst
Largo.
09.2017 - 06.2019
Georgia State University
Bachelor of Science from Nursing
Central University College
Bachelor of Arts from Accounting