Baffour Awuah
GRC Cyber Security analyst
Euless,TX
Summary
An organized, detail-oriented Cybersecurity professional with strong analytical and problem-solving skills. Expertise in risk assessment, vulnerability management, developing and implementing effective security policies, procedures and guidelines based on best practices, regulatory, and legal compliance. Strong emphasis in vendor risk assessments, security control assessment, and security documentation. Knowledgeable and experience with various frameworks such as HIPAA, PCI DSS, NIST, ISO 27001, SOC 2, Nerc CIP and GDPR. Excellent interpersonal skills, multitasking, communicating effectively at all levels, and passionate about learning new skills.
Overview
14
14
years of professional experience
1
1
Certification
Work History
Cyber Security Compliance Analyst
Menzies Aviation Pty Ltd
09.2017 - Current
- Knowledge and experience with current NIST Federal Information Processing Standards (FIPS) and Special Publications (SP): SP800-18, SP800-37, SP800-53, SP800-53A, SP800-60, FIPS-199, and other policies and their application to enterprise IT security
- Conduct comprehensive assessment of third-party vendors and their security controls to identify potential vulnerabilities or weaknesses in their systems
- Analyze and report on third-party vendor risk data to senior management
- Effectively communicate with vendors to ensure compliance with frameworks such as HIPAA, PCI DSS, ISO 27001, etc
- Identify areas of non-compliance or vulnerability and offer recommendations for remediation
- Maintain and update third-party risk assessments and vendor management process
- Continuously monitor vendors for any changes in risk profile and compliance status
- Maintain detailed documentation of compliance procedures, findings, and recommendations
- Work with stakeholders to complete compliance audit requirements
- Review and respond to inquiries from stakeholders related to third party risk management
- Monitor and assess security incidents, providing timely response and resolution
- Collaborate with cross functional team to address and resolve security incidents promptly
- Documents and finalized Security Assessment Report (SAR)
- Updates system security documentations such as Contingency Plan (CP), Configuration management plan, System security plan per NIST publications.
Compliance Analyst
AERO GROUND COMPANY LTD
09.2015 - 08.2017
- Assisted with IT oversight and implementation of internal and external policies and procedures
- Managed security issues by working with technical and non-technical teams to track progress, report on status and ensure remediation of identified flaws
- Helped identify risks through vulnerability scans and interview with key personnel
- Performed gap analysis exercises while working collaboratively with Functional Business Units and IT teams to implement required remediations
- Maintained awareness of the laws, regulations, internal policies, and procedures to maintain the compliance posture of the company
- Researched emerging information security threats and their impact on the business environment
- Answered, evaluated, and prioritized incoming trouble tickets, telephone, voicemail, email, and in-person
- Documented and updated reported problems in the call management system and followed up with the assigned personnel to ensure timely resolution of problems/work orders
- Supported the organization’s InfoSec and data privacy policy, procedures, and controls by working with outside audit teams for ISO, SOC, and other audits.
Cyber Intern
AMI INTERNATIONAL
01.2015 - 06.2015
- Helped conduct assessments of the security controls implemented within or inherited by the Banks information system to determine the overall effectiveness of controls and the vulnerability state of components, applications and databases residing within the system boundary
- Execute testing of primary and Key information security controls with minimal supervision
- Escalate identified risks and issues through appropriate channels
- Document results of security control assessment, including recommendations for correcting any weaknesses or deficiencies in the controls
- Helped create SAR and POA&M for identified vulnerabilities in Control processes
- Updated Risk Register with identified risks and priorities remediation efforts in system of Records
- Assisted with IT oversight and implementation of internal and external policies and procedures
- Managed security issues by working with technical and non-technical teams to track progress, report on status and ensure remediation of identified flaws
- Helped identify risks through vulnerability scans and interview with key personnel
- Researched emerging information security threats and their impact on the business environment
- Answered, evaluated, and prioritized incoming trouble tickets, telephone, voicemail, email, and in-person
- Documented and updated reported problems in the call management system and followed up with the assigned personnel to ensure timely resolution of problems/work orders.
System Front Desk Analyst
GENCO-ATC
08.2010 - 12.2014
- Served as the initial point of contact for all IT-related queries and issues, providing prompt and efficient support
- Diagnosed and resolve technical hardware and software issues, escalating complex problems to higher-level support teams when necessary
- Assisted in the creation, modification, and termination of user accounts in various systems
- Maintained accurate records of support requests, solutions, and other relevant information using the organization’s ticketing system
- Communicated effectively with end-users to understand their issues and provide clear instructions and updates
- Monitored system performance and alert relevant teams to potential issues
- Assisted with the installation and configuration of software applications and updates
- Ensured a high level of customer satisfaction by providing professional and courteous support
- Provided basic training to users on system functionalities and best practices
- Worked closely with other IT team members to ensure smooth operation of IT services and support.
Education
Cyber Incidence Management Response Training -
Texas A&M
MSc Information Science -
University of North Texas
01.2020
Skills
- Risk Management Framework (RMF)
- Implementing Security Controls
- Microsoft Office Suite
- Vulnerability Assessment
- Plan of Action and Milestone (POA&M)
- System Security Plan (SSP)
- System Assessment Plan (SAR)
- Third Party Risk Management (TPRM)
- NIST 800 Standards
- Risk Analysis
- Risk Assessment
- Compliance Management
- SOC 2 Type 2
- System Development Life Cycle
- Tenable Nessus
- Assessment & Authorization
- NERC CIP
Certification
- CompTIA Security +
- CISA
- Qualys Vulnerability Management, Detection & Response
- Candidate for CISSP
Timeline
Cyber Security Compliance Analyst
Menzies Aviation Pty Ltd
09.2017 - Current
Compliance Analyst
AERO GROUND COMPANY LTD
09.2015 - 08.2017
Cyber Intern
AMI INTERNATIONAL
01.2015 - 06.2015
System Front Desk Analyst
GENCO-ATC
08.2010 - 12.2014
Cyber Incidence Management Response Training -
Texas A&M
MSc Information Science -
University of North Texas
Similar Profiles
Adrian VargasAdrian Vargas
Ramp Agent at Menzies Aviation/ United AirlinesRamp Agent at Menzies Aviation/ United Airlines
SALVADOR HERNANDEZSALVADOR HERNANDEZ
GSE Manager at Menzies AviationGSE Manager at Menzies Aviation
Michal MalecMichal Malec
Resource Planner at Menzies AviationResource Planner at Menzies Aviation
David RodriguezDavid Rodriguez
Registered Behavior Technician at Action Behavior CentersRegistered Behavior Technician at Action Behavior Centers
Mary YonceMary Yonce
Cafeteria Worker at Hurst-Euless-Bedford ISDCafeteria Worker at Hurst-Euless-Bedford ISD