Summary
Overview
Work History
Education
Skills
Certification
Accomplishments
Training
Controlsandframeworks
Timeline
Generic

DENNIS DE-TEKU

Ankeny,USA

Summary

Experienced Cyber Security Analyst with 8+ years of expertise in conducting comprehensive assessments and reviewing IT security controls for audited applications and information systems. Specializes in Third Party Vendor Risk Assessments, NIST Risk Management Framework (RMF), FISMA compliance, Information Assurance, System Monitoring, Regulatory Compliance, and Loss Mitigation. Skilled in aligning security architecture plans with business goals and industry standards. Committed to meeting milestone deadlines and ensuring organizations stay ahead in information security. Actively seeking roles in Information Risk & Compliance Analysis, IT Security Risk Management Analyst, or Third-Party Risk Management in a progressive organization.

Overview

8
8
years of professional experience
2
2
Certification

Work History

IT Security Risk Management Analysts (CONTRACTOR)

GuideWell Source
04.2023 - 11.2024
  • Developed Assessment and Authorization (A&A) packages to ensure compliance and risk management
  • Crafted, validated, and documented cybersecurity artifacts including System Security Plan (SSP), Privacy Impact Assessment (PIA), Configuration Management Plan (CMP), Plan of Action and Milestones (POA&M), and Standard Operating Procedures (SOP)
  • Conducted security assessments and audits as directed
  • (912, Internal control audit, Firewall Audit, CFO, EOL, FISMA)
  • Led discussions with internal and external teams on data compliance and risk efforts
  • Provided expertise to system administrators, engineers, and Information System Security Manager (ISSM) to create or update system/site policies, procedures, and process guides
  • Consulted and briefed executive management on compliance and risk matters
  • Created, maintained, and provided metrics and status reports to cybersecurity leadership
  • Reviewed and identified system/application security controls following NIST SP-800 53(ARS Control) and standards
  • Conducted cyber security and information system risk analysis, vulnerability assessment (CMS), and regulatory compliance assessment, including gap analysis for existing systems and those in development (First Coast, Novitas, NPEast, Exchange)
  • Ensured timely delivery of assigned security and privacy artifacts


IT Vendor Risk Management (CONTRACTOR)

Panasonic
02.2021 - 03.2023
  • Managed Security Control Assessment schedules for the client's systems to ensure system remained compliant with Confidential and Continuous Monitoring requirements
  • Performed IT & Risk Security Risk & Control Assessments for new products/initiatives
  • Reviewed services provided by the vendor and defined the scope of assessment
  • Reviewed assessments performed by 3rd party and provided feedback
  • Defined appropriate risk levels and corrective
  • Conducted meticulous evaluations of vendor documentation (SOC 2) and responded to industry standard customer questionnaires (CAIQ, SIG CORE, or SIG LITE)
  • Proficient in comprehending and implementing the MITRE System of Trust (SoT) Framework
  • Demonstrated proactive communication with management, providing insights and recommendations for enhancing business operations and meeting compliance objectives
  • Addressed operational risks by developing effective policies, procedures, and controls.

THIRD PARTY RISK MANAGEMENT (CONTRACTOR)

ARCADIS
07.2016 - 12.2020
  • Knowledgeable of practices and procedures relating to managing Business Arrangements through all stages of the third-party management lifecycle, in alignment with relevant frameworks policies and standards
  • Assist with the third-party due diligence process: Ensure that security protocol is followed including liaising with the vendor, internal stakeholders (e.g
  • Third-Party Risk Management and business owners) to ensure that vendor questionnaires and assessments are completed and are reviewed as required
  • Engage in vendor meetings to support and assess existing vendors and to evaluate potential vendors
  • Manage vendor escalations: Identify issues and monitor trends with a Third Party in a responsive manner, to reduce risk in alignment with Third Party Risk Management (TPRM) Policies and related Standards
  • Issue, track and log vendor non-conformance reporting and Change Order requests
  • Consistently exercise discretion in managing correspondence, information and all matters of confidentiality; escalate issues where appropriate
  • Review redlines and negotiate terms with third party partners to ensure security controls are in line with expectations
  • Perform onsite assessments and participate in calls with relevant vendor partners and connect information security risk frameworks to the effectiveness of security controls in place within third party environments
  • Oversee the adherence of security policies, standards, processes, and procedures by working cross-functionally with Compliance, Technology Risk Governance, and third-party partners

Education

B.S.C.E - Civil Engineering

New Jersey Institute of Technology
Newark, NJ
12.2018

ASSOCIATE OF SCIENCE -

Essex County College
Newark, NJ
06.2016

Skills

  • Analytical mindset
  • Mediation
  • Risk mitigation strategies
  • Risk advisory
  • Gap analysis
  • Pivot tables
  • Analytical tool implementation
  • Risk Assessment
  • Due diligence
  • Problem-solving aptitude
  • Asset Management
  • Internal Controls
  • Metric tracking
  • Microsoft Excel proficiency

Certification

  • CompTIA Security+
  • CISA
  • CISSP in progress (expected 12/01/24)

Accomplishments

  • Implemented a proactive vulnerability management program, reducing the average time to patch critical vulnerabilities by 50% and significantly improving the organization's security posture.
  • Successfully closed 100% of outstanding Plans of Action and Milestones (POAMs) ahead of schedule, resulting in full compliance with security standards and regulations, and eliminating identified security vulnerabilities.

Training

  • Insider Threat Awareness, 02/01/24
  • Security and Privacy Training, 03/01/24
  • Vulnerability Monitoring dashboard Training, 05/01/23
  • BeyondTrust Onboarding and Offboarding, 05/01/23
  • SIG Questionnaire Overview Training, 06/01/23
  • Encryption Awareness Training, 09/01/23
  • Information Systems Security Training, 12/01/23
  • Certification and Accreditation Document Review Training, 01/01/23

Controlsandframeworks

NIST Cybersecurity Framework (CSF)

ISO 27001/27002

HIPAA

COBIT

PCI DSS

Timeline

IT Security Risk Management Analysts (CONTRACTOR)

GuideWell Source
04.2023 - 11.2024

IT Vendor Risk Management (CONTRACTOR)

Panasonic
02.2021 - 03.2023

THIRD PARTY RISK MANAGEMENT (CONTRACTOR)

ARCADIS
07.2016 - 12.2020
  • CompTIA Security+
  • CISA
  • CISSP in progress (expected 05/01/24)
  • NIST RMF (FISMA, ARS framework)
  • ISO 27001
  • ISO 27002
  • SOC 2 (Type II), SSAE 18
  • SIG Questionnaire
  • Confidentiality, Integrity, Availability
  • CMS ARS 5.1 Controls
  • Acceptable Risk Safeguards 5.1
  • NIST SP 800-53, 800-53A, 800-60, 800-18, 800-37, 800-30, 800-137
  • HIPAA

B.S.C.E - Civil Engineering

New Jersey Institute of Technology

ASSOCIATE OF SCIENCE -

Essex County College

Similar Profiles

  • Monica Simmons

    Monica SimmonsMonica Simmons

    Quality Auditor at GuideWell SourceQuality Auditor at GuideWell Source

    View Profile
  • Jacqueline Wilson

    Jacqueline WilsonJacqueline Wilson

    SSO / Sr. Mg Security, Audit & Policy at GuideWell SourceSSO / Sr. Mg Security, Audit & Policy at GuideWell Source

    View Profile
  • Madison Phelps

    Madison PhelpsMadison Phelps

    Provider Enrollment Analyst at Guidewell SourceProvider Enrollment Analyst at Guidewell Source

    View Profile
DENNIS DE-TEKU