Mawuli Senoo

• Collaborate with a team of assessors to conduct security control assessments on all enterprise inscope assets to ensure they were compliant with PCI-DSS, HIPPA, ISO, and NIST regulatory frameworks.

• Schedule meetings with the Senior Assessors, ISSO, and various system owners.

• Ensure all discussed items are accurately logged in the meeting minutes for recording keeping and tracking purposes.

• Assist in the development, maintenance, and revision of policies, standards, procedures, and guidelines of security programs.

• Work with a team of Information System Owners, Developers and System Engineers to select and implement tailored security controls in safeguarding system information.

• Review security controls and provided implementation responses as to if/how the systems are currently meeting the requirements.

• Performed risk and control assessment for all medium and high-risk third-party service providers to evaluate the effectiveness of control systems.

• Collaborated with teams across various internal business lines and external groups to mitigate 3rd and 4th party risk exposure.

• Reviewed SOC reports, penetration test report, vulnerability scan reports, business continuity plan, disaster recovery and incidence response plans as supporting evidence backing up the information security questionnaire.

• Partnered with key stakeholders to research reviews and document risk and controls, including risk associated with new or modified products, services, distribution channels, regulations, and third-party operations.

• Evaluated, monitored, and reported on the adequacy of artifacts provided to evidence remediation of issues, audit findings and regulatory requirements.

• Responded to security questionnaires and inquiries related to the company’s compliance program.

• Leveraged existing organization’s RMF process, review and determine if system/application documentations are accurate, up to date, and displayed thorough details to support the Security Control Assessment/Validation process.

• Sound understanding and experience with NIST Risk Management Framework (RMF) process. Performed assessments and document creation using NIST SP 800-53 Rev.4.

• Performed Information Systems Security Audits and Certification and Accreditation (C&A) Test in compliance with the NIST standards.

• Performed continuous monitoring of security controls to ensure that they are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the cybersecurity requirements for assigned IT systems.

• Assisted with pre-assessment preparation. • Performed assessments, POA&M Remediation, and document creation using NIST SP 800-53.