Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Languages
Timeline
Generic

ERNESTINA KORKOR GYIMAH

Cypress

Summary

Highly motivated and results-driven Cyber Security Analyst with over 12 years of experience in information security, specializing in risk analysis, regulatory compliance, and cybersecurity frameworks. Adept at solving complex business and data protection challenges with expertise in NIST, FISMA, HIPAA, SOC2, and other compliance standards. Known for exceptional work ethic, attention to detail, and consistent delivery of top-quality results in high-pressure environments.

Overview

15
15
years of professional experience
2
2
Certification

Work History

Information Security Risk Analyst/ Insider Risk Analyst

Cepheid (Match point Solutions)
11.2023 - Current
  • Performed comprehensive vendor security risk assessments on solutions and projects.
  • Performed vulnerability scans for applications.
  • Work closely with Security/ CISO team, assess, design, document, and guide security services towers. Implementing, Managing, Governing security Process, Procedures and Standards to ensure Managed Security services is compliance to the pre-defined cyber-security policies.
  • Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances business objectives.
  • Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
  • Analyze user activity data to identify potential insider threats and security breaches.
  • Monitor and evaluate security controls to ensure compliance with established policies and procedures.
  • Collaborate with cross-functional teams to investigate and respond to security incidents.
  • Develop and implement strategies to mitigate insider threats and enhance cybersecurity posture.
  • Provide recommendations for improving security policies, procedures, and technical controls.
  • Stay current with industry trends and best practices in information assurance and insider threat detection.
  • Defines and documents business process responsibilities and ownership of the controls in GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.

Cyber Security Analyst

CenterPoint Energy
10.2022 - 06.2023
  • Performed comprehensive security risk assessments on solutions.
  • Performed vulnerability scans for applications.
  • Investigated exception reports and sought approval.
  • Data Analytics using PowerBi
  • Managed various customer compliance audits to ensure the deliverable was issued in a timely manner by coordinating with external auditors, provided sufficient artifacts to fulfill the auditor’s request, and communicated with internal stakeholders for audit status and areas of improvements.
  • Implemented the CIP 007 for system security Management by implementing patch management, management of ports and services, malware prevention, event logs management, privileged account implementation and password and credential management.
  • NOC experience, I was involved in the network support, network administration and management for the company’s security protocols by updating, troubleshooting, and installing software on systems connected to the network.
  • Conferred with business and technology teams to discuss issues pertaining to their compliance and information security needs related to new business lines, technologies, and customer data handling.
  • Provided expert support for our SOC2, HIPAA, HITRUST, FCRA compliance initiatives and projects.
  • Developed security controls and policies for identity and access management systems like Sailpoint, CyberArk, Splunk and Active Directory.
  • Developed controls and processes in line with NIST, AICPA, NERC CIP and other compliance frameworks.
  • Implemented and monitored compliance and security measures for the protection of computer systems, networks, and data.
  • Prepared and documented standard operating procedures and protocols.
  • Configure and troubleshoot security infrastructure technology.
  • Proposed/researched technical solutions and review security tools to help mitigate security vulnerabilities and automate repeatable tasks.
  • Ensured that the company knows as much as possible, as quickly as possible about security incidents and compliance risk.
  • Wrote comprehensive reports including assessment-based findings, outcomes, and risk assessments.
  • Maintained awareness of IT/ Security industry trends, evaluate new solutions and techniques, as well as remained aware of emerging threats.
  • Reviewed Threat and Vulnerability reports and created detailed Action Plans to address risks for company and vendors.
  • Oversaw security testing of infrastructure and applications.

Cyber Security Analyst

Sykes Enterprise Inc
06.2020 - 09.2022
  • Worked with NIST 800-53 Rev 3 and can clearly discuss and document how the various systems meet or do not meet the assigned controls, how the control is being remediated, submit and present exception requests as needed, review assessment
  • Reported, and assisted in completing Plan of Actions and Milestones.
  • Experience in continuous improvements of system security program.
  • Provided technical guidance and support as needed by the team
  • Acted as liaison to DTMB and Treasury for the Keylight system security assessment process.
  • Worked with management on strategies for annual system security and risk plan development.
  • Data Analytics using Power Bi
  • Defined, implemented and maintained the IT security technical architecture design methodology and best practices.
  • Provided technical system security expertise as it relates to the integration of systems, middleware, services, database design, hardware/server, and tools, to IT project business.
  • Lead and coordinate with other technical resources in the overall system design.
  • Manage critical cybersecurity events in a central ticketing system from the time the event is detected through the alerting process.
  • Security Incident and Event Monitoring (SIEM) experience
  • Developed security controls and policies for identity and access management systems like Sailpoint, CyberArk, Splunk and Active Directory.
  • Provided analysis of Information Security Events and determine true or false positive; and execute appropriate response procedures.

Information Security Analyst

Millicom Ghana Limited
01.2011 - 01.2016
  • Assisted IT with maintaining compliance with various regulatory requirements including NIST, HIPPA, ISO and PII.
  • Conducted internal IT self-assessments and worked closely with internal/external auditors regarding IT security audits and/or assessments (e.g. network, operating system and datacenter), including identifying, evaluating and mitigating vulnerabilities.
  • Assisted in the analysis, design, development, testing, documentation and implementation of information and cybersecurity solutions, security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security.
  • Monitored, researched, analyzed, and interpreted applicable regulations to determine applicability and risks to IT operations.
  • Identified and communicated recommended/required security controls and documents and monitored control implementation.
  • Tracked audit and compliance remediation efforts and escalation of issues not properly addressed.
  • Assisted in the development of new, and updates to existing information security policies, standards, guidelines and procedures based on industry best practices and regulatory requirements.
  • Conducted annual security policies, standard, guidance, and procedural reviews, as required by the controls framework.
  • Developed and maintained broad knowledge of information security best practices and trends.
  • Drove compliance efforts within IT and supporting 3rd parties. (Vendor management)
  • Promoted safety awareness and follows safety procedures in an effort to reduce or eliminate compliance non-conformities and accidents.
  • Maintained a Risk Controls Matrix (RCM) that aligns with applicable regulatory and compliance requirement frameworks.
  • Managed and coordinated the review process for documented IT compliance-related risks with IT Security Leads and managed those risks to the appropriate level of acceptable residual risk.
  • Ensured proper identification, documentation, and approval of Policy/Control exceptions and risk acceptance activities.
  • Performed other duties as assigned.

Education

B.Sc. - Computer Engineering

Kwame Nkrumah University of Science and Technology
01.2010

Skills

  • Risk Management Framework (RMF), NERC CIP standards, and Policy Development
  • Identity & Access Management (IAM): SailPoint, CyberArk, Splunk, Active Directory
  • Data Analytics (Power BI), DevOps experience, and Automated Deployments
  • Vulnerability Management, Threat Analysis, and Insider Risk Detection
  • Security Governance (NIST 800 series, HIPAA, SOC2 compliance frameworks)
  • Excellent interpersonal, verbal, and written communication

Accomplishments

  • Partnered with the Security/CISO team to assess, design, and document security service towers, ensuring alignment with enterprise policies.
  • Implemented security controls and risk assessment frameworks aligned with regulatory requirements (NIST, HIPAA, SOC2, GDPR, CCPA), ensuring sustainable compliance.
  • Automated governance processes through GRC tools (ServiceNow, Archer), continuously monitoring controls, exceptions, risks, and testing.
  • Developed reporting metrics, dashboards, and evidence artifacts to support audits and compliance reviews.
  • Defined and documented business process responsibilities and ownership of controls in GRC tools; scheduled regular assessments to test effectiveness and efficiency.
  • Implemented and monitored compliance measures for the protection of systems, networks, and data.
  • Developed IAM security controls and policies for SailPoint, CyberArk, Splunk, and Active Directory.
  • Provided recommendations to improve security policies, procedures, and technical controls while staying current with industry trends and best practices.

Certification

  • CISM Certification
  • CompTIA Security+ certification

Languages

English
Full Professional

Timeline

Information Security Risk Analyst/ Insider Risk Analyst

Cepheid (Match point Solutions)
11.2023 - Current

Cyber Security Analyst

CenterPoint Energy
10.2022 - 06.2023

Cyber Security Analyst

Sykes Enterprise Inc
06.2020 - 09.2022

Information Security Analyst

Millicom Ghana Limited
01.2011 - 01.2016

B.Sc. - Computer Engineering

Kwame Nkrumah University of Science and Technology

Similar Profiles

CREATE PROFILE
ERNESTINA KORKOR GYIMAH