George Boateng
IT Audit & Compliance Analyst
Cantonment,FL
Summary
Accomplished IT Audit & Security Compliance Professional with 10+ years of experience in information assurance, cybersecurity, compliance, and risk management. Demonstrated skill identifying business risks and compliance issues and designing proactive solutions. Hands on experience conducting third risk party assessments and finding remediation's based on program volumes or for highly visible and/or most complex requests. Advanced knowledge of NCUA, FFIEC, GLBA, ISO 27001/27002, SANS20, PCI DSS, and other Information security requirements and frameworks. Knowledge of and experience in auditing principles and frameworks such as NIST, and SANS. Experience in using FISMA and applicable NIST Special Publications e.g. FIPS 199, 200, SP 800-30, 800-53r4, 800-60 and 800-137.
Overview
17
17
years of professional experience
6
6
years of post-secondary education
4
4
Certificates
Work History
Info Sec -Third Party Risk Analyst
Navy Federal Credit Union-Heritage Oaks
Pensacola, FL
10.2017 - Current
- Plan, implement, and support cybersecurity projects, ensuring they are
delivered on time, within scope, and meet the desired objectives - Collaborate with partners to define project requirements and manage resources effectively
- Conduct comprehensive risk assessments of third-party vendors, resulting in effective risk mitigation strategies
- Conduct comprehensive cybersecurity assessments of suppliers and software based on prescribed evaluation criteria and policies/regulations, ensuring timely and accurate delivery of reports
- Oversee continuous monitoring of implemented security controls
- Assess subset of controls on a recurring basis to ensure continual compliance with security requirements
- Evaluate and recommend cybersecurity tools, technologies, and services to enhance the organization's security capabilities
- Identify, assess, and effectively manage cybersecurity risks in complex IT environments, providing detailed threat profiles and security recommendations for strategic sourcing decisions
- Oversee NFCU's cybersecurity and awareness training program together with Learning & Development (L&D) team to review training content and choose the courses that must be taken by our employees
IT Risk & Compliance Analyst
Navy Federal Credit Union
Pensacola, FL
04.2015 - 10.2017
- Spearheaded successful information security assessments of third-party vendors, ensuring the protection of confidential data and mitigating potential risks
- Revamped risk/vulnerability assessment programs and questionnaires, leading to improved identification and mitigation of security risks
- Documented and assessed information security vulnerabilities in the IT environment, collaborating with business owners, risk management, and vendor representatives
- Developed and implemented tasks for remediation of identified vendor risks and vulnerabilities, achieving negotiation of efficient completion dates
- Tracked remediation progress and provided comprehensive reporting to key stakeholders
- Monitored industry sources for emerging vulnerabilities, recommending measures to minimize the organization's risk exposure
- Assisted in the implementation of various cybersecurity programs, including incident response, application cybersecurity, vulnerability management, cyber operations, cloud and infrastructure cybersecurity, data protection, and privacy, and risk management and compliance
- Supported cybersecurity threat assessments to identify potential risks and vulnerabilities
- Contributed to the review and updating of company processes, policies, and standards related to cybersecurity, ensuring compliance with relevant laws and regulations
- Subject matter expert in providing support for security compliance and audit activities as needed
Information Security Controls Analyst
Navy Federal Credit Union-Heritage Oaks
Pensacola, FL
10.2010 - 04.2015
- Assessed Secure Systems Development Framework compliance across Navy Federal's operations and assist with remediation activities
- Evaluated design and effectiveness of security controls based on various frameworks such as FISMA, CIRM NIST SP 800-53, ISO 27001/27002, PCI-DSS, CIS Critical Security Controls, and NIST Cybersecurity
- Developed and maintained security policies, standards, procedures, and guidelines to ensure compliance with regulatory requirements such as FISMA, GLBA, FFIEC, NCUA, etc
- Collaborated with Info Sec team to create and maintain NFCU System Security Plan (SSP) based on FISMA, NIST Special Publication series, ISO 27000 series, and Navy Federal's control requirements
- Contributed to maintaining industry-leading solutions for PCI and other evolving cybersecurity compliance frameworks by staying abreast of latest developments and actively pursuing continuing education
- Effectively communicated information, concepts, and metrics related to cybersecurity in a confident and well-organized manner through verbal, written, and visual means
- Played a crucial role in protecting the company and its customers from cyber-attacks by implementing cutting-edge cybersecurity measures
- Monitored changes in cybersecurity regulations and industry standard methodologies, providing guidance to the organization to adapt to new requirements proactively
- Expertly provided IT controls and risk data to facilitate reporting on control gaps and overall effectiveness of control environment
- Performs IAM operational tasks to ensure proper follow-up and response Incident response, triage, and resolution
- Achievements:
Supported successful completion of FISMA audits by providing evidence of security controls implementation and testing
Enhanced security awareness program by creating and delivering training sessions on topics such as phishing, password management, data protection,
etc
Fraud Investigator
Navy Federal Credit Union
Vienna, VA
02.2009 - 10.2010
- Conducted bench-marking and trend analysis to drive continuous improvement and elevated service performance, increased member experience quality, reduced losses, minimized financial risk, and maintained high operational efficiency
- Managed incoming over 30+ fraud claims per day to ensure SLAs with card regulations (e.g., VISA, MC, etc.) are met
- Ensured that work quality, work methods, procedures, processes, and production statistics meet business goals and standards for compliance
- Collaborated with CFP Training to educate/develop processes and procedures for Card Fraud and Business Units' staff to ensure timely and accurate review, and escalation of member incidents
- Maintained thorough knowledge of and ensured compliance with applicable federal and state laws, rules, regulations, NFCU policies and procedures, and service level agreements
- Performed quarterly and annual system audits to help Navy Federal stay in compliance with PCI DSS framework
- Reviewed reports and individual transactions which appeared suspicious to uncover possible fraudulent activity.
Disbursement Reconciliation Specialist
Navy Federal Credit Union
Vienna, VA
03.2007 - 02.2009
- Maintained account accuracy by reviewing and reconciling checks monthly
- Handled day-to-day accounting processes to drive financial accuracy
- Strengthened financial operations by conducting bank reconciliations and financial reporting
- Reconciled company bank, credit card and line of credit accounts, investigating and resolving discrepancies to keep accounts audit-ready
- Balanced and reconciled core checks, drafts issued daily at Navy Federal Branches and Headquarters, items presented for payment from Federal Reserve Bank (FRB) and other financial institutions, and items that have been rejected by the ARP/SMS posting system and items to be returned to the FRB
- Reconciled various banks within ARP/SMS system and verify financial data obtained from upload files of checks/drafts and HRIS, Lien Recording, Credit Card, and Share Withdrawal are in balance. Prepared, documented, and executed project testing (including but not limited to Business Requirement review, test planning and coordination, test script development and test case creation and execution)
Education
Bachelor of Arts - Business Administration And Management
Marymount University
Arlington, VA 08.2010 - 06.2013
Bachelor of Science - Accountancy
Kumasi Technical University (Kumasi Polytechnic)
Kumasi 08.1998 - 06.2001
Skills
Risk Assessments
Expert in FISMA compliance
Technical Writing
System Monitoring
ServiceNow, Remedy, Vendoor
EMASS, CSAM, XACTA
Excellent Communication
Attestation of PCI Compliance
Vendor Risk Management
Compliance
Due Dilligence
Documentation
Facilitation
Third-party collaboration
Information Protection /Security
Affiliations
ISACA
ISC2
PRMIA
SANS
Certification
CompTIA Security Plus - Current
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Quote
There is a powerful driving force inside every human being that, once unleashed, can make any vision, dream, or desire a reality.
Tony Robbins
Timeline
Info Sec -Third Party Risk Analyst
Navy Federal Credit Union-Heritage Oaks
10.2017 - Current
IT Risk & Compliance Analyst
Navy Federal Credit Union
04.2015 - 10.2017
Information Security Controls Analyst
Navy Federal Credit Union-Heritage Oaks
10.2010 - 04.2015
Bachelor of Arts - Business Administration And Management
Marymount University
08.2010 - 06.2013
Fraud Investigator
Navy Federal Credit Union
02.2009 - 10.2010
Disbursement Reconciliation Specialist
Navy Federal Credit Union
03.2007 - 02.2009
Bachelor of Science - Accountancy
Kumasi Technical University (Kumasi Polytechnic)
08.1998 - 06.2001