Summary
Overview
Work History
Education
Skills
Certification
Timeline
Harrison Ofori Nketiah

Harrison Ofori Nketiah

GRC COMPLIANCE ANALYST
Upper Marlboro,MD

Summary

High-achieving Senior Compliance Analyst with over 6 years of experience managing enterprise-wide compliance programs, specializing in FedRAMP, ISO 27001, NIST 800-53, HIPAA, and SOC-2 frameworks. I am skilled in conducting risk assessments and compliance gap analysis, addressing significant control deficiencies, and lowering organizational risk scores. My career has shown a pattern of exceeding expectations and using my extensive knowledge to advance. I seek opportunities that will highlight my exceptional skills, recognize my contributions, and reward me accordingly. I thrive in environments where I can lead, excel, and benefit directly from my superior abilities. Collaborates with cross-functional teams to strengthen risk frameworks, reducing incident response times by 30% and improving compliance by 15%.

Overview

7
7
years of professional experience
3
3
Certification

Work History

Sr. GRC Compliance Analyst

– ExcelMindCyber,
01.2026 - Current
  • Conducted regular reviews of company policies and procedures for alignment with regulatory requirements and industry best practices.
  • Collaborated with cross-functional teams for the successful implementation of new compliance initiatives.
  • Assisted in the development of a comprehensive risk assessment framework for evaluating potential threats to organizational compliance systems.
  • Prepared documentation and records for upcoming audits and inspections.
  • Enhanced regulatory compliance by conducting thorough audits of internal policies and procedures.
  • Reviewed audit and monitoring reports related to consumer and client activities.

Governance, Risk and Compliance (GRC) Analyst

StopSO
01.2021 - 12.2025
  • Updated at least 10 cybersecurity policies, standards, and procedures annually, ensuring 100% alignment with industry best practices and regulatory requirements.
  • Oversaw compliance with relevant regulations (GDPR, HIPAA, PCI DSS) and industry standards to safeguard organizational data.
  • Conducted security risk assessments for 10+ new vendors annually, ensuring adherence to security policies and reducing vulnerabilities.
  • Conducted regular audits of Splunk logs to ensure accuracy and compliance with regulatory standards such as PCI-DSS, HIPAA, and NIST, improving the organization's overall security posture.
  • Developed custom Splunk alerts and reports for critical compliance metrics, facilitating a reduction in incident response time by 30% and supporting GRC requirements.
  • Strengthened risk management frameworks by 25%, aligning with NIST Special Publication 800-series and ISO standards.
  • Monitored vendor performance, achieving 95% adherence to security KPIs, KRIs, and SLAs, improving security posture.
  • Leveraged GRC tools like RSA Archer and ServiceNow to track and manage security incidents, reducing incident response time by 30%.
  • Led comprehensive risk assessments and audits to ensure compliance with industry standards and enhance security posture by 15%.
  • Identified control deficiencies during SOX audits, collaborating with stakeholders to develop corrective actions and improve control frameworks.
  • Evaluated assessment artifacts to verify compliance with NIST SP 800-53 rev 4 control requirements.
  • Reviewed the effectiveness of existing controls by examining security questionnaires, independent audit reports (SOC 2, HITRUST, ISO), and artifacts, ensuring vendor compliance.

Risk and Compliance Analyst

IP Keys Technologies
Annapolis Junction, MARYLAND
07.2021 - 12.2021
  • Worked closely with cross-functional teams to foster a culture of compliance and ensure that governance policies were effectively implemented across the organization.
  • Led SOC II audit process and achieved an approximately 80% compliance rate with no major findings.
  • Coordinated with IT departments to implement robust cybersecurity measures that safeguarded critical infrastructure from emerging threats.
  • Improved risk management frameworks through continuous review and modification of existing procedures.
  • Developed comprehensive risk assessments, contributing to proactive mitigation strategies.

ISSO /Cybersecurity Analyst

BEAT LLC
ALEXANDRIA, VA
02.2019 - 10.2019
  • Reviewed vulnerability scan results for compliance.
  • Verified vulnerability reductions after change implementations occur.
  • Produced reports for key stakeholders, with documentation of the risks identified and clear recommendations for remediation actions for found vulnerabilities.
  • Performed risk assessments by conducting accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of assigned information systems.
  • Worked with security leadership and stakeholders to identify remediation strategies and plans to enforce security requirements and address risks identified in the risk assessment process.
  • Performed vulnerability/risk analyses during all phases of the system development life cycle.
  • Developed comprehensive security policies, procedures, and training materials to strengthen organizational security posture.

ISSO

NAVAIR
11.2016 - 03.2018
  • Performed document review and quality assurance for the System Owner and ISSO on the development of Assessment and Authorization (A&A) artifacts.
  • Developed Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities.
  • Ensured that selected security controls are implemented and operating as intended during all phases of the Information System lifecycle.
  • Supported the full life cycle of drafting Authorization to Operate (ATO) packages for new and existing systems by updating the following documents: System Security Plan, Contingency Plan, Disaster Recovery Plan, Incident Response Plans, Business Impact Analysis, Configuration Management Plans, Risk Assessment, E-authentication, and Plan of Actions and Milestones (POAMs).

Education

Bachelor of Science - Accounting

University of Phoenix, MARYLAND (CAMPUS) GREENBELT
05-2012

Skills

  • Security Tools: Splunk, ArcSight, RSA Archer, QRadar, Nessus, Qualys, OpenVAS, Nmap, Wireshark, Firewalls, IDS/IPS
  • Incident Management: ServiceNow, Jira
  • Frameworks and Compliance Standards: NIST AI RMF, ISO/IEC 24029, PCI-DSS, ISO 27001, GDPR, HIPAA, SOX, FedRAMP, HITRUST, SOC I, SOC II, TPRM
  • Cybersecurity: Risk Management, Data Security, Incident Response, Threat Intelligence, Third-Party Vendor Assessment and Management, Security Documentation, Reporting, Technical Controls Implementation
  • Server Soft Skills: Analytical, Critical Thinking, Multitasking, Communication, Teamwork, Problem-Solving, Organizational Skills
  • Technical Tools: Scrum, Tableau, ERP System Administrator, Salesforce, Smartsheet, Agile, Excel, Microsoft Office tools
  • Investigations expertise
  • Reporting skills
  • Documentation skills
  • Compliance monitoring
  • Internal auditing
  • Risk identification

Certification

  • CompTIA Security +
  • CompTIA CYSA+ CE
  • CompTIA CASP+ CE
  • Project Management Professional (PMP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)

Timeline

Sr. GRC Compliance Analyst - – ExcelMindCyber,
01.2026 - Current
Risk and Compliance Analyst - IP Keys Technologies
07.2021 - 12.2021
Governance, Risk and Compliance (GRC) Analyst - StopSO
01.2021 - 12.2025
ISSO /Cybersecurity Analyst - BEAT LLC
02.2019 - 10.2019
ISSO - NAVAIR
11.2016 - 03.2018
University of Phoenix - Bachelor of Science, Accounting
Harrison Ofori NketiahGRC COMPLIANCE ANALYST