Helena Mensah
Dallas,TX
Summary
Over ten years' experience in IT security compliance work, including 3 years in NERC CIP compliance. Demonstrated experience by documenting policy and IT security artifacts in accordance with NIST. Certification and Accreditation (C&A), Risk Management Framework, Authorization to Operate (ATO) documentation, Risk Assessment, 70/SSAE 16 &18, PCI DSS, HITRUST and HIPAA.
Overview
12
12
years of professional experience
1
1
Certification
Work History
NERC CIP Compliance Analyst
Oncor Electric Delivery
Princeton, NJ
03.2021 - Current
- Responsible for providing oversight NERC SIP implementation guide, documents maintenance and tactical direction to company business units by complying with NERC CIP requirements
- Coordinating all efforts associated with NERC CIP requirement document and providing compliance overview of all the requirements
- Participating in drafting security policies and procedures pertaining to NERC CIP compliance, work plan, instructions, and documentation for the organization
- Do continuous monitoring of all NERC CIP compliance activities using RSA archer software
- Ensure that all changes pertaining to NERC CIP compliance activities are communicated to the management and stakeholders
- Conducted security audits to identify vulnerabilities.
- Collaborated with IT teams to integrate security measures into the development and deployment of new applications.
- Monitoring of IT General controls based on NERC CIP regulations
- Perform risk and control analysis of the audit areas under NERC CIP regulations
- Provide controls and guidelines to domain owners and testers
- Complete lesson learnt sessions and send out customer surveys to identify areas of improvement of NERC CIP regulations
- Collaborated with other departments to align quarterly information security goals, resulting in a% cost reduction
- Review and support NERC CIP through technology
- Work hand in hand with corporate compliance team to meet deadlines
- Obtain approvals by revising forms and rates
- Maintains professional and technical knowledge by attending educational workshops and reviewing professional publications
- Maintaining quality service by establishing and enforcing organization standards.
- Collaborated with cross-functional teams for the successful implementation of new compliance initiatives.
- Monitored adherence to industry regulations, ensuring timely reporting of any discrepancies or violations.
IT Risk and Compliance Analyst
Avangrid, Inc- Orange, CT
01.2019 - 12.2020
- Collaborated with other departments to align quarterly information security goals, resulting in a 14% cost-reduction
- Review and Support NERC CIP through technology
- Research regulations by reviewing regulatory bulletins and other sources of information
- Work hand in hand with corporate compliance team to meet deadlines
- Conducted comprehensive Audits including Risk Assessment, control Testing & Compliance evaluation
- Learn IT Audit engagements, overseeing a team of 6 Auditors and providing mentorship to the Junior Staff
- Conducted IT Assess controls and general controls
- Collaborated with external Auditors to ensure co-ordination and minimal duplication of efforts
- Documented Audit findings prepared detailed Reports & presented findings to Senior Management
- Contributed to the development of annual IT Audit Plan incorporating, immerging Risk and Technology Trends
- Prepare continuous improvement initiative to enhance the effectiveness and efficiency of controls
- Evaluated IT Policies and Procedures for compliance and best practices.
- Served as a subject matter expert on compliance matters, providing guidance and support to colleagues across various departments.
- Prepared documentation and records for upcoming audits and inspections.
- Enhanced regulatory compliance by conducting thorough risk assessments and implementing effective control measures.
- Responded promptly to inquiries from regulators or other stakeholders regarding company practices, demonstrating transparency and commitment to ethical conduct at all times.
- Collaborated with cross-functional teams for the successful implementation of new compliance initiatives.
- Monitored adherence to industry regulations, ensuring timely reporting of any discrepancies or violations.
Third Party Risk Analyst
USPS- Inceed (Contractor)
08.2019 - 07.2020
- Collaborated with cross-functional business units, IT, Security, Legal, Procurement, and Vendor Management to assess 3rd party risks
- Conducted due diligence and ongoing oversight of vendors by performing thorough risk assessments
- Enhanced standard work process to intake, assess and communicate 3rd party risks to business units
- Administered Standardized Information Gathering questionnaire, receive vendor response, risk assessment, and reporting using principles of NIST 800, ISO 27001, SOC 2 Type 2 and SSAE 18 standards
- Reviewed information security materials reported via third party tools to confirm that the level of risk reported is within acceptable limits for vendors in the program
- Continued monitoring and management of third-party vendor inventory in database
- Played a key role in security reporting & metrics leading to risk reduction, trending, and overall security posture improvements.
Risk Analyst II
Siemens– HCL America (Contractor)
04.2016 - 07.2019
- Led Kick-off meetings and determined scope for meetings
- Managed, identified, and reported the company's compliance, regulatory, legislative, and contractual requirements based on Service Organization Controls (SOC) 2
- Documented and evaluated SOC 2 controls while identifying gaps for remediation
- Provided analysis Comprehensive understanding and experience with SOX, SOC 2, PCI, NIST, HIPAA and HITRUST
- Experienced with working with GRC (Governance, Risk and Compliance) tools, managed controls, and tasks through an automated tool
- Assisted in testing controls and documenting risks, and collating remediation strategies to assist clients in getting certifications such as the SOC 2 Type 2 and HITRUST
- Performed review of third-party risk assessments for conformance to program objectives and methodology
- Assisted in developing questionnaires for third- parties based on ISO27001 framework
- Effectively monitored and tracked gaps or exceptions and mitigation plans of vendors to ensure a timely resolution
- Tracked and analyzed risk metrics to understand the Bank's overall third-party risk exposure
- Coordinated efforts between Third-Party Risk Management and the business units to resolve exception/exposure items and prepare responses for Senior Management inquiries
- Assisted in researching, reviewing, developing, and maintaining Third-Party Risk Management policies and standards to comply with federal and state regulatory laws
- Provide analysis and commentary regarding significant third-party risk exposure and third-party concentration issues
- Analyzed business processes, procedures, and information requirements to resolve problems, improve workflow, and process efficiency.
- Assessed emerging risks through ongoing research and monitoring of industry trends, proactively addressing potential threats before they materialized into significant issues.
- Collaborated on implementation of collection strategies with collections, risk and fraud teams.
Security Analyst
State Farm Ins. Contractor
06.2012 - 03.2016
- Obtained and reviewed evidence of PCI compliance
- Supported the completion of the annual PCI DSS Report on Compliance
- Recommended changes to internal processes and procedures when deficiencies were identified
- Managed and communicated key compliance milestones
- Facilitated interaction between the business and organization's PCI DSS Qualified Security Assessor (QSA)
- Ensured that third-party compliance processors are PCI compliant with the organization, and provided evidence to prove they are compliant.
- Performed risk analyses to identify appropriate security countermeasures.
- Monitored use of data files and regulated access to protect secure information.
- Analyzed log files for anomalies, identifying potential intrusions or malicious activity before significant damage occurred.
- Maintained up-to-date knowledge of emerging threats by attending professional development events and staying informed on industry trends.
Education
MBA in Management -
Texas Woman's University
Texas, USA01.2011
Bachelor's in Interdisciplinary Studies -
University Of Texas Arlington
Texas, USA01.2006
Skills
- IT Governance, Risk and Compliance,
- IT Remediation Strategy, Vulnerability Assessment, Disaster Recovery/Planning, IT Audit &
- Risk assessment,
- Control Testing & compliance,
- Report writing & Presentation and Project management, Advanced knowledge on MS Office (Word, Visio, Excel, PowerPoint, Access, Outlook, PeopleSoft, workday, Oracle)
- Vulnerability Assessment
- Threat Intelligence
- SIEM management
- Incident Response Management
- Risk Management
- Network Security
- Phishing Detection
Certification
- Certified in Security+
- CISA Certification
Timeline
NERC CIP Compliance Analyst
Oncor Electric Delivery
03.2021 - Current
Third Party Risk Analyst
USPS- Inceed (Contractor)
08.2019 - 07.2020
IT Risk and Compliance Analyst
Avangrid, Inc- Orange, CT
01.2019 - 12.2020
Risk Analyst II
Siemens– HCL America (Contractor)
04.2016 - 07.2019
Security Analyst
State Farm Ins. Contractor
06.2012 - 03.2016
MBA in Management -
Texas Woman's University
Bachelor's in Interdisciplinary Studies -
University Of Texas Arlington