ISAAC ABRAHAM
Washington DC,United States
Summary
An Information Cybersecurity and IT Audit professional with extensive experience securing cloud environments, managing Third-Party Risk Management (TPRM) programs, and implementing Governance, Risk, and Compliance (GRC) solutions. Skilled in applying the Risk Management Framework (RMF) and ensuring compliance with standards such as HIPAA, HITRUST, PCI DSS, ISO 27001, SOC 2, NIST, COBIT, COSO, ITIL, SOX, CMMC, FedRAMP, StateRAMP, NAIC and, GDRP. Proficient in conducting risk assessments, strengthening vendor compliance, and leveraging cloud technologies (AWS, Azure, GCP) to enhance security posture. Experienced in automating security processes using Python to drive efficiency and mitigate enterprise-wide risks. Possess a strong understanding of IT systems, networks, databases, and security protocols, enabling effective collaboration with technical teams to improve security and reduce vulnerabilities. Adept at aligning security objectives with business goals and partnering with cross-functional teams to ensure compliance in highly regulated environments. Maintain a baseline understanding of technical concepts and a growing interest in emerging technologies such as Artificial Intelligence (AI), with the ability to engage in meaningful discussions on their impact on security and compliance. Citizenship: United States and Clearable
Overview
8
8
years of professional experience
1
1
Certification
Work History
Information Security Analyst | IT Security Auditor
Teleperformance
08.2022 - Current
- Manage and enhance GRC programs by implementing risk management frameworks and ensuring compliance with SOX, PCI DSS, ISO 27001, and FedRAMP, reducing risk exposure by 15%.
- Led SOX compliance initiatives by conducting ITGC assessments and applying NIST frameworks, reducing audit exceptions by 20% and increasing compliance efficiency.
- Oversaw POA&M lifecycle management, tracking remediation efforts, coordinating with stakeholders, and ensuring timely closure, reducing outstanding risks by 30%.
- Led a robust Third-Party Risk Management (TPRM) program, performing risk assessments for 100+ cloud vendors using OneTrust, resulting in a 30% reduction in vendor-related risks.
- Authored and maintained 30+ System Security Plans (SSPs) to support GRC and regulatory compliance, enhancing documentation quality and reducing audit preparation time by 40%.
- Optimized GRC workflows by managing and customizing processes within Archer, improving compliance tracking and reporting accuracy.
- Deliver 25+ detailed audit reports, addressing risk findings and proposing over 40 mitigations that strengthened compliance with regulatory frameworks and reduced risks by 20%.
- Perform HIPAA compliance assessments, reducing gaps by 30% through targeted remediation and implementation of technical and administrative safeguards.
- Led efforts to improve adherence to HIPAA Security Rule requirements by 45% through comprehensive assessments and control enhancements.
Information Security Analyst | Governance, Risk and Compliance Analyst (GRC)
SLEKS Technology Services
05.2019 - 08.2022
- Conducted security assessments for 15+ federal systems, ensuring alignment with RMF, HIPAA, HITRUST, and NIST requirements, improving system compliance by 25%.
- Performed security control assessor (SCA) role as part of the Assessment and Authorization process to include analysis requirements, reviewing, reporting, and documentation.
- Conducted security control assessments based on NIST SP 800-53 Rev. 4, and NIST 800-37 Rev.1
- Performed reviews and updates to information security standards based on emerging risks/threats, regulatory requirements, and business needs, as directed.
- Reviewed the security documents such as the System Security Plans (SSP), Contingency Plans (CP), Privacy Impact Assessments (PIA), and Risk Assessments (RA) documents per NIST 800 guidelines for various agencies as part of the assessment process.
- Assisted with development of Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plan of Action and Milestone (POA&M) Hands-on experience with AWS big Data services
- Led TPRM initiatives, evaluating and remediating risks associated with third-party vendors, achieving a 95% compliance rate with SOC 2 and FedRAMP standards.
- Enhanced GRC program management by leveraging Archer to track risks, automate workflows, and ensure compliance reporting, improving incident response time by 20%.
- Developed and delivered a detailed System Security Plan (SSP) and Plan of Action and Milestones (POAM), outlining mitigation strategies for all identified gaps, reducing non-compliance risks by 80%.
- Evaluated over 30+ IT systems and network configurations, identifying 15+ critical security gaps, leading to enhanced control implementation and risk mitigation.
Senior IT Auditor | IT Compliance Analyst
Unicorn Consulting
01.2017 - 05.2019
- Performed audit with IT general controls such as, access control, change management, IT operations, disaster recovery and platform reviews (Windows and UNIX OS)
- Performed internal and external IT risk assessments; conducted gap analysis against industry standards, and provided recommendations on mitigation options
- Evaluated segregation of duties over application security involving the company's ERP systems (SAP, PeopleSoft, and Oracle Financials) and execute audit strategy
- Provided IT risk assessments and SAS 70 /SSAE18 and conducted review of data centers, extranets, telecommunications and intranets to access controls and ensure availability, accuracy and security under all conditions
- Validated IT control implementations, performs risk-based audit, and performs walkthrough on controls.
- Reviewed Corrective Action Plan (CAP; validates remediation control and follow-up on the remediation process.
- Provided consulting for Sarbanes-Oxley compliance with respect to the development and testing of SOX 404 IT controls.
- Conducted ITGC, HIPAA, SOX, and cloud audits for 20+ systems, reducing audit exceptions by 15% and improving overall compliance with SOC 2, HITRUST, and PCI DSS standards.
- Conducted 50+ security assessments on IT systems, ensuring 100% compliance with NIST 800-53 and FedRAMP for cloud environments, improving overall system security.
- Managed SOC report reviews for third-party vendors, ensuring 100% compliance with SOC 2, HITRUST, PCI DSS, and COSO standards.
- Conducted Business Impact Analyses (BIAs) for cloud-hosted services, ensuring operational continuity and regulatory alignment with COBIT and SOX frameworks.
Education
Bachelor of Science - Mass Communication, Minor in Computer Science
University of Lagos
Skills
- Cloud Security & Compliance: AWS, Azure, GCP
- Third-Party Risk Management (TPRM): Vendor Risk Assessments, SOC 2, HITRUST, Risk Mitigation
- Risk Management Framework (RMF): NIST SP 800-37, SCA, Continuous Monitoring (ConMon)
- Governance, Risk, and Compliance (GRC): OneTrust, Archer, BitSight, LogicManager
- Compliance Frameworks: HITRUST, CMMC, FedRAMP, SOC 2, ISO 27001
- Regulatory Standards: HIPAA, NAIC, FISMA, SOX, GDPR, IRS PUB 1075
- Governance Frameworks: COSO, COBIT, ITIL
- Identity and Access Management (IAM): AWS IAM, Azure AD, RBAC
- Programming: Python, Ruby, R
- Security Tools & Platforms: Splunk, Nessus, Qualys, AWS CloudTrail, Microsoft Intune, Azure Sentinel
- Project Management & Collaboration Tools: Smartsheet
- Microsoft Office: Word, PowerPoint, Excel
Certification
- Certified Information Systems Auditor (CISA)
- CompTIA Security+
- CompTIA Cybersecurity Analyst (CySA+)
- AWS Certified Cloud Practitioner
- (ISC)² Certified Authorization Professional (CAP)
Affiliations
- The Computing Technology Industry Association (CompTIA)
- The International Information System Security Certification Consortium (ISC)²
- The Information Systems Audit and Control Association (ISACA)
Timeline
Information Security Analyst | IT Security Auditor
Teleperformance
08.2022 - Current
Information Security Analyst | Governance, Risk and Compliance Analyst (GRC)
SLEKS Technology Services
05.2019 - 08.2022
Senior IT Auditor | IT Compliance Analyst
Unicorn Consulting
01.2017 - 05.2019
Bachelor of Science - Mass Communication, Minor in Computer Science
University of Lagos
Similar Profiles
Jonathan Alexis Rodríguez SalmeronJonathan Alexis Rodríguez Salmeron
Representante De Servicio De Atención al Cliente at TeleperformanceRepresentante De Servicio De Atención al Cliente at Teleperformance
Kunal VishnoiKunal Vishnoi
Senior Customer Service Representative at TeleperformanceSenior Customer Service Representative at Teleperformance
ERIC ALVAREZERIC ALVAREZ
SALES REPRESENTATIVE at TeleperformanceSALES REPRESENTATIVE at Teleperformance
Pauline Mae CaspePauline Mae Caspe
Business Intelligence Analyst at TeleperformanceBusiness Intelligence Analyst at Teleperformance
Chrisitian AcostaChrisitian Acosta
Cook/Cashier at DuPont MarketCook/Cashier at DuPont Market