Summary
Overview
Work History
Education
Skills
Timeline

Kharlifa Abbey

O'Fallon,MO

Summary

CAREER SUMMARY I am a Carrier -driven, self-motivated and confident person who has Meticulous attention to detail and a passion for security, I have the ability to work accurately at pace and strong passion for auditing, Designing, testing controls, implementing and creating of documentations and in particular helping the organization I am working for achieve its goals and commercial objectives. I have the ability to work well with others and to find a collaborative solution to any problem. Strong communication skills and are ready to learn. I have 6 years of experience in Industry Best Practices, Third-Party Risk Management, NIST SP, HITRUST, HIPPA, ISO 27001/27002, SOC1/2, PCI-DSS. Testing Information Technology Controls and developing security policies/procedures, SOP and guidelines among others. Worked with clients in various industries. Excellent communication skills leveraged to maintain valued relationships while meeting operational demands. Goal-driven Analyst polished in managing and breaking down large volumes of information. Proactive at heading off issues in operations, workflow and production by uncovering trends affecting business success.

Overview

11
11
years of professional experience

Work History

SNR Internal Auditor/Third Party Risk Analyst (Contractor)

KPMG
06.2021 - Current
  • Developing and maintaining policies, procedures, and controls to ensure compliance with SOX ITGC and other regulatory requirements
  • Tracked exceptions to IT policies and procedures and followed up with management approval for implementation
  • Plans, designs, documents, implements, and administrates security controls which safeguard access to information technology services while minimizing risk impacts
  • Act as the subject matter expert for network security, database and related environments to deliver security functions and enhancements
  • Ensure the compliance with regulatory requirements e.g., SOC 1/ 2, ISO 27001/27002
  • Implement and maintain an information technology including security and privacy controls framework
  • Conducts risk assessment to identify potential compliance issues, recommending solutions, and working with process and control owners to remediate findings
  • Serves as subject matter expert for Third-Party Risk management policies and procedures and information security best practices.

IT Internal Auditor/ Risk & Compliance Analyst (Contractor)

Freddie Mac
05.2020 - 06.2021
  • Provided advisory services to clients concerning IT Audits, SOX Audits, SSAE 16 / SOC Audits,
  • Security & Privacy Consulting, Business Continuity, Process Improvement Projects, and Risk
  • Assessments, led team in all phases of the engagement, including project planning, developing project plans, leading teams in to complete tasks, client status reporting, and presenting project results to the client
  • Identifies and recommends appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to a level acceptable to the organization
  • Used GRC tool, Archer, to conduct application assessment and track issues identified during the assessment with supporting mitigations measures, tracked exceptions to IT policies and procedures and followed up with management approval for implementation
  • Participates in the development and enhancement of the Third-Party Risk Management policy, standards, and supporting procedures, with the aim of optimizing our service delivery to the organization while conforming to NIST CSF, NIST 800-53 Moderate Baseline, SOC 1/2, and HITRUST Controls
  • Monitored 3rd party operational risk trends and provided analysis of data and other operational risk metrics using Security Scorecard
  • Supports Customer Sales inquiries on security program matters, responding to security assessment questionnaires, Request for Proposals (RFPs) and security agreements
  • Stays abreast of cybersecurity trends, tools, and techniques, which influence the internal development of client’s Third-Party Risk Management program

DSS Compliance Analyst (Contractor)

Capital One – PCI
06.2018 - 02.2020
  • Facilitating and coordinating PCI assessments
  • Staying up to date on regulatory and compliance requirements with a focus on PCI DSS compliance
  • Coordinate with Privacy / Legal to ensure the overall compliance landscape is well understood and the program captures a complete view of our PCI compliance needs
  • Acted as main point of contact for the receipt of compliance deliverables and artifact
  • Served as primary contact of liaison for external auditors and (QSA)
  • Manages compliance program to ensure all required controls are perform timely by respective control owners in auditable fashion
  • Identifies and analyzes changes to business processes and infrastructure for impact on company’s compliance with PCI and other requirements and provides guidance and recommendations for maintaining secure and compliant environment
  • Created a test plan to determine controls to be tested as well as methods of testing
  • Effectively participated in testing of the IT General Controls.

HIPAA Compliance Analyst

NEWTON MEDICAL CENTER NJ
08.2015 - 01.2018
  • Developing and implementing efficient data collection strategies, providing analytics for both internal and external stakeholders, while maintaining optimum quality and attention to regulatory compliance and HIPAA privacy and security processes
  • Receiving data in various formats and states of completeness and preparing it for validation and upload
  • Informing management of issues and resolutions related to HIPAA processes
  • Helps create privacy policy and procedure, created a simplify the process auditing PHI,HHS, based on
  • NIST 800-66 rev(1)
  • Conducted IT controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with company policy.

Fraud detection Specialist

SHOPRITE, GH
ACCRA
12.2012 - 05.2015
  • Support and lead multiple complex fraud investigations, document findings and report outcome to the senior management
  • Actively anticipate on trends and requirements and provides support for the Company’s global anti- fraud procedures and standards for fraud identification and management of investigations to be the benchmarked
  • Ensure that the investigation activities are executed in accordance with the applicable methodology
  • Analyzing fraud trends (including all channels: in-branch, paper check, electronic, and cyber)
  • Contribute to special projects within the team from time to time to improve our processes.

Education

Bachelor of Computer Programming -

Blue Crest University College

Certified Information System Auditor– (CISA), In Progress -

Skills

  • TECHNICAL SKILLS
  • GRC tools
  • ServiceNow
  • RSA Archer
  • Risk Mitigation
  • Project Management
  • Strategic Planning
  • Statistic Analysis Expertise
  • Information Organization
  • Incident Reporting
  • Team Collaboration and Leadership
  • Security Solutions
  • Relaying Complex Information
  • System Analysis
  • Root Cause Analysis

Timeline

SNR Internal Auditor/Third Party Risk Analyst (Contractor) - KPMG
06.2021 - Current
IT Internal Auditor/ Risk & Compliance Analyst (Contractor) - Freddie Mac
05.2020 - 06.2021
DSS Compliance Analyst (Contractor) - Capital One – PCI
06.2018 - 02.2020
HIPAA Compliance Analyst - NEWTON MEDICAL CENTER NJ
08.2015 - 01.2018
Fraud detection Specialist - SHOPRITE, GH
12.2012 - 05.2015
Blue Crest University College - Bachelor of Computer Programming,
- Certified Information System Auditor– (CISA), In Progress,

Similar Profiles

CREATE PROFILE
Kharlifa Abbey