Michael Asuquo

anage and update company Policies, Procedures and Controls implementation to ensure Laws and Regulation are respected.

• Work in collaboration with Stakeholders to create new Policies that meet Company requirements.
• Create monitor and submit policies exceptions for closure for activities that occurred and are against Company 's procedures.
• Assist in internal and external Audits activities, by acting as a Liaison, preparing meetings, gathering documentation and evidences and assisting during controls review.
• Work on findings identified by Auditors in Audits reports such as SOC1, 2 .
• Partake in Company Business continuity and running Tabletop exercises for IRP, CP and DR plan.
• Conduct Cyber-training programs for new and existing employees, and conducting campaigns such as Phishing on a quarterly basic.
• Prepare Company for yearly ISO 27001 Compliance Certification
• Provide monthly reporting to Upper Management in regards to environment cyber posture.
• Develop corrective action plans for vulnerabilities identified, and work with SMEs to develop remediation plans.

• Provided oversight and reporting of third party by utilizing data and facts during evaluation process to satisfy regulatory
  Utilize vendor management system to document risk ratings on all vendors
• Assessed inherent risk on vendors during Relationship review to ensure proper tier of Vendors
• Collaborated with vendor's relationship owner to ensure information are corrected and valid in GRC Archer.
• Conducted performance management with Business Unit to prevent services disruption or interruption
• Conducted Security Assessment of all engaged Vendors by sending SIGs questionnaires to third Parties with security documentation request.
• Stratified third parties based on risk to organization and
  performed SaaS assessments for all software vendors.
• Actively managed all assessment deadlines by coordinating execution with both external third party and internal business partners.
• Coordinated with external vendors to enhance and operate third party risk management program.
• Responded to assessment and audit requests from clients.
• Coordinated and managed internal and external assessment requests.
• Reviewed information security requirements for both new and existing contractual agreements with outside parties
• Reviewed contractual agreements with new, current, and prospective clients.
• Updated and reviewed Information Security policies and procedures
  Review and enhance Technology and Security systems, processes, and tools to identify, track, and reduce risk within firm.
• Prepared Reports and documentation process.
• Reviewed controls population in SOC 2 type 2 and ensure CUECs are
  implemented.
• Uncovered risks and document controls in line with our risk appetite
• Documented findings and recommend risk mitigation plans for risks and controls.
• Managed timely completion of information requests for third party
  products/services.
• Led or contribute to strategic projects to enhance overall effectiveness of program.

• Designed company-wide policies to bring operations in line with Center for Internet Security (CIS) standards.
• Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
• Reviewed violations of computer security procedures and developed mitigation plans.
• Monitored computer virus reports to determine when to update virus protection systems.
• Supported various systems on-prem and Cloud using NIST 800-37 and FEDRAMP compliance.
• Created A&A documentation such as SSP, SORN, PTA FIPS 199 as part of Risk Management Framework.
• Developed POA&Ms and ensure Milestones are met.
• Conducted Categorization, Control Selection and Implementation prior to Assessment.
• Prepared systems for Assessment and Authorization process.
• Conducted continuous monitoring and ensure that change, configuration, risk and vulnerability management using NIST 800-137 as guide.
• Scheduled, ran and collected scans results and ensured that POA&Ms are created.
• Created and updated Systems wide Policies and Procedures.