Oduro Appau
Manchester,Connecticut
Summary
A highly qualified, dedicated, and results-driven Information Security and Third-Party Risk Management Professional with 7+ years of experience in Security and Risk Management. Committed to strategic planning and the achievement of large-scale goals while maintaining the highest levels of integrity and respect. Uses advanced technical and business knowledge to streamline processes. Capable of leading cross-functional teams in high-pressure and deadline-driven environment.
Overview
15
15
years of professional experience
Work History
IT VENDOR MANAGER/THIRD PARTY RISK ANALYST
AbbVie Inc, (US Tech Solution)
11.2019 - Current
- Onboarded new vendors / new contracts for existing vendors
- Reviewed third-party responses and communicated questions to relevant stakeholders
- Aided in the preparation of necessary documentation for the Cybersecurity TPRM program
- Performed periodic performance and risk assessments on existing vendors
- Facilitated remediation of any third-party related operational issues
- Validates risks and controls; prepare accurate, complete, clear, and timely risk assessment supporting evidence adequacy and effectiveness of the system of internal controls for assigned vendor
- Ensured new third-party due diligence and supporting documents are properly captured in the Vendor Information Management (VIM) system
- Offboarded of existing Vendors and Vendor-contracts
- Facilitated the execution of Master Services Agreements (MSAs), Software Licensing Agreements (SLAs), and Professional Services Agreements (PSAs)
- Followed up on assessment deficiencies to ensure corrective actions are implemented and completed on time
- Kept an eye on open third-party security issues and remediation actions related to security control gaps to ensure their timely closure
- Facilitated the Execution of Non-Disclosure Agreements (NDAs)
- Provides follow-through on assessment deficiencies to assure corrective actions are implemented and completed as expected
- Monitor open third-party security issues and remediation actions associated with security control gaps to ensure timely closure
- Continuously work to improve the overall Third-Party Risk Management Program
- Manages the vendor performance scorecard application and facilitates the completion of required scorecard surveys for all critical and high-risk vendors, as well as escalating as necessary
- Responsible for ensuring that QBRs are scheduled and conducted at the end of each quarter and that their occurrence is recorded in Venminder's SLA Management section.
- Reviewed contracts and agreements to identify potential risks and ideal mitigation strategies.
CONSULTANT, IT RISK ANALYST
FUTURE TECHNOLOGIES
09.2015 - 09.2019
- Worked together with the TPRM team and stakeholders to review the assessment and escalate any issues
- Conducted formal end to end Information Security Risk Assessments (review of questionnaires, third party security audit reports and evidence.)
- Reviewed existing/new third-party services and data in scope of the assessment and analyze engagement risk ratings
- Documented assessment template and score the assessment with an overall rating
- Maintained an inventory of approved vendors and reassess them based on their risk rating
- Developed standard procedure for conducting third-party risk assessment, and document as part of the TPRM process documents
- Escalated issues of non-compliance to management for executive action and risk management decisions
- Promoted enterprise-level risk management practices and helped instill strong culture focused on protective policies and procedures.
RISK ANALYST
INFOSOURCE GHANA LIMITED
08.2012 - 11.2014
- Assessed potential risks to company's business objectives using ISO 27001 Standard
- Performed risk evaluation comparing potential risks with criteria set out by the company such as costs and legal requirements
- Monitored implemented risk control measures
- Conducted policy, process, and compliance audits
- Reviewed and regularly updated policies with team members
- Provided Risk reports tailored to relevant audiences
- Assisted with creation of business continuity plans
- Maintained and updated company risk register
- Facilitated risk awareness education amongst staff
- Assisted in implementation of comprehensive risk oversight program to identify, assess, manage, and monitor risks
- Participated in reviewing processes and procedures
- Managed and tracked outstanding IT remediation items in the risk management system to ensure timely completion
- Involved in security incident management to resolve events that had the potential to impact the confidentiality, availability, or integrity of information technology resources.
CABLE TECHNICIAN
VODAFONE GHANA
06.2009 - 09.2012
- Installed, disconnect, and troubleshoot Vodafone products, including high-speed internet, telephony, and automation services
- Ensured quality of services provided to customers met established industry and company performance standards and is compliant with all applicable national, state, and local laws and regulations
- Shared our amazing products with our customers, how to use them, and what upgrades are available
- Tested cables using tools such as volt-OHM meters, spectrum analyzers and signal level meters
- Completed new connects, reconnects, disconnects and service changes for residential and commercial customers and regulations
- Shared our amazing products with our customers, how to use them, and what upgrades are available.
- Enhanced network performance for clients through regular maintenance and system upgrades.
Education
Third-Party Risk Management - Trained -
Third-Party Risk Management - Trained
CT02.2021
CompTIA Security+ - Certified -
CompTIA
CT02.2021
GED -
CISSP
CT01.2025
Bachelor of Science - Information And Communication Technology
Presbyterian University College
Abertifi, Ghana12.2014
Ghana Telecom Training School, Accra, Ghana - Diploma, Telecommunication Engineering
Ghana Telecom Training School, Accra, Ghana
Ghana01.2000
Skills
- Adaptability
- Analytical skills
- Multitasking abilities
- Teamwork
- Effective Communication
- Growth mindset
- MS Office
- Risk mitigation strategies
- SharePoint
- Business Continuity
- Risk Assessment
- Vendor Risk Management
- Contract Review
- Venminder
- ServiceNow
- CCPA
- GDPR
- NYCRR
- NIST 800-53
- NIST SP 800-60
- ISO 27001/ISO 27002
- SOC 2 Type 2
- PCI-DSS
- SIG
Timeline
IT VENDOR MANAGER/THIRD PARTY RISK ANALYST
AbbVie Inc, (US Tech Solution)
11.2019 - Current
CONSULTANT, IT RISK ANALYST
FUTURE TECHNOLOGIES
09.2015 - 09.2019
RISK ANALYST
INFOSOURCE GHANA LIMITED
08.2012 - 11.2014
CABLE TECHNICIAN
VODAFONE GHANA
06.2009 - 09.2012
Third-Party Risk Management - Trained -
Third-Party Risk Management - Trained
CompTIA Security+ - Certified -
CompTIA
GED -
CISSP
Bachelor of Science - Information And Communication Technology
Presbyterian University College
Ghana Telecom Training School, Accra, Ghana - Diploma, Telecommunication Engineering
Ghana Telecom Training School, Accra, Ghana
Similar Profiles
Oluwatosin Mary OyedeleOluwatosin Mary Oyedele
Risk Management Lead at US Tech SolutionRisk Management Lead at US Tech Solution
Arlene SawyerArlene Sawyer
Case management at AbbVie/Pharmacy SolutionCase management at AbbVie/Pharmacy Solution
Nfofuh CynthiaNfofuh Cynthia
Secetary at Global Build-Tech SolutionSecetary at Global Build-Tech Solution
Erin HawkinsErin Hawkins
Administrative Specialist at Suffield Medical AssociatesAdministrative Specialist at Suffield Medical Associates
Carnetta MartinCarnetta Martin
Volunteer at American Red CrossVolunteer at American Red Cross