Summary
Overview
Work History
Education
Skills
Frameworks
Timeline
Generic

Prince Boateng

Clarksville,Tn.

Summary

Goal-oriented IT professional with significant success in planning, analyzing and implementing of security plans and initiatives. Excel in developing comprehensive, secure network designs and systems.

Overview

7
7
years of professional experience

Work History

Information Security Analyst

Syracuse University
Clarksville, Tn.
08.2022 - Current
  • Oversee internal risk management initiatives and Risk Assessment platform
  • Conducted third-party risk assessments using ISO 27001/27002, SSAE 18, SOC 2 Type II, and other relevant frameworks and standards to identify security risks in relation to company policies and compliance activities
  • Utilized NIST RMF, NIST 800-53, NIST 800-60, NIST 800-37, and FIPS 199 to perform risk and control assessments for all high-risk third-party service providers, ensuring the effectiveness of their control systems
  • Recommended compensating controls or communicated findings to IT management to effectively remediate identified security weaknesses in compliance with HIPAA, FISMA, PCI DSS, CCPA, GDPR, and other applicable regulations
  • Reviewed SOX controls to ensure they were performed as required and adhered to established policies and standards
  • Contributed to safeguarding the organization’s information by assessing and mitigating enterprise and business exposures and evaluating alignment with risk strategy and appetite, using COBIT as a guide
  • Performed Gap assessments on necessary compliance requirements
  • Leveraged Security Scorecard to obtain comprehensive insights into vendor security postures and proactively identify and address potential risks, utilizing the assessment results to inform risk management decisions and prioritize vendor engagement efforts
  • Provided consulting support to business partners, Internal Audit, and Examiners relative to the full range of vendor management requirements.

Electronics Technician

US ARMY
Fort Campbell, KY
03.2019 - 08.2022
  • Assisted in removal and replacement of electronics using appropriate support equipment
  • Created over 70 comprehensive reports documenting test results and recommended solutions for complex problems
  • Informed management of potential electrical or mechanical problems to reduce inherent dangers
  • Researched new technologies that could be utilized in development of advanced electronic systems
  • Analyzed technical drawings, schematics and diagrams to identify errors or discrepancies in design process
  • Used technical manuals and manufacturers' bulletins to perform maintenance, troubleshooting, or corrective repairs.

Information Security Analyst

SyCom Technology
Richmond, VA
04.2017 - 03.2019
  • Perform risk assessments, review vendor data flow diagrams, and analyze points of data feeds, security features, and system integration on vendor cloud applications and services being procured
  • Review vendor security attestations (SOC 2 Type II, AoC, ISO 27001 NIST, etc.), policies and procedures, and reports provided by vendors
  • Managed compliance with FedRAMP, HIPAA, ISO 27001, NIST, and SOC 2 Type II requirements in fast-paced environments
  • Reviewed regulatory reports, SOC reports, certificates of insurance, and other reports associated with vendors included in the vendor program, utilizing the guidance provided by NIST 800-53, FIPS 199, and other applicable standards, and escalated issues to the appropriate individuals
  • Assisted with incident response efforts, including conducting forensic analysis and collaborating with law enforcement agencies as needed, while adhering to PCI DSS, NIST 800-61, and other applicable frameworks
  • Uses SIG (Standardized Information Gathering) questionnaire, Cloud Security Alliance control matrix
  • Led the management and oversight of overall vendor portfolio planning, relationship management processes, governance, compliance standards, and complete risk analysis for onsite assessments, using ISO 27001/27002, NIST 800-53, NIST 800-37, and other relevant frameworks as guides
  • Ensured all vendor relationships were documented in the vendor risk management system (VRM) system and all contracts related to vendors that provided outsourced services were uploaded in the system, while adhering to CCPA and other applicable standards
  • Engaged with service providers to obtain due diligence reports and evidence of control operation, utilizing SOC 2 Type II and other relevant frameworks to assess the effectiveness of their control systems
  • Document findings, engaged in remediation, and did follow ups to ensure identified gaps were remediated
  • Utilized Tenable to monitor for overdue vulnerabilities across vendor systems, providing system owners with timely notifications and collaborating with them to develop and implement effective remediation plans in accordance with established risk management protocols.

Education

Bachelor of Science in Cyber Security -

American Military University
07.2023

Skills

  • JIRA
  • Confluence
  • Whistic
  • Google Suite
  • Microsoft Azure
  • SIEM: Microsoft Azure Sentinel
  • Cloud Computing: AWS
  • Endpoint Security: Falcon CrowdStrike
  • Vulnerability scanners
  • Sales
  • Internal Security Assessments
  • Monitoring/security
  • Re-assessment on vendors

Frameworks

  • HIPAA
  • ISO 27001/27002
  • NIST SP 800-30 guidelines
  • Health Insurance Portability and Accountability Act (HIPAA)
  • PCI DSS
  • NIST 800-53
  • 800-60
  • FIPS 199 Publications
  • COBIT
  • CCPA
  • GDPR

Timeline

Information Security Analyst

Syracuse University
08.2022 - Current

Electronics Technician

US ARMY
03.2019 - 08.2022

Information Security Analyst

SyCom Technology
04.2017 - 03.2019

Bachelor of Science in Cyber Security -

American Military University

Similar Profiles

CREATE PROFILE
Prince Boateng