SAMPSON OPOKU
Cincinnati
Summary
GRC-focused cybersecurity professional with graduate-level training in Information Security and strong hands-on experience with the NIST RMF and NIST SP 800-53. Skilled in risk assessment, control validation, and compliance monitoring across regulated environments, with working knowledge of HIPAA, PCI DSS, FISMA, and FedRAMP.
Overview
5
5
years of professional experience
1
1
Certification
Work History
GRC Analyst
UPS
05.2023 - 11.2025
- Supported the implementation and operation of an enterprise Governance, Risk, and Compliance (GRC) program using the NIST Risk Management Framework (RMF), with security controls selected and tailored from NIST SP 800-53.
- Conducted system and organizational risk assessments in accordance with RMF processes, including control selection, implementation review, and ongoing risk monitoring.
- Assisted with control documentation, assessment, and evidence collection for audits aligned with SOX and PCI-DSS, ensuring compliance with regulatory requirements.
- Collaborated with Legal, IT, and Security stakeholders to review, update, and maintain security and privacy policies, ensuring alignment with NIST 800-53 control families and data protection regulations.
- Supported continuous monitoring activities, including risk tracking, compliance reporting, and control effectiveness reviews.
- Contributed to the development and delivery of security and compliance awareness training, strengthening organizational understanding of RMF and control responsibilities.
Information Security Analyst (IT Security s Compliance Analyst)
Region Bank
12.2020 - 04.2023
- Assisted in performing compliance audits against frameworks like NIST and ISO 27001.
- Conducted internal risk assessments and supported the development of mitigation plans.
- Reviewed and updated security policies to meet evolving regulatory requirements.
- Collaborated with IT and legal teams to ensure proper data governance and privacy measures.
- Participated in incident response drills and documented process improvements.
Education
Master of Science - Information Systems (Information Security Concentration)
Murray State University
Murray, KentuckyBachelor of Science - Computer Science
Kwame Nkrumah University of Science and Technology
Kumasi, GhanaSkills
- Regulatory Compliance (NIST, ISO 27001, GDPR, HIPAA)
- Risk Assessment Mitigation
- IT Governance Controls
- Incident Response Reporting
- Policy Development Enforcement
- Network Security Configuration
- Audit Preparation Documentation
- Security Awareness Training
- Data Loss Prevention (DLP)
- Vulnerability Management Tools
- Microsoft office
- Analytical thinking
- MS Excel
- Time management
- Team collaboration and leadership
- Documentation and reporting
- Attention to detail
- Critical thinking
- Information gathering
- Decision-making
- Data processing
- Risk analysis
- Report preparation
- Compliance analysis
- Audit support
- Incident reporting
Websites
Certification
- CISA- Certified Information System Auditor
- CompTIA Security+
- CISCO Certified Network Associate (CCNA)
LANGUAGE
English, French and Ghanaian Language
Interests
- Team Sports
- High-Intensity Interval Training
Timeline
GRC Analyst
UPS
05.2023 - 11.2025
Information Security Analyst (IT Security s Compliance Analyst)
Region Bank
12.2020 - 04.2023
Bachelor of Science - Computer Science
Kwame Nkrumah University of Science and Technology
Master of Science - Information Systems (Information Security Concentration)
Murray State University