Samuel Bandoh
New Castle,Delaware
Summary
Skilled Information Security Analyst with over 8 years experience in Information Security system assessment, Risk assessment of General support systems (GSS), Risk management ,Risk Management Framework and assessment ,unauthorized access viruses and a wide range of vulnerabilities and threats and major Applications (MA). Well-versed in IT risk assessment, 3rd Party/ vendor security control assessment and auditing. FISMA, HIPAA, SOX, GLBA, SOC report, and ISO 27001. Experienced in Compliance testing, change management, Incidence Response, Configuration Management, Contingency planning and a wide range of Control measures, NIST 800-53, NIST 800-53A,NIST 800-37, FedRAMP, NIST 800-30,NIST 800-34, NIST 800-18 . Able to thrive in fast-paced and challenging environments where accuracy and efficiency matters.
Overview
10
10
years of professional experience
Work History
Information Security Analyst
Xcel Energy
Amarillo, TX
08.2023 - Current
- Reviews Engagement/Contracts to understand services that is being provided to determine the scope and depth of the assessments based of the inherent risk of the engagements
- Conducts risk assessments for enterprise technologies, products, services and operations based on applicable framework requirements.
- Reviews and validates provided documentations such as SSAE 18 type 1&2 report , vulnerability scan report, ISO 27001, HIPAA, PCI DSS etc. and Conducts an in-depth risk based security assessments of housed, cloud, vendor and third party hosted environments.
- Assesses operational fitness of third parties using SIG by shared assessments questionnaire
- Conducts transition, ongoing monitoring & Oversight of on-boarded engagements including periodic risk re-assessments, business and onsite reviews.
- Documents key third party risk identified in a formal report, escalate control gap findings as necessary to management, present report and make recommendations to key technology and business process stakeholders to promote awareness and determine mitigating control or remediation requirements.
- Ensure that risk discovered during vendors assessment are remediated in reasonable time.
- Facilitates remediation for any third-party related operational issues as needed.
- Acts as a remediation analyst to work with vendors in remediating findings discovered during the onsite/virtual assessment.
- Experience with the use of the GRC tools such as RSA Archer, Servicenow etc.
- Works with management to develop, improve and draft vendor management policies and procedures.
- Develops and implement security policies and procedures.
RMS Compliance Assistance
Rackspace Technology
San Antonio, TX
07.2022 - 08.2023
- Resolved Customer tickets related to agents health failure such as Armor, File Integrity Monitoring (FIM),Intrusion detection Service(IDS), Malware protection, Vulnerability scanning etc.
- Managed the Compliance Assistance(CA) reports due to duplicate policies and scans on customers devices.
- Maintained record of compliance activities, including correspondence and reports.
- Used tools such as Armor,Bessie,Qualys to troubleshoot different issues faced by customers.
- Used Smartsheet and applied Group policies( GPOs) to the customer environments in a manner required by the customer to harden their servers (Window hardening).
Senior Information Security Specialist
Bank of New York Mellon( Oxford Solutions)
Pittsburg, PA
07.2020 - 06.2022
- Performed risk assessments by analyzing questionnaires such as third-party engagement profiles and due diligence evaluations.
- Served as a subject Matter Expert (SME) in key third-party risk domains.
- Evaluated third party control effectiveness and reviewed evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to: ISO 27001, SIG, SOC reports, as well as Privacy, Compliance, Business Resiliency, Cyber and other risk domains.
- Analyzed third-party risk data, including exit strategies and performance scorecards.
- Liaised with key business partners and team members to facilitate risk analysis to identify appropriate criticality of third parties.
- Managed required artifacts, performed quality control reviews, and supported the end-to-end processing of third-party assessments.
- Developed working knowledge of the Bank operations and business services, as needed, to execute due diligence reviews and other risk activities.
- Contributed to the Third-Party Risk & Oversight program execution and adherence, including process enhancements and remediation efforts, as applicable.
Information Security Analyst
Saint Francis Healthcare
Wilmington, Delaware
02.2019 - 06.2020
- Reviewed completed SIG questionnaires based on vendor inherent risk.
- Documented risks and recommendations based on a vendors lack of controls.
- Identified and measure risk associated with vendor security controls.
- Performed Third Party Risk Assessment to assess the effectiveness of vendor's controls against ISO 27001, HIPAA, SOC 2 type 2 report, FedRAMP,HITECH, and Meaningful Use requirements through the use of GRC tools such as Archer.
- Created issues to be entered into servicenow for lack of documentations response by vendors to be remediated.
- Assessed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, organizational and polices safeguards in order to maintain HIPAA compliance based on Office of Civil Right (OCR) protocol, NIST SP 800-66 Rev1 and security controls (NIST SP 800-53).
- Experienced with the Library of NIST's Special Publication (SP) documents such as NIST SP 800-53 Revision 4, Security and privacy controls for Federal Information systems and organization and FIPS 199 for categorization.
- Performed security assessments, Developed, reviewed, and updated Certification and Accreditation (C&A) packages and Authority to Operate (ATO) documentation for systems hosted and owned by the Company.
- Identified opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
- Developed HIPAA compliance reports, documenting auditing findings and development of corrective actions plans.
- Maintained strong working relationships with individuals and groups involved in managing information risks across the organization.
Information Security Risk Analyst
Amazon
Middletwon, DE
08.2017 - 01.2019
- Sustained and improved the enterprise information security risk management framework, policy, processes, and tools
- Managed the risk reporting process with the Director of Information Security Program Management and Chief Information Security Officer (CISO)
- Performed Vendor Risk Assessment to verify the effectiveness of vendor's control measures against ISO 27001, HIPAA, HITECH, through the use of GRC tools
- Documented and reported risk to Vendor Assessment management team, business partners, and vendors
- Developed, implemented, monitored and reported performance measures that demonstrate value and ensure vendor performance
- Managed relationships with security, technology and business stakeholders to identify and communicate security risks and mitigation approaches
- Developed and implement the next-level down risk management processes (process-level, asset-level, etc.), including embedding risk assessments into existing capabilities (architecture reviews, secure design and development, etc.)
- Developed and articulate d the vision, strategy, and direction of the information security risk program
- Worked proactively with the IT compliance function regarding key information security risk considerations
- Researched, identified, and mitigated security threats to information systems.
Information Security Analyst
Graver Technology
Newcastle, DE
01.2014 - 07.2017
- Assisted in the development of key security standards and guidelines by performing an in-depth security assessment for HIPAA, PCI DSS, ISO 27001 and SOX to help gain compliance
- Assessed incoming threats and developed plans to close loopholes
- Performed vendor documentation review and analysis
- Assessed current business practices and identify opportunities to promote effective third party risk management
- Developed System Security Plan (SSP), Security Assessment Report (SAR) and POA&Ms
- Provided professional security engineering and compliance efforts according to, HIPAA, PCI-DSS, Sarbanes Oxley 404, GLBA, regulations to develop security infrastructure monitoring and incident management scorecard reporting systems for executive management review
- Developed and implemented best security standards, and researched on latest security trends
- Coordinated with Departmental agency staff as necessary to provide guidance on the process of conducting risk analysis and computer security reviews, security assessments, the preparation of Disaster Recovery Plans in the Continuity of Operations (COOP) plans, security plans, and the processes involved in the DOL required activities for the Certification and Accreditation of Major Information and General Support Systems (MIS/GSS).
Education
MBA: Masters Business Administration -
University of Bologna
Bachelor of Science: Science And Technology -
Kwame Nkrumah University of Science And Technology
Certification Training: Information Security -
Omibia Information Technology
Skills
- Team coordination
- Project evaluations
- Experienced with the use of Archer RSA
- Experienced using ServiceNow
- Exceptional communication skills
- Experienced with SharePoint
- Vendor Risk assessment
- Team player mentality
- Risk assessments
- Information gathering
- Analysis and reporting
- Meticulous attention to detail
- SQL server Database Analysis
- Experienced in Disaster recovery and Business Continuity solutions
- Experienced with the use of the following regulations and standards: FISMA, NIST, FedRAMP, HIPAA, ISO 27001, PCI DSS, SOX etc
Accomplishments
- International Student Scholarship Award winner 2012, Bologna-Italy, Member of Society of Technology and Petroleum Engineers
Timeline
Information Security Analyst
Xcel Energy
08.2023 - Current
RMS Compliance Assistance
Rackspace Technology
07.2022 - 08.2023
Senior Information Security Specialist
Bank of New York Mellon( Oxford Solutions)
07.2020 - 06.2022
Information Security Analyst
Saint Francis Healthcare
02.2019 - 06.2020
Information Security Risk Analyst
Amazon
08.2017 - 01.2019
Information Security Analyst
Graver Technology
01.2014 - 07.2017
MBA: Masters Business Administration -
University of Bologna
Bachelor of Science: Science And Technology -
Kwame Nkrumah University of Science And Technology
Certification Training: Information Security -
Omibia Information Technology
Similar Profiles
Jeremy CarneyJeremy Carney
Power Plant Operator at Xcel EnergyPower Plant Operator at Xcel Energy
Jordan AlexandropoulosJordan Alexandropoulos
Utilities Lead at Xcel EnergyUtilities Lead at Xcel Energy
Clay PeckmanClay Peckman
Foreman at Xcel EnergyForeman at Xcel Energy
Jocelyn MartinezJocelyn Martinez
Customer Service Representative at Xcel EnergyCustomer Service Representative at Xcel Energy
Shirley CaleShirley Cale
Customer Service Representative at Hospital Billing & Collection ServicesCustomer Service Representative at Hospital Billing & Collection Services