Profiles search
Ebenezer Ackah MBA, CISA , CEH, CTPRA
Snr. Information Security Analyst
Trenton, NJ, United States
Details
Experience:
2022 : Present
TD Securities
Senior Information Security Analyst
• Performs IT audit and reviews due diligence documentation from various Payment Card Industry vendors included but not limited to VISA, DISCOVER, American Express and MasterCard
• Assists with the assessment of both new and current vendors to ensure they are compliant
• Coordinates and conducts phone and in-person interviews with vendors on behalf of the company
• Updates and maintains client documentation related to various vendor assessments
• Recognizes, identifies, categorizes, and evaluate risks within the provided framework
• Utilizes vendor responses and documentation, identifies risks and discrepancies, and remediates them
• Makes recommendations regarding vendor's assessed status, discrepancies based upon audit findings
• Leads and participates in all related audit-like activities consistent with the internal IT Risk assessment policy and procedure
• Creates, updates, and maintains new documentation to provide utmost clarity due diligence activities
• Participates in all quarterly vendor review committee meetings to review all high and above average vendors and potential vendor issue
• Functions as the subject matter expert for all audits performed by external clients.
• Assists in the annual review of compliance and privacy programs including process, standards, and policy
• Collaborates with the managers, directors, other key partners to manage security risks within the organization
2021 : 2022
Bessemer Trust
Information Security Analyst
• Conducted risk assessment and formulated a road map for risk mitigation
• Assessed business practices and identified opportunities to promote third-party risk management
• Documented and reported all risk issues to vendor assessment management team and business partners
• Built a strong physical and technical security controls from ground up
• Developed and implemented new IT Security Policies to meet NIST standards
• Selected baseline security control requirements for systems based on NIST SP 800-guidance
• Assisted with collection of documentation from stakeholders to close POA&M items
• Prepared and maintained security documentation (SSP/ RA/ CP/ PIA/ FIPS) categorization
• Assists in the development of security education and awareness program within the organization
2018 : 2021
Sage
Information Security Analyst
• Managed and led PCI-DSS remediation in preparation for a Level 2 merchant PCI self-assessment
• Conducted kick off meetings with stakeholders to gather systems information on information type, boundary, inventory and categorize systems based on NIST SP 800-60
• Conducted security control assessments to assess the adequacy of controls
• Created and maintained documentation supporting client’s disaster recovery and business continuation programs and objectives
• Worked across the Global IT organization to ensure compliance activities were performed as required by PCI-DSS 3.1
• Performed PCI-DSS assessments, scoping, gap analysis, readiness reviews for clients
• Developed KPI to highlight top cyber risks for the organization and KPI that demonstrate success of the security program along with its alignment to NIST and industry best practices
2016 : 2018
Kairos Vision Consult
Information Security Analyst
• Generated monthly vulnerability reports and distributes them to respective parties within the organization
• Reviewed, investigated, and escalated all security alerts required
• Managed all system access request and the installation of all mandatory updates for users within organization to ensure all applications and systems were up to date and compliant
• Implemented and troubleshoot the Thick Client program and server system
• Evaluated and resolved all hardware, network, and software issues to ensure efficiency and high performance
• Participated in the implementation of IT security best practices, solutions, and platforms to minimize security threats
• Maintained and updated all IT Reports, technical support, and policy documentation
• Researched, proposed, and implemented new IT-related solutions to promote efficiency and minimize security risk within the organization
2015 : 2015
Kairos Vision Consult
IT Help Desk and Security Analyst
TD Securities
Senior Information Security Analyst
• Performs IT audit and reviews due diligence documentation from various Payment Card Industry vendors included but not limited to VISA, DISCOVER, American Express and MasterCard
• Assists with the assessment of both new and current vendors to ensure they are compliant
• Coordinates and conducts phone and in-person interviews with vendors on behalf of the company
• Updates and maintains client documentation related to various vendor assessments
• Recognizes, identifies, categorizes, and evaluate risks within the provided framework
• Utilizes vendor responses and documentation, identifies risks and discrepancies, and remediates them
• Makes recommendations regarding vendor's assessed status, discrepancies based upon audit findings
• Leads and participates in all related audit-like activities consistent with the internal IT Risk assessment policy and procedure
• Creates, updates, and maintains new documentation to provide utmost clarity due diligence activities
• Participates in all quarterly vendor review committee meetings to review all high and above average vendors and potential vendor issue
• Functions as the subject matter expert for all audits performed by external clients.
• Assists in the annual review of compliance and privacy programs including process, standards, and policy
• Collaborates with the managers, directors, other key partners to manage security risks within the organization
2021 : 2022
Bessemer Trust
Information Security Analyst
• Conducted risk assessment and formulated a road map for risk mitigation
• Assessed business practices and identified opportunities to promote third-party risk management
• Documented and reported all risk issues to vendor assessment management team and business partners
• Built a strong physical and technical security controls from ground up
• Developed and implemented new IT Security Policies to meet NIST standards
• Selected baseline security control requirements for systems based on NIST SP 800-guidance
• Assisted with collection of documentation from stakeholders to close POA&M items
• Prepared and maintained security documentation (SSP/ RA/ CP/ PIA/ FIPS) categorization
• Assists in the development of security education and awareness program within the organization
2018 : 2021
Sage
Information Security Analyst
• Managed and led PCI-DSS remediation in preparation for a Level 2 merchant PCI self-assessment
• Conducted kick off meetings with stakeholders to gather systems information on information type, boundary, inventory and categorize systems based on NIST SP 800-60
• Conducted security control assessments to assess the adequacy of controls
• Created and maintained documentation supporting client’s disaster recovery and business continuation programs and objectives
• Worked across the Global IT organization to ensure compliance activities were performed as required by PCI-DSS 3.1
• Performed PCI-DSS assessments, scoping, gap analysis, readiness reviews for clients
• Developed KPI to highlight top cyber risks for the organization and KPI that demonstrate success of the security program along with its alignment to NIST and industry best practices
2016 : 2018
Kairos Vision Consult
Information Security Analyst
• Generated monthly vulnerability reports and distributes them to respective parties within the organization
• Reviewed, investigated, and escalated all security alerts required
• Managed all system access request and the installation of all mandatory updates for users within organization to ensure all applications and systems were up to date and compliant
• Implemented and troubleshoot the Thick Client program and server system
• Evaluated and resolved all hardware, network, and software issues to ensure efficiency and high performance
• Participated in the implementation of IT security best practices, solutions, and platforms to minimize security threats
• Maintained and updated all IT Reports, technical support, and policy documentation
• Researched, proposed, and implemented new IT-related solutions to promote efficiency and minimize security risk within the organization
2015 : 2015
Kairos Vision Consult
IT Help Desk and Security Analyst
Company:
TD Securities
About
Self-motivated and organized IT Security, Compliance, and Controls professional with over 8 years of experience in third party risk management, internal controls assessment, information security, risk management coupled with development of information security policies, standards, and procedures with focus on privacy and regulatory compliance.
Solid background with testing internal controls, IT General controls, Sarbanes-Oxley (SOX) audit, SOC 2, and IT Control frameworks with emphasis on delivering solutions to meet business objectives
I'm always looking for opportunities to contribute my knowledge and insight to helping and protecting my organization and Information Technology Systems
Profile Photo
