Profiles search

Matilda Agyei, BSc, CISM, CISA, CompTIA Security plus.

Senior Information Security Analyst | GRC | Vendor Risk Management | Security | Compliance | Penetration Testing | Vulnerability Management | Incident Response |
Katy, TX, United States

Details

Experience: • Own Vendor Risk Management Program, performs risk and control assessments on vendors to validate responses to questionnaires in relation to evidence such as SOC Reports, Pentest report, Vulnerability scan, Infosec Policies and Procedures, DRC/BCP Plans, Incident Response Plan, Data Classification policy etc.

• Collaborated with Vendors in adapting practices, policies, and procedures to conform to ISO 27001, NIST and HIPAA standards.

• Communicated threats to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.

• Own Security portion of RFPs and RFIs from customers, New Software Solution Review and coordinate with other departments to obtain answers for questions outside of security, such as those from Engineering and Product teams.

• Own and manages company-wide Risk Register and SIG register. Create, Manage Risk, and update registry.

• Complete SOC 1 and SOC 2 Type 2 reviews for vendors at stakeholder’s request to enhance our security and compliance capabilities.

• Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls.

• Prepare and complete remediation action plans; assist with resolving problems; identify trends; determine system improvements and driving needed change.

• Review security agreements and contracts for non-compliant security language with the Legal team.

• Support ongoing maintenance of compliances and assist with Data Protection Impact Analysis.

• Create, Review, and update IT and Security related policies & procedures.

• Coordinate and assist with ISO27001 external audit.

• Act as a liaison between Auditors and control owners during walkthrough testing of controls. Proactively identify security problems, monitor performance trends, perform upgrades, and make recommendations to respective BU.

• Facilitate/Assist security awareness and training for work force using tools like KnowBe4.

2018 : Present

Experitest (now Digital.ai)

Snr Information Security Analyst

• Conducted security assessment on infrastructures, applications, and networks for compliance.

• Performed GDPR Data Privacy Impact Assessment

• Prepared and completed remediation action plans; assisted with resolving problems; identified trends; determined system improvements and driving needed change.

• Performed assessments and wrote reviews of management, operational and technical security controls for applications and information systems.

2014 : 2018

BLESSED HOME HEALTH SERVICES

Information Security & Compliance Analyst

• Conducted security assessment on infrastructures, applications, and networks for compliance.

• Performed GDPR Data Privacy Impact Assessment and Data Mapping

• Prepared and completed remediation action plans; assisted with resolving problems; identified trends; determined system improvements and driving needed change.

• Performed assessments and wrote reviews of management, operational and technical security controls for applications and information systems.

• Assessed systems for compliance against security policies and standards and conducted gap analyses.

• Planned development to include assessment and understanding of system safeguards, security provisioning and disaster preparedness and test plans.

• Maintained up to date on regulations and industry best practices

2009 : 2014

Ghana Health Service

Information Security Specialist

• Deployed laptops and desktops to a user's physical location and provide physical installation of hardware and peripherals (e.g. docking stations, CAC readers).

• Provide hardware and software problem resolution for end users.

• Load special software and drivers and map drives as needed.

• Train users on the basics of Windows and VDI (via Citrix).

• Perform job requirements and provide customer service with minimal supervision.

• Clearly communicate technical solutions in a user-friendly, professional manner.

2007 : 2008

Ghana Health Service

End User Support Technician Intern
Company: Experitest (now Digital.ai)

About

With over 8 years of experience in information security, I am passionate about protecting data and systems from cyber threats and ensuring compliance with industry standards and regulations. I have a strong background in vendor risk management, security assessments, SOC reviews, RFPs/RFIs, and ISO 27001 certification. I am currently a Senior Information Security Analyst at Digital.ai, a leading software company that enables enterprises to deliver value faster and more securely.



At Digital.ai, I own the Vendor Risk Management Program, where I perform risk and control assessments on vendors, communicate threats to stakeholders, and collaborate with vendors to adapt their practices, policies, and procedures to conform to ISO 27001, NIST, and HIPAA standards. I also own the security portion of RFPs and RFIs from customers, and coordinate with other departments to obtain answers for questions outside of security. Additionally, I manage the company-wide Risk Register and SIG register, create and update IT and Security related policies and procedures, and coordinate and assist with ISO27001 external audit. I leverage my skills in security, information security, and risk assessment to secure Digital.ai's data and systems, and support its ongoing maintenance of compliance.