Auric Andoh

A detail-oriented Security Analyst with 3 years of experience in analyzing and mitigating risks for various entities. Experienced in assessing Third Party Vendor Risk, NIST Risk Management Framework (RMF), System Monitoring, and Regulatory Compliance. Proven project executioner with an aptitude for excellent customer service and communication skills. Researches, interpret, analyze, and apply regulations, policies, procedures, and resolve financial issues.

Vendor Risk Analyst  Oct. 2023 to Present

Navy Federal Credit Union – Remote, Fairfax, VA

• Served as a subject matter expert to identify and address key third party related risks and areas of concern associated with new and existing third parties. 
• Performed Third Party risk assessments using the security controls implemented by the company as a baseline/ guide.
• Performs Third Party risk assessments using the security controls implemented by the company as a baseline/ guide.
• Reviews assessments performed by 3rd party and provide feedback. Define appropriate risk levels and corrective actions for issues identified.
• Engage in post assessment activities including validation of initial findings with management and business unit, follow-up on risk remediation and mitigation as well as process exception for high risk accepted by the business.
• Conducts risk-based audits including all aspects of the audit lifecycle, including risk assessment, planning, client coordination, fieldwork, data analysis, work paper documentation, reporting, and remediation validation, with direction from senior team members.
• Manages scheduling and execution of assessment, document findings and recommendations and provide periodic updates to management.
• Evaluates key information security risks including confidentiality, integrity and availability of technology components through review of. Security operational processes, such as vulnerability management, security logging and monitoring, security incident response, and defense in depth strategies.
• Conducts kickoff meetings with vendors and Third-Party Managers to help identify and understand all technology involved in their service delivery and to also establish the scope of assessment
• Reports on assessment outcomes, risk level and associated recommendations, and present issues to 3rd parties and obtain corrective action plans.
• Assists in providing compliance training to IT audit staff in accordance with the Security awareness training policy and its modules
• Requests, reviews and validates artifacts in the form screenshots and other documentations to close out and audit items.
• Collates conclusions and recommendations and present assessment findings to management regarding the effectiveness and efficiency of control mechanisms.

Willvan Tax Financial – Remote, Duluth, GA

• Conducts third-party cybersecurity risk assessments, applying established criteria; Information gathering, questionnaire administration, receive vendor response, risk assessment, reporting and monitoring – using RSA Archer.
• Performed regular audit testing and provide recommendations.
• Provided recommendations and guidance on identified security and control risks
• Created remediation strategies for weaknesses based on priorities as contained in vulnerability reports
• Coordinated internal and external regulatory IT and Security audits and met with subject matter experts to facilitate reviews
• Worked within Risk Management to ensure cyber assets are assessed via risk-based criteria to provide reasonable assurance that confidentiality, integrity, and availability of data is maintained at all times
• Presented audit progress, findings and recommendations to executive board at quarterly Audit Committee meetings
• Strengthened the confidentiality, integrity, and availability of sensitive data by reviewing vendor data security specifications.
• Assisted with the Tested and identified network and system vulnerabilities, and create counteractive strategies to protect the network
• Conducted efficient and effective IT audit procedures
• Performs Third Party risk assessments using the security controls implemented by the company as a baseline/ guide.
• Reviews assessments performed by 3rd party and provide feedback. Define appropriate risk levels and corrective actions for issues identified.
• Engage in post assessment activities including validation of initial findings with management and business unit, follow-up on risk remediation and mitigation as well as process exception for high risk accepted by the business.
• Conducts risk-based audits including all aspects of the audit lifecycle, including risk assessment, planning, client coordination, fieldwork, data analysis, work paper documentation, reporting, and remediation validation, with direction from senior team members.
• Manages scheduling and execution of assessment, document findings and recommendations and provide periodic updates to management.
• Evaluates key information security risks including confidentiality, integrity and availability of technology components through review of. Security operational processes, such as vulnerability management, security logging and monitoring, security incident response, and defense in depth strategies.
• Conducts kickoff meetings with vendors and Third-Party Managers to help identify and understand all technology involved in their service delivery and to also establish the scope of assessment
• Reports on assessment outcomes, risk level and associated recommendations, and present issues to 3rd parties and obtain corrective action plans.
• Assists in providing compliance training to IT audit staff in accordance with the Security awareness training policy and its modules
• Requests, reviews and validates artifacts in the form screenshots and other documentations to close out and audit items.
• Collates conclusions and recommendations and present assessment findings to management regarding the effectiveness and efficiency of control mechanisms.

Helpdesk Support – Accra, Ghana

• Install and configure wireless networking equipment
• Identified and solved technical issues with a variety of diagnostic tools 
• Remained up to date on the latest technologies & solutions applicable to company products
• Installed software, modified & repaired hardware
• Built & provided basic end-user troubleshooting & desktop support on windows & MAC systems
• Resolved problems with malfunctioning products 
• Provided base level IT support to non-technical personnel within the company
• Used ticketing systems to manage and process actions taken
• Set up PC, laptops and all types of mobile devices
• Maintained Microsoft Active Directory for the specific needs of the company by establishing user accounts, network security, troubleshooting printer issues, back up devices and installing & maintaining systematic Anti-Virus 
• Resolved issues in a clear, courteous and straightforward manner.

Training & Certifications

• Actively working to become a Certified Information Security Auditor (CISA) – Ongoing 
• In the process of writing EC council CND & CEH certification
• Professional Scrum Master 1

Security Technologies: Nessus, Anti-Virus Tools, Web Inspect, Nessus,

Systems: Unix-Based Systems, Windows 7, Windows 10

Networking: LANs, WANs, VPNs, Routers/Switches, Firewalls, TCP/IP

Software/Artifacts: MS Office Suite, MS Project, CSAM, FIPS 199, ATO

Access, SharePoint

Education

Kwame Nkruma University of Science & Technology, Ghana 

Bachelor of Arts – Sociology & Social Work