Angela Musah

Self-driven Cybersecurity Analyst with a proven record of industry experience looking to display my strong skills in a company. NIST-based system security assessments, continuous monitoring, and other Assessment and Authorization (A&A) activities.

Experience building Third-party risk program, working knowledge, and understanding of Information Security Frameworks/Standards (ISO27001, NIST, PCI, HITRUST etc.), Vulnerability Management and regulatory Framework such as NIST 800 Series, FedRAMP.

Experience in IT security compliance, including demonstrated experience by documenting policies and IT security artifacts in accordance with NIST.

Risk Management

Framework, Authorization to Operate (ATO) documentation, Security control assessment (SCA). Exceptional communication skills and ability to thrive in a challenging, fast-paced and deadline driven environment. In addition, experienced in brainstorming ideas with the Subject Matter Experts to identify requirements and communicate them with the team in a distributed work environment.

Information Security & Risk Management Consultant - Unum - USA, Ireland, Poland, United Kingdom

(2023-02 - 2026-05)

Support the global third-party risk / vendor management program across USA, Ireland, Poland, and United Kingdom.

• Conduct thorough security assessments of third-party vendors, suppliers, and partners to evaluate their compliance with established security policies, regulations, and industry best practices.
• Assessment focus included Risk Management, Physical Security, Identity & Access Management, Encryption, Network & Application Security, Secure Development, Incident Management, Security Infrastructure, and Security Policies.
• Review and validate vendor documentation, including SOC reports, ISO 27001 (Attestation of Applicability), PCI-DSS (AOC, ROC), Internal Vulnerability scan report, External Pen-test report, Certification, security policies and procedures documentation.
• Collaborate with cross-functional teams, including legal, procurement, IT, and business units, to gather necessary information and ensure compliance with risk management processes.
• Work closely with business stakeholder to confirm the details and scope of the third-party engagements.
• Using BlackKite for continuous monitoring, document third party risk findings, track findings to closure, perform ongoing monitoring of third parties.
• Partner with Threat Intelligence, Attack Surface Management and TPRM team to ensure unified risk strategy and visibility on vulnerabilities and data breaches alerts.
• Stay abreast of security and regulatory trends, new guidelines, technology, and internal policy modifications to identify new key risk areas.
• Assists with third party risk requests in support of internal audits and external regulatory exams as required.
• Contribute to third-party risk management program improvement.
• Ability to work independently and manage multiple vendor relationships simultaneously.

Governance, Risk & Compliance (GRC) Analyst - DelekUS (Oil Refinery) - Brentwood, TN

(2021-07 - 2022-12)

• Built and managed DelekUS Vendor Risk Management (VRM) Program.
• Partnered with vendor managers/ Relationship Managers to assist with training and development as well as providing oversight, monitoring, and reporting.
• Ensured assessments within the company are in accordance with known industry frameworks (i.e., ISO, NIST).
• Prepared and presented reports, summaries, and metrics on third-party security assessments to stakeholders and senior management, highlighting key findings and recommendations.
• Development and enhancement of third-party due diligence policies, procedures, and frameworks to continually improve the effectiveness and efficiency of risk assessment processes.
• Provided training and guidance to internal teams on third-party risk management best practices and procedures.
• Stayed updated with emerging trends, regulatory changes, and industry standards related to third-party risk management, and incorporate them into risk assessment processes and practices.
• Coordinated PCI DSS Compliance Audit activities including support of IT internal audits, walkthroughs, testing, documentation of findings, issue remediation, and continuous improvement.
• Remediation analyst to ensure all gaps discovered during the assessment are remediated or mitigated timely.
• Established close working relationships with key business and corporate partners; particularly, outsourcing management, business resiliency, compliance, information security, privacy, legal, Internal Audit and line-of-business vendor management leads.
• Designed and constantly upgrading vendor questionnaires to ensure all areas of new threats discovered are covered.
• Oversee and maintain risk register, ensuring timely resolutions of open risks.
• Perform other duties as assigned.

Pharmacy Application Analyst - Medstar Washington Hospital

(2020-03 - 2021-07)

• Supported compliance efforts and internal auditing.
• Utilized MyCSF for HITRUST Compliance assessment.
• Facilitated annual FISMA audit requests, both internal and externally.
• Managed security controls assessments including kickoff, submission of deliverables, final report, and executive briefing.
• Assessed security controls in accordance with NIST SP 800-53 for associated systems.
• Followed up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure appropriate remediation measures have been achieved timely.
• Managed and utilized dashboards and reporting to meet regulatory and ongoing monitoring requirements for the TPRM program.
• Supported the department Information Security Management System (ISMS) including Monthly Meetings, Internal Audits, and other components of an ISO compliant function.
• Supported security assessment and authorization (SA&A) activities as required, including performing risk/vulnerability analysis, assessment of security controls, preparing security assessment reports and POA&Ms as needed.
• POAM Remediation: Performed evaluation of policies, procedures, security scan results, and system settings to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF and continuous monitoring.
• Assisted with the review and update of policies and standards including FISMA and other industry standards, audit support/coordination.
• Assembled and compilation of documentations and exhibits for ATO requests.

MBA - Business Administration - Coventry University

Bachelor of Science - Information Technology - Central University