Professional Documents
Culture Documents
Ruth Donkor
Ruth Donkor
Profile Summary
Highly organized third–party risk management/Security Control analyst with years of experience
in assessing IT vendors’ security posture to ensure they stay compliant and take new vendors
through the due diligence process to determine the inherent and residual risks that vendors will
bring to the organization for the engagement. Familiar with frameworks like NIST 800-series,
ISO 27001, and PCI DSS. Ability to effectively review security documents i.e., SSAE 18 (SOC
1, SOC 2), Penetration test, and Security Policies.
Career Summary
• Experienced in NIST Risk Management Framework (RMF) and Cyber Security Framework
(CSF)
• Conducted Information Security Audits & Assessments & Compliance
• Expertise in Risk Management and Assessment
• Experienced in Continuous Monitoring
• SOC Report
• Information security documentation
• Vulnerability Management
• Contigency Planning & Disaster Recovery
• Maintained and revised policies for the organization
• Ensure Information Security complaince with federal regulations.
Experience
WR Berkeley 06/2021-Current
Morristown NJ
• Performs risk identification, and data and business control gap analysis.
• Analyze available artifacts and perform a gap analysis of what is missing or incomplete.
• Help to define success criteria for compliance across business process data documentation.
• Assist with development of collateral, tools, and templates for the Cyber Resilience
Consulting Practice.
• Implements Cybersecurity Framework (CSF) and developed security controls.
• Developes system security plan, security documentation, and vulnerability remediation plan.
• Conducts security control evaluation and remediated security gaps.
• Review policies and procedures to make sure they are in compliance with the company
requirements
• Identifies security vulnerabilities and worked with technical teams to remediate findings.
• Support system audits, and remediated audit findings and recommendations.
• Monitoring system against unauthorized access using Splunk
• Present audit and assessment reports to management Developed system compliance
guidelines.
• Apply the NIST SP 800-53 controls to systems to improve security posture.
• Review Nessus and database scans, and penetration and web application testing and
developed remediation plan with the patch team and closed findings.
• Conduct controls self assessment and identified controls gap and sent to the patch team for
patching
• Complet risk assessments on multiple information systems using NIST SP 800-30.
• Engages in security control audits and assessments and responded to auditor’s requests.
• Investigates security vulnerabilities and developed remediation plan.
• Conducts continuous monitoring of systems and applications and reviewed documentation,
system scans and tests, and system vulnerabilities to make sure security controls are in
compliance.
• References
References: Available upon request