beBee background
Professionals
>
Technology / Internet
>
Fredericktowne Village
Alfred Aboah

Alfred Aboah

Governance Risk and Compliance Analyst

Technology / Internet

Fredericktowne Village, Frederick

Social

About Alfred Aboah:

 

Experience

 

 

Fannie Mae – Governance, Risk and Compliance Analyst 

Washington, DC 

05/2023- Present

 

  • Follows Enterprise Risk Management and compliance procedures.
  • Tracks timely resolution of third-party risk management issues at enterprise level.
  • Stratifies vendor risk through a tiering process matrix based on vendor data and systems accessibility.
  • Provides support during User Acceptance Testing (UAT)
  • Uses eGRC platforms, SharePoint, and document management for compliance testing/assessment, tracking data, conducting follow-up, and monitoring.
  •  Applies regulatory requirements pertaining to information security and third-party/vendor risk management.
  • Reports and escalates third-party issues and remediation actions associated with control gaps for closure.
  • Obtains and reviews 3rd party documentation and other evidence to validate appropriate implementation of information security controls. 
  • Analyzes information to identify information security weaknesses or non-compliance. 
  • Communicates 3rd party information security issues to stakeholders, ensuring their understanding of associated risks and actions required to remediate the referenced risks.
  • Manages assessment findings and track findings through remediation.
  • Performs assessments remotely via conference calls and occasionally at vendor sites.
  • Identifies and reports on new and emerging security risk and risk trends, including participating in risk remediation solution discussions and recommending updates to policy and standards.
  • Updates and maintains documentation support of Audits and Exams
  • Manages vendor management lifecycle including vendor risk reporting and oversight of assessed vendors.
  • Assesses third parties and services and or products provided through Business Unit expenditure. 

 

 

Berry Solutions –Snr GRC Analyst 

Frederick, MD 

04/2020 – 05/2023

  • Participated in the development and enhancement of the Third-Party Risk Management policy, standards, and supporting procedures, with the aim of optimizing our service delivery to the organization while conforming to NIST CSF, NIST 800-53 Moderate Baseline, and SOC 1/2
  • Monitored and tracked any outstanding risks with third parties and/or internal stakeholders, contributing to Enterprise Risk Register processes.
  • Conducted internal security assessments for various business tools and applications.
  • Managed vendor and internal stakeholder relationships with a focus on operational effectiveness provided by the vendor.
  • Ensured that project/department milestones/goals are met and adhered to approved budgets. 
  • Followed Enterprise Risk Management and compliance procedures.
  • Conducted Third-Party Risk Assessments using client’s Risk Assessment framework and Supplier Privacy Impact Analysis (PIA)s in accordance with the company’s Privacy Program Framework and Privacy Office guidance.
  • Worked regularly with stakeholders influencing business decisions for reducing risk to acceptable levels while achieving business objectives.
  • Provided finding reports and remediation recommendations to system/applications POCs.
  • Maintained definition and documentation of internal controls to meet company governance, risk, and compliance requirements.
  • Collaborated with client’s Legal group to identify information security contractual requirements with third parties.
  • Experienced using BitSight, Security Scorecard and reviewing Penetration Test and Vulnerability Scans. 
  • Developed and refined enterprise policy, standards, and procedures 
  • Contributed to operational planning between the vendor and internal business stakeholders.
  • Identified and recommended appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to a level acceptable to the organization. 

 

Wells Fargo -Business Analyst 

McLean, VA 

01/2019 - 04/2020

  • Performed third party risk assessments and Vendor due diligence of Access to vendors.
  • Monitored 3rd party operational risk trends and provided analysis of data and other operational risk metrics using Security Scorecard
  • Tracked exceptions to IT policies and procedures and followed up with management approval for implementation.
  • Reviewed services provided by vendor and defined scope of assessment.
  • Drove vendor performance and contractual adherence.
  • Reviewed risk assessments performed by 3rd party and provided feedback. Defined appropriate risk levels and corrective actions for issues identified.
  • Presented issues to 3rd parties and obtained corrective action plans.
  • Updated procedure documentation to incorporate process changes to SOPs.
  •  
  • Managed Operational vendor risk management team for vendor onboarding, due diligence, and ongoing monitoring.

Bank of America- Business Analyst 

Washington, DC 

11/2014 - 12/2018

  • Determined the scope for system audit. Usually started with a kickoff meeting with key officials and the audit committee
  • Created a test plan to determine controls to be tested as well as methods of testing. Effectively participated in testing of the IT General Controls.
  • Conducted audit within specific timeframe utilizing subject matter experts and other system owners. Supported requirements gathering and design efforts of critical projects as needed.
  • Collected evidence from various point of contacts to update audit finding report for compliance.  
  • Tested for effectiveness and adequacy of controls by analyzing test plan against evidence collected via examination, interview, and testing.
  • Conducted IT controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with company policy. 
  • Interfaced with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks, exposures, define and implement compensating controls.
  • Worked independently to collect, consolidate, and analyze information required for the evaluation of security controls and gaps.
  • Produced final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations (PCI DSS, ISO 27001/2, Sarbanes-Oxley, etc.)
  • Provided guidance to prepare organizations for Statement on Standards for Attestation Engagements No. 16 (SSAE 16) audits.
  • Managed client's third-party assessment program, including security assessments, task tracking, analyses reporting, documentation, and process improvement.
  • Completed tests on financial system controls compliance (OMB A-123), IT General Computer Control (ITGC), and Application Controls 
  • Utilized audit procedures (Testing, Interviewing, and Examination) to determine the design and operating effectiveness of the controls.  
  • Performed walkthrough interviews and maintained communication with a variety of client stakeholders, including system personnel such as system and database administrators.
  • Created, reviewed, and managed lifecycle of company policies related to compliance and Enterprise Risk Management
  • Ensured results are consistently delivered through setting expectations and monitoring performance against objectives and metrics.

.

Experience

SUMMARY

Competent Risk Analyst with years of experience in Legal Compliance, Third-Party Risk Management, Vendor Risk Management, Testing Information Technology Controls and developing security policies, procedures, and guidelines among others. Worked with various clients in the Banking/Financial Services industry and regulatory compliance. Excellent communication skills leveraged to maintain valued relationships while meeting operational and customer demands. Able to adapt quickly and add value to an organization’s long-term goals. Willingness and ability to quickly learn new tools. Ability to work accurately and efficiently under pressure independently and remotely.

Education

06/2000

Bachelor of Arts Economics & Management Information Systems

York College of The City University of New York

Jamaica, New York 

Professionals in the same Technology / Internet sector as Alfred Aboah

Professionals from different sectors near Fredericktowne Village, Frederick

See professionals near Fredericktowne Village, Frederick

Other users who are called Alfred

Jobs near Fredericktowne Village, Frederick

  • Boland Trane Associates Inc & Boland Trane Services Inc

    Project Engineer Intern

    Found in: One Red Cent US C2 - 1 week ago

    Boland Trane Associates Inc & Boland Trane Services Inc Gaithersburg, United States

    Job Description · Job DescriptionJoin the industry leader BOLAND provides clients with sustainable and energy efficient solutions for commercial, institutional and industrial buildings in the Washington, DC / Baltimore metropolitan area. We allow building occupants and owners to ...

  • ClientSolv

    Principal Mechanical Engineer

    Found in: Lensa US 4 C2 - 4 days ago

    ClientSolv Germantown, United States

    Company DescriptionClientSolv Technologies is an IT solution firm with over a decade of experience serving Fortune 1000 companies, public sector and small to medium sized companies. ClientSolv Technologies is a woman-owned and operated company that is certified as a WMBE, 8a firm ...

  • Kennie's Market

    Stocker

    Found in: Talent US C2 - 6 days ago

    Kennie's Market Gettysburg, United States

    Job Description · The stocker is responsible to perform duties as directed by the Grocery Manager and members of Store Management, for the successful operation of the Grocery department. The Grocery Clerk is responsible to see that all Kennies customers are provided with the bes ...