Eva Obeng Anson

Experience

• 

  Kairos Vision Consult

  Mar 2013 - Jun 2020

  Information Security Analyst

  • Documented audit findings and developed thorough and creative recommendations for business and process owners to mitigate identified risks.• Conducted IT audit fieldwork and walk through of controls; performed detailed testing, analysis of controls, validations, and creation of clear, accurate documentation of workflows in IT process and report of test results and exceptions. • Provided analysis and conducted virtual risk assessment to continuously determine the security posture at the vendor site.• Worked with IT compliance management to ensure appropriately designed controls are implemented for all in-scope entities and divisions and perform testing to validate their operating effectiveness throughout the fiscal year.• Documented progress towards HIPAA Privacy and Security Rules implementation and monitor the status of the organization´s HIPAA compliance.• Monitor information system activities for suspicious events such as logins, administrative rights usage, abandoned sessions or their vulnerabilities.• Performed internal and external IT risk assessments using applicable Risk Matrix templates, Risk Assessment Matrix, Risk Control Self –Assessment and Risk Management life cycle and provided recommendations on mitigation options.• Worked with IT compliance management to ensure appropriately designed controls are implemented for all in-scope entities and divisions and perform testing to validate their operating effectiveness throughout the fiscal year.• Tracked compliance processes such as remediation plans, exception/variance handling, audit requests, and recurring audit reviews to ensure timely completion.• Generated reports, presentations, documents, and other collateral to present assessment updates to senior leadership.• Worked with key stakeholders, leadership, business units, and other internal and external constituents to evaluate and manage information security assessments. Show less

• 

  PwC

  Jul 2020 - now

  Effectively communicate with multiple clients to perform Risk register remediation; handle internal communications within the Office of Information Security and external communications with several different divisions daily. Maintain excellent working relationships with both internal and external clients .• Conduct IT audit fieldwork and walk through of controls; perform detailed testing, analysis of controls, validations, and creation of clear, accurate documentation of workflows in IT process and report of test results and exceptions.• Ensures that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments.• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors. • Monitor information system activities for suspicious events such as logins, administrative rights usage, abandoned sessions or other vulnerabilities.• Participate in activities across the company, including the Third-Party Risk Management (TPRM) lifecycle and Enterprise Risk Management (ERM).• Lead and support the preparation of client reporting deliverables, e.g., gap and risk assessments, SOC reporting, GDPR assessments, ISO 27001 certifications, etc.• Partner cross-functional, inter-departmental and with the internal and external auditors• Prepare audit plan and report detailed results of audits; provide written recommendations to clients.• Partake in reviewing regulatory reports, SOC reports, certificates of insurance, and other reports associated with vendors included in the vendor program and escalate issues to the appropriate individuals.• Validate system requirements, security policies and procedures, contingency plans, incident response plans, personnel security, access control mechanisms and identification and authentication mechanisms. Show less

  • Information Technology Auditor

    Jun 2020 - now

  • Information Technology Security Analyst

    Jul 2020 - now