Joycelyn Agyemang
London,ENG
Summary
Experienced technology risk analyst with a proven track record in cybersecurity frameworks, governance, risk management, and compliance. Demonstrates expertise in ISO 27001, NIST CSF, HITRUST CSF, PCI DSS, and SOC 2 standards through comprehensive risk assessments, audit coordination, and regulatory adherence. Skilled in developing security documentation, training materials, and implementing mitigation measures to enhance organizational security posture. Adept at vendor due diligence and third-party risk assessments using tools such as Archer and Bit Sight to identify vulnerabilities and ensure compliance. Career focus includes driving continuous improvement in information security practices while aligning strategies with industry best practices.
Overview
6
6
years of professional experience
1
1
year of post-secondary education
Work history
Technology Risk Analyst (Contractor)
Wise
10.2023 - Current
- Connect content resources to industry-recognized cybersecurity frameworks, including ISO 27001, NIST CSF, and HITRUST CSF, through mapping exercises, gap analysis, and coverage improvements. Collaborate with teams to align products and strategies with best practices.
- Develop training materials, such as multiple-choice questions, cheat sheets, expert articles, and security awareness programs. Focus on cybersecurity frameworks, governance, risk, compliance (GRC), and best practices.
- Manage and maintain compliance with regulatory frameworks (e.g., PCI-DSS, SOC 2, ISO 27001, NIST CSF, HITRUST CSF). Coordinate internal and external audits, prepare evidence, and handle customer security inquiries.
- Conduct thorough risk assessments, develop risk management plans, and implement security controls. Continuously monitor and audit security practices for improvement.
- Lead breach investigations, document root cause analyses, and implement mitigation measures. Monitor security controls to maintain compliance and enhance organizational security.
- Prepare and update security documentation, including policies, procedures, incident reports, and metrics. Develop KPIs for information security, and ensure compliance with legal regulations.
Vendor Risk Associate (Contractor)
Travelodge
08.2022 - 07.2023
-Conduct third-party risk assessments and vendor due diligence, providing insights into operational risk metrics and trends, and ensuring management approval for exceptions to IT policies.
-Review vendor security postures through assessments, security questionnaires (e.g., SIG), SOC 2 Type 2 reports, scan and penetration test results, and identify vulnerabilities.
- Utilize tools like Archer to evaluate applications, track issues, implement mitigation measures, and maintain control assessments for products and initiatives.
- Prepare evidence and update findings for regulatory standards (e.g., PCI-DSS), test control effectiveness, and support internal and external audit processes as liaison.
- Define risk levels, recommend corrective actions for identified issues, and collaborate with vendors to resolve non-compliance or evidence-related issues.
- Update procedure documentation, incorporate process changes into SOPs, and promote continuous improvement in risk management and compliance efforts.
Information Security Assessor (Contractor)
Sage Group
01.2021 - 08.2022
- Conduct IT risk assessments, document system security key controls, and identify IT-related risks and control weaknesses.
- Perform interviews with service providers and suppliers to clarify processes, understand technologies, verify responses, and identify control gaps.
- Collaborate with the Information Security team to define remediation plans, compile conclusions, and present assessment findings to management on control effectiveness.
- Manage scheduling, execution, and documentation of assessments, providing periodic updates and recommendations to leadership.
ISO27001 Compliance Associate (Contractor)
iTechArt Group
05.2020 - 01.2021
- Reviewed ISO27001:2013 and ISO 27002:2013 standards to identify gaps in documentation and processes, and assisted in asset register creation and relevance testing.
- Supported audit efforts through document gathering, evidence collection, and conducting mock audits for various departments.
- Documented security gaps, conducted risk assessments and business impact analyses, and proposed remediation or continuous monitoring strategies.
- Controlled documentation for easy tracking, accountability, and created standard templates to streamline data recording.
Cybersecurity Analyst (Contractor)
DreamOval Limited
07.2019 - 01.2020
-Conducted third-party cybersecurity risk assessments using tools like Archer and BitSight, while performing information gathering, questionnaire administration, vendor response analysis, risk reporting, and monitoring.
- Supported quality assurance reviews over work products and reporting, and collaborated with internal teams and third parties to address and resolve cyber risks effectively.
- Represented the department professionally, demonstrating credibility with leadership and influencing business decisions through identifying gaps and recommending solutions.
- Updated procedure documentation to reflect process changes and ensured adherence to established standards.
IT Risk Auditor (Contractor)
Kwame Nkrumah University of Science and Technology
12.2018 - 07.2019
- Planned and conducted system audits by defining scope, coordinating with key officials, developing test plans, and leveraging subject matter experts and system owners.
- Tested IT General Controls and evaluated control effectiveness by analyzing evidence gathered through examination, interviews, and testing.
- Performed IT controls risk assessments, reviewed organizational policies and procedures, and provided recommendations for compliance and accuracy.
- Updated audit findings reports for security compliance and assisted in requirements gathering and design for critical projects.
Education
Master of Science - Logistics and Supply Chain Management
University of Hull
Hull 09.2021 - 11.2022
Certified Information Systems Auditor
ISACA
Certified Information Security Manager
ISACA
Controls, Standards and Frameworks
NIST RMF (FISMA), ISO 27001:2022, ISO 27002:2022, SOC 2 (Type II), SIG Questionnaire, NIST SP 800-53,800-53 A,800-60, PCI DSS,HITRUST CSF.
Timeline
Technology Risk Analyst (Contractor)
Wise
10.2023 - Current
Vendor Risk Associate (Contractor)
Travelodge
08.2022 - 07.2023
Master of Science - Logistics and Supply Chain Management
University of Hull
09.2021 - 11.2022
Information Security Assessor (Contractor)
Sage Group
01.2021 - 08.2022
ISO27001 Compliance Associate (Contractor)
iTechArt Group
05.2020 - 01.2021
Cybersecurity Analyst (Contractor)
DreamOval Limited
07.2019 - 01.2020
IT Risk Auditor (Contractor)
Kwame Nkrumah University of Science and Technology
12.2018 - 07.2019
Certified Information Systems Auditor
ISACA
Certified Information Security Manager
ISACA
Similar Profiles
Francisco AcevedoFrancisco Acevedo
KYC Operations Senior Analyst - Total Service at WiseKYC Operations Senior Analyst - Total Service at Wise
Mercy AghoMercy Agho
Kyc Operations Associate Analyst at WiseKyc Operations Associate Analyst at Wise
Cameron CullenCameron Cullen
Customer Support Associate at WiseCustomer Support Associate at Wise
Chantele FordChantele Ford
AML Investigations Area Lead at WiseAML Investigations Area Lead at Wise
MUHAMMAD UZAIR KHANMUHAMMAD UZAIR KHAN
Operation executive at MedznMore Private LimitedOperation executive at MedznMore Private Limited