Open to opportunities

Benjamin Kontoh

@benjaminkontoh

Message

Experienced Senior GRC Analyst specializing in risk management and compliance.

United States

Message

What I'm looking for

I am looking for a role that fosters collaboration, encourages professional growth, and allows me to leverage my expertise in governance, risk management, and compliance to drive organizational success.

I am an experienced Senior GRC Analyst with over five years of hands-on experience in IT governance, risk management, compliance, and audits. My strong background in applying security and compliance frameworks such as NIST and ISO 27001 has enabled organizations to meet regulatory requirements and effectively reduce risk. I excel in managing SOX compliance, leading risk assessments, and implementing robust IT controls. My collaborative approach allows me to work seamlessly with auditors, business teams, and leadership to enhance security practices and achieve compliance goals.

Throughout my career, I have developed a reputation for delivering practical, cost-effective solutions that align with business needs. I have successfully coordinated internal and external audits, conducted risk assessments, and contributed to policy development. My ability to communicate complex technological concepts clearly to non-technical audiences has been instrumental in promoting a culture of compliance and accountability within organizations. I am committed to ongoing learning and staying informed of evolving compliance regulations and industry best practices.

Experience

Work history, roles, and key accomplishments

Senior Information Security GRC Analyst

Tailored Brands

Feb 2022 - Jun 2024 (2 years 4 months)

Strengthened enterprise compliance by coordinating internal and external audits, collaborating with InfoSec, Compliance, and IT teams to resolve findings and ensure adherence to cybersecurity policies. Supported information security governance by maintaining alignment with NIST 800-53 controls and corporate security standards.

Risk Assessment SOX Compliance Security Awareness Critical Thinking IT Audit Incident Response Policy Development Compliance Monitoring

GRC Analyst

Royal Bank

Oct 2020 - Sep 2022 (1 year 11 months)

Monitored and interpreted relevant laws and regulations affecting the financial services sector (SOX, FINRA, GDPR). Supported the development and management of Information Security governance frameworks to ensure compliance with internal policies and industry standards within the financial services sector.

SOX FINRA GDPR Information Security Risk Assessment Cybersecurity ISO 27001 Policy Development

Information Security Risk Analyst

Ministry of Education

May 2018 - Aug 2020 (2 years 3 months)

Created and maintained security policies, standards, and procedures aligned with industry regulations and frameworks, including NIST, and ISO 27001. Performed risk evaluations to identify threats to critical assets and developed mitigation strategies to reduce exposure.

Security Policies NIST ISO 27001 Audit Management Security Awareness Incident Response

Education

Degrees, certifications, and relevant coursework

Nanjing University of Information Science & Technology

Master of Computer Technology, Computer Technology

Completed a Master's degree focusing on advanced computer technologies. Gained in-depth knowledge and practical skills in various aspects of computer science and technology.

University of Cape Coast

Bachelor of Social Studies, Economics

Obtained a Bachelor's degree with a specialization in Economics. Developed a strong foundation in economic principles, social studies, and analytical thinking.