Asiwome (Kofi) Buo

Information Governance & TPRM Analyst | UK GDPR, NHS IG Toolkit, ISO 27001 | Vendor risk lifecycle | Security+, ISO 27001 Lead Auditor, CISM in progress

London Area, United Kingdom

About

I work at the intersection of information governance, third-party risk, and IT compliance running the operational detail that keeps public sector and regulated organisations audit-ready under UK GDPR, the Data Protection Act 2018, and ISO 27001. My current role with the NHS covers the day-to-day discipline DSAR and FOI processing within statutory deadlines, access reviews on shared clinical systems, risk register maintenance, and supplier reviews on SOC 2 and ISO 27001-attested SaaS. Before the NHS I was a placement-based Third Party Risk Manager via Adecco, running the vendor lifecycle end-to-end for public sector and engineering clients intake, IRQ, tiering, DDQ, contract remediation, monitoring cadence. I am Security+ certified, an ISO 27001 Lead Auditor and Lead Implementer, with CISM in progress. I am open to TPRM Analyst, Information Governance, IT Audit, and ISMS Coordinator roles. Comfortable with confidential data, calm under regulatory deadline pressure, and used to producing artefacts that have to stand up to ICO referral.

Experience

  • Information Governance & IT GRC Analyst at NHS England
    Oct 2022 - Present ยท 3 yrs 10 mos