Third Party Vendor Risk Analyst with 11 years of experience in Information Security and exceptional knowledge of the NIST 800 series, HITRUST CSF, HIPAA, ISO 27001, GDPR, and PCI DSS. Excellent skills with strong expertise in vendor risk assessment, vulnerability management, vendor categorization, and vendor selection, as well as analyzing technical reports, evaluating third-party security environments, creating risk assessment reports, and developing risk treatment plans. Excellent abilities and experience in evaluating and implementing internal control procedures to ensure efficiency and risk mitigation. A professional looking to apply their knowledge and abilities to help the enterprise accomplish its privacy, confidentiality, integrity, and availability goals and objectives (CIA).
Skills
Risk Identification and Mitigation Analytical skills
Contract security reviews and negotiation Risk Analysis
Excellent verbal and written communication
Third party risk management skills Vendor risk management
Multi-tasking Skills Information Security
Creativity MS excel, MS SharePoint, MS work, Business continuity and data recovery
Critical Thinking Proficient with GRC tools such as Archer and ServiceNow
Proficient with ITGC controls
Experience
03/2018 to Current
INFORMATION SECURITY ANALYST- THIRD PARTY RISKCalifornia Water Service Group – Marysville, CA,
Performs due diligence on an individual third-party relationship to assess the technology risks
Assists in kick off, status, and closing meetings with engagements team and clients and contributes to party audit knowledge base and Internet project development initiatives
Ensure risk is being managed throughout the third -party life cycle (planning, due diligence, contract execution, on-going monitoring, and exit)
Assessing and analyzing ongoing due diligence questionnaires to determined nature and level of risk, as well as reviewing and incorporating order relevant materials as needed
Ensure third party adherence to contractual/regulatory compliance to minimize the risk of fines and reputational harm
Helps maintain the Third-party risk management framework and processes
Performs information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information
Works with the program manager to develop and maintain a vulnerability intelligence process that monitors for emerging systems vulnerabilities
Designs controls, Cybersecurity and Risk Management framework NIST SP 800
Monitors intrusion detection systems and other cyber security dashboard
Research, evaluate, and assess emerging cyber security threats, incidents, and vulnerabilities
Analyzes system risk to identify and implement appropriate security countermeasures.
01/2017 to 02/2018
IT Auditor- Complaisance AnalystLeidos – City, STATE,
Performed audit of IT general and application controls, information security, system development, change management.
Detailed review of company policies and procedures to gain full understanding of their process.
Assisted with audit scope determination, risk and design of audit program, policies, standards and procedures evaluation, control testing, and evaluation and analysis of results.
Work on the review and documentations of Application Access Controls and Application Controls Review Process.
Performed audit testing for SOC 1 and Application controls audit
Leading and coordinating walkthrough meetings.
Monitor evidence collection process
Reviewed evidence and provide feedback to clients
Address and respond to client questions
Coaching staff auditor to gain better understanding of the engagement.
Detailed review of company policies and procedures to gain full understanding of their process.
Performed testing of identified areas in line with professional standards.
Managed audit work to ensure timely completion.
Participates in the execution of audits at the firm's affiliate locations which included all phases of the
audit- planning, Fieldwork, Reporting, and follow-up.
Reviewing work paper to ensure accuracy and completeness
Executes audit readiness to identify and correct internal control weakness to follow SOX requirements.
01/2013 to 01/2017
INFORMATION SECURITY ANALYST - VENDOR RISK MGMTTrinity Health – City, STATE,
Determine vendor's inherent risk and identifies third party vendor weaknesses that could be exploited while providing services to our organization
Communicated with vendor's representative to gather vendor's profile and deploy
Standard Information Gathering (SIG) questionnaire to vendor representative
Reviewed and validate completed questionnaires with supporting evidence submitted by vendors
Reviewed vendor's IS policy, penetration test report, vulnerability analysis, SDLC policies, business continuity plan, physical and environmental policy, etc
Reviewed and validate all controls at the vendor site to ensure data confidentiality
Plan and execute internal security assessments and third-party security risk assessments
Performed kick-off call to conduct vendor scoping by collecting details of vendor's engagement with the organization from the business owner
Conduct on site and virtual onsite risk assessment to continuously determine the security posture at the vendor sites
Reviewed supplier's network topology for checking for key controls for traffic management
E.g firewalls, intrusion detection system, intrusion prevention system and configurations
Reviewed the physical and logical access control managements on the vendor site in other to ensure data entrusted with them are well protected.
03/2011 to 12/2012
INFORMATION SECURITY ANALYSTVisa Inc – City, STATE,
Used the Security Incident Event Management (SIEM) platform to perform incident response identification
Analyzed phish emails, analyzed malicious links and attachments, analyze user impact via Splunk, remove/delete phish emails from exchange servers and block unwanted senders
Actively participated in large scope high impact cyber breaches and manage
Incident Response workflow and activities to support response and remediation
Conducted investigation, collection, and retention of evidence to support the forensic and legal team
Conducted risk security awareness and training for new and current employees
Conducted vendor risk assessment to evaluate the vendors information security posture and security
Escalated prioritized, communicated, and coordinated high severity vulnerabilities/incidents maintaining adherence to the company's vulnerability response process
Education and Training
Expected in 04/2008
Bachelor’s: Computer Science Lagos State University - Lagos, GPA:
Certifications
ServiceNow - Certified System Administrator
AWS- Certified Security Specialty
CompTIA Security+ Certified
CISSP- Certified Information Systems Security Professional
Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.