LiveCareer-Resume

Information Security Analyst Third Party Risk resume example with 11+ years of experience

Jessica Claire
, , 609 Johnson Ave., 49204, Tulsa, OK 100 Montgomery St. 10th Floor
Home: (555) 432-1000 - Cell: - resumesample@example.com - -
Summary

Third Party Vendor Risk Analyst with 11 years of experience in Information Security and exceptional knowledge of the NIST 800 series, HITRUST CSF, HIPAA, ISO 27001, GDPR, and PCI DSS. Excellent skills with strong expertise in vendor risk assessment, vulnerability management, vendor categorization, and vendor selection, as well as analyzing technical reports, evaluating third-party security environments, creating risk assessment reports, and developing risk treatment plans. Excellent abilities and experience in evaluating and implementing internal control procedures to ensure efficiency and risk mitigation. A professional looking to apply their knowledge and abilities to help the enterprise accomplish its privacy, confidentiality, integrity, and availability goals and objectives (CIA).

Skills
  • Risk Identification and Mitigation Analytical skills
    Contract security reviews and negotiation Risk Analysis
  • Excellent verbal and written communication
  • Third party risk management skills Vendor risk management
    Multi-tasking Skills Information Security
  • Audit preparation Risk Management
  • Risk assessment project management
  • HITRUST/ HIPPA/ NIST/ GDPR/ CCPA/ ISO Leadership
    27001 Teamwork Problem-Solving Details oriented
  • Creativity MS excel, MS SharePoint, MS work, Business continuity and data recovery
  • Critical Thinking Proficient with GRC tools such as Archer and ServiceNow
  • Proficient with ITGC controls
Experience
03/2018 to Current
INFORMATION SECURITY ANALYST- THIRD PARTY RISK California Water Service Group Marysville, CA,
  • Performs due diligence on an individual third-party relationship to assess the technology risks
  • Assists in kick off, status, and closing meetings with engagements team and clients and contributes to party audit knowledge base and Internet project development initiatives
  • Ensure risk is being managed throughout the third -party life cycle (planning, due diligence, contract execution, on-going monitoring, and exit)
  • Assessing and analyzing ongoing due diligence questionnaires to determined nature and level of risk, as well as reviewing and incorporating order relevant materials as needed
  • Ensure third party adherence to contractual/regulatory compliance to minimize the risk of fines and reputational harm
  • Helps maintain the Third-party risk management framework and processes
  • Performs information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information
  • Works with the program manager to develop and maintain a vulnerability intelligence process that monitors for emerging systems vulnerabilities
  • Designs controls, Cybersecurity and Risk Management framework NIST SP 800
  • Monitors intrusion detection systems and other cyber security dashboard
  • Research, evaluate, and assess emerging cyber security threats, incidents, and vulnerabilities
  • Analyzes system risk to identify and implement appropriate security countermeasures.
01/2017 to 02/2018
IT Auditor- Complaisance Analyst Leidos City, STATE,
  • Performed audit of IT general and application controls, information security, system development, change management.
  • Detailed review of company policies and procedures to gain full understanding of their process.
  • Assisted with audit scope determination, risk and design of audit program, policies, standards and procedures evaluation, control testing, and evaluation and analysis of results.
  • Work on the review and documentations of Application Access Controls and Application Controls Review Process.
  • Performed audit testing for SOC 1 and Application controls audit
  • Leading and coordinating walkthrough meetings.
  • Monitor evidence collection process
  • Reviewed evidence and provide feedback to clients
  • Address and respond to client questions
  • Coaching staff auditor to gain better understanding of the engagement.
  • Detailed review of company policies and procedures to gain full understanding of their process.
  • Performed testing of identified areas in line with professional standards.
  • Managed audit work to ensure timely completion.
  • Participates in the execution of audits at the firm's affiliate locations which included all phases of the
    audit- planning, Fieldwork, Reporting, and follow-up.
  • Reviewing work paper to ensure accuracy and completeness
  • Executes audit readiness to identify and correct internal control weakness to follow SOX requirements.
01/2013 to 01/2017
INFORMATION SECURITY ANALYST - VENDOR RISK MGMT Trinity Health City, STATE,
  • Determine vendor's inherent risk and identifies third party vendor weaknesses that could be exploited while providing services to our organization
  • Communicated with vendor's representative to gather vendor's profile and deploy
  • Standard Information Gathering (SIG) questionnaire to vendor representative
  • Reviewed and validate completed questionnaires with supporting evidence submitted by vendors
  • Reviewed vendor's IS policy, penetration test report, vulnerability analysis, SDLC policies, business continuity plan, physical and environmental policy, etc
  • Reviewed and validate all controls at the vendor site to ensure data confidentiality
  • Plan and execute internal security assessments and third-party security risk assessments
  • Performed kick-off call to conduct vendor scoping by collecting details of vendor's engagement with the organization from the business owner
  • Conduct on site and virtual onsite risk assessment to continuously determine the security posture at the vendor sites
  • Reviewed supplier's network topology for checking for key controls for traffic management
  • E.g firewalls, intrusion detection system, intrusion prevention system and configurations
  • Reviewed the physical and logical access control managements on the vendor site in other to ensure data entrusted with them are well protected.
03/2011 to 12/2012
INFORMATION SECURITY ANALYST Visa Inc City, STATE,
  • Used the Security Incident Event Management (SIEM) platform to perform incident response identification
  • Analyzed phish emails, analyzed malicious links and attachments, analyze user impact via Splunk, remove/delete phish emails from exchange servers and block unwanted senders
  • Actively participated in large scope high impact cyber breaches and manage
  • Incident Response workflow and activities to support response and remediation
  • Conducted investigation, collection, and retention of evidence to support the forensic and legal team
  • Conducted risk security awareness and training for new and current employees
  • Conducted vendor risk assessment to evaluate the vendors information security posture and security
  • Escalated prioritized, communicated, and coordinated high severity vulnerabilities/incidents maintaining adherence to the company's vulnerability response process
Education and Training
Expected in 04/2008
Bachelor’s: Computer Science
Lagos State University - Lagos,
GPA:
Certifications

ServiceNow - Certified System Administrator

AWS- Certified Security Specialty

CompTIA Security+ Certified

CISSP- Certified Information Systems Security Professional

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • Lagos State University

Job Titles Held:

  • INFORMATION SECURITY ANALYST- THIRD PARTY RISK
  • IT Auditor- Complaisance Analyst
  • INFORMATION SECURITY ANALYST - VENDOR RISK MGMT
  • INFORMATION SECURITY ANALYST

Degrees

  • Bachelor’s

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: