LiveCareer-Resume

senior security analyst resume example with 9+ years of experience

Jessica Claire
  • , , 609 Johnson Ave., 49204, Tulsa, OK 100 Montgomery St. 10th Floor
  • H: (555) 432-1000
  • C:
  • resumesample@example.com
  • Date of Birth:
  • India:
  • :
  • single:
  • :
Professional Summary

Highly qualified proactive and results-oriented professional with over 9.8 years of experience as Senior Security Analyst. Experienced in TPRM process optimization, vendor security reviews, and risk mitigation. Good Knowledge of governance risk and controls implementation related to various industry standards/compliance. Self-motivated individual with a good understanding of compliances such as ISO 27001:2013, GDPR, NIST, HIPAA. Familiar with regulatory requirements to maintain strict controls or frameworks. Results-driven bringing proven skills in administering risk management programs. Effective in training team members to proactively identify and highlight potential risks. Dedicated to long-term risk management by building strong internal protocols and instilling culture of responsibility and attentiveness. Organized and dependable candidate successful at managing multiple priorities with a positive attitude. Willingness to take on added responsibilities to meet team goals.

Skills
  • Specialized Knowledge : Familiarity with ISO 27001, NIST, GDPR, HIPAA, HITRUST, PCI-DSS or other information security control frameworks.
  • Technical
  • Risk Management
  • Internal Auditor
  • Compliance risk assessment, monitoring, testing and reporting
  • Third Party Risk Management, Global Training, Stakeholder Relationship
  • Process Improvement and Implementation
  • ServiceNow Vendor Risk Management, BitSight Monitoring, R-Sam, CyberGRX
  • Analytical Skills
  • Information Security
  • Due Diligence
  • Proven ability to collaborate cross-functionally.
  • Excellent written and oral communication skills.
  • Proficiency in the use of Microsoft Office 365, Excel, SharePoint etc.,
Work History
Senior Security Analyst, 04/2023 - Current
Wipfli Llp Milwaukee, WI,
  • Active involvement in the project in improving Third Party Screening Risk Management Process and current compliance risk framework. Delivered global Third Party Screening training on third party risks, process.
  • Leading the TPRM onboarding and periodic review processes and leveraging information from internal and external resources to develop a description of third-party services and drive collaboration between SMEs and vendor owners.
  • Performing third-party risk assessments by conducting and evaluating inherent risks questionnaires, vendor surveys, and assessing due diligence documentation and formulating and providing effective challenge into the risk assessment process.
  • Facilitate and document kick-off and risk review meetings between vendor owners, subject matter experts, and stakeholders to present potential vendors and discuss due diligence, or issues.
  • Leading the development and implementation of supplementary risk programs, operating plan strategies, procedures, templates, and forms.
  • Conduct routinely reviews and reporting relating to TPRM lifecycle activities and key performance indicators (KPIs).
  • Assist with preparing reporting of key risk indications (KRIs) to internal business partners, executive management, including but not limited to the vendor population, risk distribution, ongoing monitoring/review status updates, issues aging, watch list reporting etc.
  • Maintain and enhance the company’s internal intranet site for Third-Party Risk.
  • Lead TPRM training development and deliver educational activities to support and guide vendor relationship owners.
  • Identify enhancements and process efficiencies to TPRM procedures to ensure the program aligns with regulatory requirements.
Senior Security Analyst, 03/2017 - 04/2023
Wipfli Llp Madison, WI,
  • Manage due diligence required for onboarding and recertification of risks and on-going monitoring of assigned third- party relationships. Assess operational fitness of assigned third parties through due diligence reviews.
  • Conduct in-depth risk-based security assessments of cloud, vendor and third party hosted environment. Assessment focus includes risk management, Physical security, identity & access management, encryption, data loss/leakage prevention, secure development, incident management, security infrastructure, and security policy etc.,
  • Tiering/categorization of vendors based on the level of data they have access to.
  • Experience in performing scoping calls, risk assessment, risk remediation and preparing Assessment report, client facing reports to business owners and the vendor management office.
  • Communicate identified risks to key stakeholders and establish remediation action plans, and track and monitor identified vendor risks to closure.
  • Act as a Subject Matter Experts to establish and maintain partnership with internal and external stakeholders, including all levels of technical and business management to ensure effective collaboration on vendor risk-related topics.
  • Evaluate and monitor procedures and internal controls as related to physical security over data centers and computer operations, network communications, database management systems, change management over all IT areas and operating system.
  • Ensure third party relationships adhere to the company's policies and comply with regulatory guidelines and industry best practices.
  • Juggled multiple projects and tasks to ensure high quality and timely delivery.
  • Experience in supporting compliance related processes.
  • Have exposure to other compliance audits such as ISO 27001:2013, SOC audits and other information security frameworks.
  • In-depth knowledge of an enterprise risk management framework, including risk identification, risk appetite and strategy, risk-related decision, business processes and their related third-party controls.
  • Experience providing reports and updates to senior management and governance routines.
  • Excellent organizational skills and a demonstrated ability in multi-tasking in a fast-paced environment.
  • Conducting training with stakeholders to ensure TPRM function awareness. Trained key internal stakeholders including Project Managers, Directors and Group Functions on screening process of ServiceNow Vendor Module.
  • Participate & drive Client calls to provide adequate clarification and response regarding TRPM program and on vendor assessments.
  • Drive & participate in continuous process improvement initiatives to maintain alignment with industry best practices.
  • Manage data collection, analysis, and planning work for Team members.
  • Problem Solving skills sufficient to creatively develop unique approaches and solutions necessary to resolve high level, complex issues.
  • Maintain a central repository of vendor risk assessment artifacts and supporting documentation.
  • Escalate high-risk issues to senior management following established vendor risk management processes. Manage and track implementation controls as result of Third-Party Oversight plan creation/re-assessment.
  • Create monthly and quarterly risk metrics to highlight risk issues and accomplishments during the risk assessment timeline.
  • Design and constantly upgrading suppliers’ questionnaires to ensure all areas of new threat signatures discovered.
  • Assisted in researching, reviewing, developing, and maintaining TPRM policies and standards that comply with industry standards, regulatory.
  • Experience in reviewing Service Organization Controls (SOC) reports, in compliance with SSAE 18 for organizations.
  • Coordinate with internal and external audit teams to fulfill requirements and obligations.
  • Reviewed contracts and agreements to identify potential risks and ideal mitigation strategies.
Information Security Analyst (Internal Auditor), 08/2013 - 03/2017
Olive Technology City, STATE,
  • Monitoring ISMS activities of the organization.
  • Plan and conducted Internal Audits and closure of audit.
  • Performed analysis and drafted findings and recommendations into detailed reports.
  • Managed continuous improvements by managing audit schedules and auditors.
  • Developed management reports to communicate progress.
  • Conduct security awareness training for employees.
  • Ensuring that adequate steps are taken, on an on-going basis, to improve the ISMS.
  • Coordinate External Audit (ISO 27001:2013) by providing required evidences to the auditors.
  • Ensured compliance with applicable ISO laws and regulations.
  • Served as the designated Management Representative and liaison to 3rd party auditors.
  • Annual review of policy docs and risk assessment and treatment document.
  • Escalated potentially significant risks and exposures to Management
  • Ensured efficient and effective completion of all audit requirements.
Education
Bachelor in Engineering: Electronics And Communications Engineering, Expected in
-
Karunya University - Coimbatore, Tamil Nadu, India,
GPA:
Status -
Certifications
  • Certified ISO 27001:2013 Lead Auditor – Registration no: IGC18k79402A3
,

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • Karunya University

Job Titles Held:

  • Senior Security Analyst
  • Senior Security Analyst
  • Information Security Analyst (Internal Auditor)

Degrees

  • Bachelor in Engineering

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: