Senior Third Party Risk Analyst Security Control Assessor resume example with 9+ years of experience

(555) 432-1000,
, , 100 Montgomery St. 10th Floor

Risk Management professional with 12 years + of experience in performing IT Audit, Vendor/Third Party Risk Assessments and Security Control Assessments with in-depth knowledge of CSAE/SSAE (SOC 1, SOC 2), NIST, SIG, PCI-DSS to achieve Confidentiality, Integrity, Availability of Information Systems. Knowledge of Access Control, Audit and Accountability, Compliance Testing, Risk Assessment, Change Management, Security Maintenance, Policies, Procedures, and Incident Response.

Reliable and skilled AML / KYC / FRAUD ANALYST with vast experience gained from working with reputable financial institutions. Extensive knowledge of government sanctions, regulations and compliance policies. An Expert at CDD, negative news screening and PEP screening. Meticulous and proactive with thorough analytic and investigative skills.

Risk Management professional, Administrative Assistant

SAS, CECL and Data Analytics. Well Experienced in usage of GRC Tools: RSA Archer, Service Now, OneTrust, ProcessUnity Riskonnect, Ariba, JIRA,Prevalent. Solutions-oriented Business Analyst possessing unique combination of business analysis, quality assurance testing and applications development experience in top-tier organizations. SCreative Business Analyst with broad-based background in highly competitive and dynamic organizations. Recognized as decisive leader and excellent team player. Advanced knowledge of asset tracking software. Committed to providing accurate, effective advice to customers.

Technical Skills
  • Business Process Improvement
  • Staff Training and Development
  • Project Management
  • Requirements Gathering
  • Risk Mitigation
  • SQL Understanding
  • Fraud Assessment
  • Fluent in Spanish
  • Data Management
  • Supervision & Leadership
  • Problem Resolution
  • Friendly, Positive Attitude
  • Integrated Reporting Information System (IRIS)
  • Transaction Reviewing
Education and Training
New York University New York, NY Expected in 06/2018 Bachelor of Arts : - GPA :
American Career College Ontario, CA Expected in 07/2010 Associate of Arts : - GPA :
  • Professional Certification Certified Information System Auditor (CISA)
  • CompTIA Security+
  • Project Management Professional (PMP)
Drw Trading Group - Senior Third Party Risk Analyst /Security Control Assessor
Chicago, IL, 06/2018 - Current
  • •Plan and conducts security risk assessments for all third-party vendors/suppliers.
  • Liaised with internal teams to establish criteria for contracts.
    Provides detailed reports of assessments to business owners and the vendor management office.
  • .Usage of GRC tools such as Service Now,JIRA, Prevalent, RSA Archer to ensure secured and prompt communication of findings and deployments of questionnaire to the vendor and to track vendor
    •Conduct in-depth risk-based security assessments of, cloud, vendor and third party hosted environment. assessment focus included risk management, physical security, identity & access management, encryption, data loss prevention, secure development, incident management, security infrastructure, and security policy.
    •Tiering/Categorization of vendors based on the level of data they have access.
    •Escalate issues of 3rd party vendor’s non-compliance to the vendor risk management office (VMO)
    •Perform continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites.
    •Assesses operational fitness of assigned third parties through due diligence reviews.
    •Conduct onsite and virtual risk assessment to continuously determine the control effectiveness.
    •Design and constantly upgrading suppliers’ questionnaires to ensure all areas of new threat signatures discovered are covered.
    •Develop methodology of risk ranking vendors and streamlined level of effort for each assessment.
    •Administered questionnaires to all vendors.
  • Ensure third party relationship adhere to company’s policies, procedures and compliant with regulatory guidelines and industry best practices.
    •Validate it control implementations, performs risk-based audit, and performs walkthrough on controls.
    •Perform business analysis to ensure alignment of TPRM functions with overall organizational and enterprise risk frameworks.
    •Communicates third party security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.Managed and executed risk management projects to determine deficiencies and appropriate corrective actions.
  • Developed, defined and optimized approaches to handle account delinquencies, enhance recovery efforts and implement settlement programs.
  • Supported development and implementation of proactive approaches to address risk, fraud and collection needs.
  • Lead and executed risk management projects to identify deficiencies and possible corrective actions.
  • Verified that financial processes and business planning initiatives aligned with performance improvements.
  • Established reporting and monitoring to drive strategic execution.
  • Managed projects and served as primary liaison between client and multiple internal groups to clarify goals and meet standards and deadlines.
  • Liaised with internal teams to establish criteria for contracts.
  • Utilized internal and external feedback to document business requirements.
  • Developed organizational change management strategies adopted by key stakeholders and evangelized across departments.
  • Developed solutions to improve productivity and incorporate technology.
  • Remained current on latest IT developments and advancements to automate and modernize systems.
  • Developed reports or created dashboards, providing financial-related information to make informed business decisions.
  • Analyzed areas of potential risk to assets, earning capacity and organizational success.
  • Acquired risk-related data from external and internal resources.
Wells Fargo - AML/Senior KYC Analyst
City, STATE, 07/2017 - 05/2023
  • Performed fact-finding research by investigating, collecting and analyzing data and compiling in report format.

Maintain current knowledge of laws, regulations, policies and procedures applicable to the job assignment.

· Assist the AML Officer with onboarding new counterparties as well as managing external onboarding requests

· Provide day-to-day support and oversight to the business on OFAC/sanctions issues.

· Perform EDD activities at the direction of the AML officer.

· Monitored data inputs to manage and maintain accuracy.

· Improved operations by working with team members and customers to find workable solutions.

· Monitor transactions of assigned accounts to assess potential suspicious activity on the account, such as money laundering.

· Monitor, investigate, review and escalate KYC/ AML alerts for further investigation

· Prepare well-written Suspicious Activity Reports (SARs) on suspect transactions

· Work and contribute in a team-oriented and collaborative environment to improve the analytical and reporting processes.

· Ensure compliance with Bank Secrecy Act Regulations, Anti-Money Laundering related regulations, Office of Foreign Assets Control Regulations and USA PATRIOT Act Regulations

. Write suspicious activity reports, address sanctions alerts, and other applicable AML processes in accordance with regulatory expectations and departmental procedures.

  • Analyzed data to provide insights and recommendations for mitigating conduct risk.
  • Facilitated adherence to safety and regulatory objectives and managed client-specific projects, training programs and personnel background checks.
  • Conducted extensive research to support regulatory findings and control weaknesses.
  • Tracked assignment completion to provide weekly metrics to the compliance manager.
  • Performed testing to evaluate processes, enhance test scripts and analyze results.
  • Observed staff performance and evaluated metrics to assess work quality, meeting individually with employees to conduct regular reviews and discuss approaches to improvement.
  • Maintained records detailing current, prospective and declined client profiles for further analysis and future reference in negotiation of new contracts and new client intake.
  • Monitored media reports to evaluate company publicity quality, report on media presence to managers and executives and recommend approaches to improving public image.
  • Collaborated with AML officials to analyze transaction data and identify patterns and trends potentially indicative of unethical activity.
  • Reviewed customer financial data to ascertain level of risk involved for extending credit.
  • Requested financial documents from customers.
  • Developed comprehensive understanding of financial statements, enhancing opportunities to assess risk.
AllState - Vendor Risk Management/Risk Management Specialist
City, STATE, 05/2016 - 05/2017
  • Juggled multiple projects and tasks to ensure high-quality and timely delivery.
  • Usage of GRC Tools such as SAP GRC, Enablon, MetricStream, and ARIBA.
  • Mitigated risks by leading and auditing international subsidiaries and operational processes.
  • Performed research and analyzed the content of records to make disclosure determinations.
  • Sought out new vendors and negotiated favorable contracts to control costs. Performed advisory and challenge functions regarding the Third Party Risk Management program to the business units (first line)
  • Validated that business units (first line) are executing the Third Party Risk Management program requirements effectively.
    •Reviewed third-party risk assessments for conformance to program objectives and methodology.
    •Assisted in researching, reviewing, developing, and maintaining Third Party Risk Management policies and standards that comply with federal and state regulatory laws.
    •Effectively monitored the tracking of issues, gaps, exceptions, and mitigation plans as they relate to third party risks to ensure timely resolution.
    •Prepared third party portfolio reporting of risk and performance to senior executives.
    •Ensured timely and accurate escalation of issues and observations of non-compliance or risks outside of acceptable thresholds.
    •Evaluated the Third Party Risk Management program to identify optimization opportunities and provide recommendations for process improvement.
    •Performed business analysis to ensure alignment of Third Party Risk Management functions with overall organizational and enterprise risk frameworks.
    •Evaluated control libraries and identify when controls need to be refreshed or added. Served as Third Party Risk Management subject matter expert to first line, providing risk management guidance as needed.
    •Performed testing of controls for all phases of the Third Party Risk Management lifecycle identify and evaluate deficiencies and assist with quarterly reporting on test results and issue trends.
  • Reported findings on risk exposures to senior executives and board of directors.
  • Reviewed risk management database reports for compliance and fraud prevention.
  • Processed liability claims and incident reports for submittal to third party administrators.
  • Managed vendor relationships for workers' compensation and property and casualty insurance policy programs.
Dell Technologies - IT Auditor/Supervisor
City, STATE, 09/2014 - 04/2016
  • - Assessed compliance risk, developed audit work plans and documented findings.
  • Directed completion of planned audits, assessed records and procedures for accuracy to accomplish objectives and appraised policies and plans under audit review.
  • Applied audit fundamentals to identify risks and develop action plans.
  • Usage of GRC Tools such as Wolfpac,StandardFusion, RSA ARCHER,JIRA Riskonnecct
  • Made recommendations to resolve compliance audit findings.
  • Supervised and coordinated projects for external auditors and examiner evaluations.
  • Streamlined internal auditing programs by utilizing data analytics software.
  • Reviewed and approved fee requests for services from external auditors.
  • Trained, developed and provided performance management initiatives to audit staff.

- In depth knowledge of Performing assessments of IT General Controls (ITGC) such as Access Control, Change Management, IT operations, Disaster recovery and Job Scheduling.
- Execute Computer Assisted Audit Techniques using software tools such as Monarch Pro, Microsoft Access, and IDEA to analyze data.
- Experience in reviewing Service Organization Control (SOC) reports, in compliance with SSAE18 for organizations.
- Performed audit of IT general and application controls, information security, systems development, change management, business continuity, disaster recovery and computer operations.
- Implementing and testing of internal controls under Section 404 of the Sarbanes Oxley Act (SOX) and performing Walkthrough of controls and evaluating operating.
- Performed IT Infrastructure Audit to test default account, vendor update & patches, password setting and unnecessary services running over the application such as Unix, Window, Mainframe, Network devices, Firewall, Database and Active Directory.
- Participated in SAP Transaction testing to perform, including testing of segregation of duties to assist the client in improving their user management, authentication management, authorization management, access management, and provisioning capabilities.
- Assisted in planning, execution of audit and work closely with financial teams, operations teams, as well as the risk management team.
- Coordinate and perform reviews of data center general controls, company-server security, operating systems, systems development life cycles, monitor procedures relating to physical security over data centers, computer operations and network communications security.
- Liaised between in-house managers/IT department and External Financial and Operational Auditors.
- Prepared audit scopes reported findings and presented recommendations for improving data integrity and operations.objectives and appraised policies and plans under audit review.

- Conducted audits on internal controls and developed reports on findings.

- Adhered to audit principles, standards and practices to keep company in good standing.

Kaiser Permanente - Risk Analyst
City, STATE, 01/2013 - 01/2014
  • Reviewed risk management database reports for compliance and fraud prevention.
  • Reviewed portfolios, identified risk factors, and determined methods to alleviate delinquencies.
  • Usage of GRC Tools such as RSA Archer, JIRA, and Prevalent.
  • Maintained risk identification programs to reduce potential losses from workers' compensation and general liability insurance issues.
  • Used cost-containment tools safely and accurately to control risks.
  • Identified hazardous materials in facilities, disposing of waste according to regulations.
  • Devised and executed contingency plans to maintain operational continuity during events such as data backup and cross-training.
  • Managed vendor relationships for workers' compensation and property and casualty insurance policy programs.
  • Supported the development and implementation of proactive approaches to address risk, fraud, and collection needs.
  • Managed and executed risk management projects to determine deficiencies and appropriate corrective actions.
  • Analyzed reporting strategies and data to create educational programs.
  • HIPAA creates national standards to protect individuals' medical records and other personal health information. It gives patients more control over their health information. It sets boundaries on the use and release of health records.
  • Implemented loss control measures to protect workers and mitigate workplace hazards.
French :
Native/ Bilingual
Negotiated :
Spanish :
Native/ Bilingual
Negotiated :
Arabic :
Native/ Bilingual
Negotiated :
Additional Information

Usage of GRC tools such as:

-RSA Archer

-Service Now







By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • New York University
  • American Career College

Job Titles Held:

  • Senior Third Party Risk Analyst /Security Control Assessor
  • AML/Senior KYC Analyst
  • Vendor Risk Management/Risk Management Specialist
  • IT Auditor/Supervisor
  • Risk Analyst


  • Bachelor of Arts
  • Associate of Arts

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: