LiveCareer-Resume

snr risk analyst resume example with 6+ years of experience

Jessica Claire
, , 609 Johnson Ave., 49204, Tulsa, OK 100 Montgomery St. 10th Floor
Home: (555) 432-1000 - Cell: - resumesample@example.com - : - -
Professional Summary

Knowledgeable Risk Manager of 6 years experience equipped with strategic planning and program leadership abilities honed in Third Party Risk management environments. Establishes strong and successful policies to mitigate risk at each level and establish clear procedures for assessments,business impact analysis, disaster recovery planning, incident response and awareness and training Familiar with regulatory requirements to maintain strict controls or frameworks.

Skills
  • Specialized Knowledge : Familiarity with ISO 27001, SOX 2 Type2, PCI-DSS, GDPR, HIPAA, HITRUST, COBIT, FISMA, NIST or other information security control frameworks.
  • Proven ability to collaborate cross-functionally.
  • Excellent written and oral communication skills.
Work History
04/2020 to Current
Snr. Risk Analyst Biola University La Mirada, CA,
  • Manage due diligence required for onboarding and recertification of risks and on-going monitoring of assigned third- party relationships.
  • Report to executive leadership on the risk management program, as appropriate.
  • Manage day-to-day operations of the organization’s risk management program focused on building an integrated framework for managing risks from a clinical, occupational, financial, regulatory, strategic, and technological perspective.
  • Develop, implement, and continuously update essential policies and procedures to achieve the goals of the Risk Program while promoting adherence to federal, state, and local laws and regulations, which shall include without limitation a comprehensive risk assessment and monitoring program.
  • Conduct proactive risk assessments to identify opportunities for improvement .
  • Assist with the selection, management, and oversight of liability carriers and related policies to decrease risk and educate staff, including assessment of coverage limits and the proper handling of insurance renewals.
  • Work with vendors, consultants, and internal subject matter experts to ensure high-quality services that meet the needs of Organization.
  • Participate and often lead security incident response efforts as required.
  • Assist in and help maintain business unit compliance to NIST.
  • CyberSecurity Framework and NIST 800.171 compliance.
  • Support our Vendor Risk Program, assessing third-party risk.
  • Leads remediation, categorization, organization, and prioritization of vulnerabilities found through vulnerability scanning and 3rd party penetration testing.
04/2018 to 03/2020
Information Security Analyst Cuna Mutual Group Sioux Falls, SD,
  • Performed risk analyses to identify appropriate security countermeasures.
  • Working with the vendors to ensure risks discovered are remediated within the time frame as stipulated.
  • Conducted testing of Sarbanes-Oxley (SOX) and Non-Sarbanes-Oxley (Non-Sox) in key IT General Control’s areas such as Access Control, Change Management Control, Logging and Monitoring.
  • Identify and communicate Risk Assessment findings to senior management and client.
  • Performed all stages of assessment planning, fieldwork, executive, reporting and follow up.
  • Assesses operational fitness of assigned third parties through due diligence reviews.
  • Provided detailed reports of assessments to business owners and the vendor management office.
  • Maintained good working relationships with the clients to enhance customers’ satisfaction and work with client management and staff at all levels to perform assessment service.
  • Reviewed violations of assets security procedures and developed mitigation plans.
  • Conducted security assessment to identify vulnerabilities.
  • Recommend improvements in security systems and procedures.
  • Encrypted data and erected firewalls to protect confidential information.
01/2016 to 02/2018
Security Risk Analyst ACME Technology City, STATE,


  • Performed security assessments of new and existing third-party service providers and ensured they comply with regulatory and audit obligations, including review of controls e.g., PCI DSS SSAE18/SOC1/SOC2, ISO27001, and third-party attestation artifacts.
  • Documented control weaknesses related to testing exceptions and assisted in preparing draft audit reports to communicate findings and recommendations to senior management.
  • Reviewed Corrective Action Plan (CAP; Validates remediation control and follow- up on the remediation process.
  • Evaluate current risk management methodologies used for measuring the factors that drive risk to identify areas for risk management process improvement.
  • Performed internal and external IT risk assessments, conducted a gap analysis against industry standards and provided recommendations on mitigating options.
  • Conducted Sarbanes Oxley (SOX) testing in all the IT general Controls within the assessment scope to test their strength, effectiveness, and weakness in their control environment.
  • Assisted IT management in identifying gaps between policy and process, developing recommendations to remediate control weakness and responsible for developing and maintaining IT control metrics related to compliance activities.
  • Reviewed internal policies and procedures and existing law and regulations to determine applicable compliance and the adequacy of underlying internal controls
  • Provide risk assessment reviews of system documentation and procedures as outlined in NIST such as incident response, access controls, physical security, assessment, and awareness training.
  • Promoted enterprise-level risk management practices and helped instill strong culture focused on protective policies and procedures.
  • Reviewed contracts and agreements to identify potential risks and ideal mitigation strategies.
  • Instituted contingency plans, promoting business continuity through cross-training, documentation and data backups.
Education
Expected in 03/1997 to to
Bachelor of Science: Geology
University Of Ibadan - Ibadan,
GPA:
Certifications
  • Certified CISA

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • University Of Ibadan

Job Titles Held:

  • Snr. Risk Analyst
  • Information Security Analyst
  • Security Risk Analyst

Degrees

  • Bachelor of Science

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: