Third Party Risk Analyst Grc Analyst resume example with 6+ years of experience

Jessica Claire
  • , , 609 Johnson Ave., 49204, Tulsa, OK 100 Montgomery St. 10th Floor
  • H: (555) 432-1000
  • C:
  • Date of Birth:
  • India:
  • :
  • single:
Professional Summary

I am an efficient, confident, and hardworking individual, skilled and meticulous, with the ability to work with a team or independently with little or no supervision. I am dynamic, attentive to detail, can adapt quickly to changing environments, and interact well at all levels. Excellent skills and experience in Third-Party, Vulnerability, and Risk management; all this gained over six years of professional record. I am looking to use my skills and expertise to help achieve Enterprise-wide information risk goals and objectives of Confidentiality, Integrity, and Availability (CIA). I am legally permitted to work anywhere in the United States without restrictions.

  • Vendor Assessment
  • Critical Thinking Skills
  • Time Management
  • Communication skills & Customer
  • Satisfaction
  • Policies and Procedures
  • Information Security
  • Microsoft Office 365
  • Excellent communication skills with focus on team building.
  • Compliance / Configuration Management
  • (STIG) and SCAP scan.
  • Outstanding organizational
  • Multitasking, EMASS
  • Strong analytical Skills
  • Risk Mitigation
  • Cloud Assessment
  • Tenable Nessus Professional (ACAS)
  • Encryption
  • ISO 2700/ PCI DSS/ GDRP/
  • Data analysis
  • Conflict resolution techniques.
  • Problem-Solving
Work History
Third-Party Risk Analyst/ GRC Analyst, 08/2020 - Current
Bluehalo Rockville, MD,
  • The Third-Party Management Program is designed to help teammates identify, evaluate, and address relevant risks and issues at the Third Party and product/service levels
  • Manage 200 vendors throughout the lifecycle
  • Tracking all activities and status of an incident ticket using Service now
  • Identify and assess risk associated with third-party vendor relationships
  • Maintain, track, and report on third-party risks to the appropriate stakeholders
  • Worked with the legal, financial, and procurement team in reviewing vendor contracts
  • Support procurement due diligence process and background checks on IT vendors
  • Help vendors create remediation strategies for identified gaps not yet handled
  • Conduct exit meetings with vendors and the legal team before contract's expiration
  • Monitor vendor service/activities relating to information security, confidentiality, integrity, availability, and privacy
  • Partake in daily, weekly, and monthly teams meeting and present reports on vendors and company risk statuses
  • Review vendors' contracts prior to the agreement to ensure security clauses are included, such as the right to audit, liability insurance, and breach notification
  • Partake in vendors' onboarding processes, and life cycle with different organization teams {business, procurement, legal, privacy)
  • Review vendor's SLAs, Business criticalities, and Data elements for classification (Tier) to determine risk level based on the Appian risk matrix
  • Ongoing Monitoring -Provided continued oversight that included performance and risk management of 3rd Parties and service/products, monitoring, reporting, and escalation of risk
  • Off-Boarding - Oversaw the disengagement/termination of third-party relationships that minimized risk to the business and impacted constituents, such as customers, internal partners, and other third parties
  • Review SOC Reports & SIG and gather pieces of evidence to make sure it complies with the company's control standards.
Vulnerability Analyst, 06/2018 - 07/2020
Simmons Bank Hot Springs, AR,
  • Create report attributes
  • Create discovery scans
  • Perform remediation scans
  • Create scan policy and scan jobs
  • Exceeded goals through effective task prioritization and excellent work ethic
  • Create tickets and follow up
  • Worked with Technology Team to encrypt data and executed firewalls to raise security poster of company
  • Recognize and escalate the scanner's status
  • We have demonstrated respect, friendliness, and willingness to help wherever needed
  • Investigate scan jobs not completed
  • Created plans and communicated deadlines to ensure projects were completed on time
  • Investigate source IPs and request the IPs to be allowed if need be
  • Performed risk analyses to identify appropriate security countermeasures
  • Responsible for managing the end-to-end vulnerability management workflow
  • Analyze the results of Vulnerability Scans, understand the results, and eliminate false positives
  • Helped conduct an internal Risk assessment to remediate risk to prepare for External audits
  • It proved successful working within tight deadlines and a fast-paced atmosphere
  • Assisted with minimizing risk exposure by reviewing claim validity and viability
  • Protects sensitive information and maintains the confidentiality and integrity of data through
  • Knowledge of security management, network & protocols, data, and application security solutions
  • Manages the day-to-day operations of the security systems by monitoring system performance, configuration, maintenance, and repair
  • In addition, it ensures that records of system downtime and equipment inventory are properly maintained
  • Investigates and analyze security matters, identifies methods, solutions, and responses to situations, and provide leadership and management to deliver a high level of Service
  • Headed a Team of Security Analysts to assist in finding vulnerabilities by conducting and
  • Prioritizing Scans using NESSUS, WIRESHIRK, and NMAP
  • It is documented and managed Risks following SP 800-30 and SP 800-37, updated
  • Performs troubleshooting as required and can lead problem-solving efforts, often involving vendors, other support personnel, and organizations
  • Develops procedures to maintain security and protect systems from unauthorized use and acts of abuse
  • Develops tools, procedures, and training sessions for security operations and stakeholders across the Aviva group
  • Stay current with cyber security developments and recommend ways for Aviva to maximize value and take advantage of new technology and techniques
  • We have partnered with other security and IT professionals to assess the potential impact of vulnerabilities specific to the client's environment and determine and implement mitigating controls
  • Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud, and third-party assets
  • Conducted continuous Awareness and Training to improve End Point Security and delivered
  • Risk Mitigation plans.
Vendor Risk Analyst, 04/2016 - 05/2018
Progressive Leasing City, STATE,
  • Provided analysis that included identification of potential business risks
  • Assesses the security and risk management maturity levels of Vendors
  • Involved in due diligence to determine the right vendor for onboarding
  • Work with vendors to discuss appropriate remediation actions and deadlines for all identified gaps
  • Perform a periodic vendor risk assessment to ensure confidentiality, integrity, availability, and privacy are maintained throughout the contract
  • Risk Assessment & Due Diligence - Performed risk assessment and associated due diligence evaluations of third-party selections
  • Lead efforts to effectively identify risks, partner to develop a control remediation approach, and manage remediation plans to completion
  • Perform third-party risk assessments and identify vulnerabilities and control gaps
  • Plan and execute onsite risk Assessments for third-party vendors and government agencies
  • Lead awareness and training of new employees on Vendor Risk Assessment
  • Contribute to the development and maintenance of the third-party risk management database
  • Reviewed compliance reports and artifacts like Pen test and Vulnerability scan reports and governance controls like policies & procedures
  • Create information security documentation and workflows to assist with incident response, audits, and vendor requirements
  • Review external regulatory reports and compliance audits, including SOC 1 & 2, PCI-DSS,
  • ISO Statement of Applicability (SOA), and other evidence provided for risk assessment
  • Collaborate with business units to identify and escalate potential gaps and vulnerabilities within business processes
  • Prepared departmental reports for Senior Executive team review and decision making
  • Analyze vendors' processes to determine deficiencies within their controls that could violate applicable law, regulation, framework, or internal policies and procedures
  • Developed security control assessment documentation (including but not limited to the security assessment report) and gave recommendations associated with findings on improving systems' security posture following NIST Controls.
  • Promoted enterprise-level risk management practices and helped instill strong culture focused on protective policies and procedures.
  • Instituted contingency plans, promoting business continuity through cross-training, documentation and data backups.
  • Developed short-term goals and long-term strategic plans to improve risk control and mitigation.
Master’s: business administration and management, Expected in 2013
University of Yaoundé 2 SOA - ,
Bachelor of Science: Computer science, Expected in 2011
University of Douala - ,
Certifications/ Tools

CompTIA Security+
















By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • University of Yaoundé 2 SOA
  • University of Douala

Job Titles Held:

  • Third-Party Risk Analyst/ GRC Analyst
  • Vulnerability Analyst
  • Vendor Risk Analyst


  • Master’s
  • Bachelor of Science

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: