Third Party Risk Analyst Grc Analyst resume example with 6+ years of experience
JessicaClaire
, , 609 Johnson Ave., 49204, Tulsa, OK100 Montgomery St. 10th Floor
H: (555) 432-1000
C:
resumesample@example.com
Date of Birth:
India:
:
single:
Professional Summary
I am an efficient, confident, and hardworking individual, skilled and meticulous, with the ability to work with a team or independently with little or no supervision. I am dynamic, attentive to detail, can adapt quickly to changing environments, and interact well at all levels. Excellent skills and experience in Third-Party, Vulnerability, and Risk management; all this gained over six years of professional record. I am looking to use my skills and expertise to help achieve Enterprise-wide information risk goals and objectives of Confidentiality, Integrity, and Availability (CIA). I am legally permitted to work anywhere in the United States without restrictions.
Skills
Vendor Assessment
Critical Thinking Skills
Time Management
Communication skills & Customer
Satisfaction
Policies and Procedures
Information Security
Microsoft Office 365
Excellent communication skills with focus on team building.
The Third-Party Management Program is designed to help teammates identify, evaluate, and
address relevant risks and issues at the Third Party and product/service levels
Manage 200 vendors throughout the lifecycle
Tracking all activities and status of an incident ticket using Service now
Identify and assess risk associated with third-party vendor relationships
Maintain, track, and report on third-party risks to the appropriate stakeholders
Worked with the legal, financial, and procurement team in reviewing vendor contracts
Support procurement due diligence process and background checks on IT vendors
Help vendors create remediation strategies for identified gaps not yet handled
Conduct exit meetings with vendors and the legal team before contract's expiration
Monitor vendor service/activities relating to information security, confidentiality, integrity,
availability, and privacy
Partake in daily, weekly, and monthly teams meeting and present reports on vendors and
company risk statuses
Review vendors' contracts prior to the agreement to ensure security clauses are included,
such as the right to audit, liability insurance, and breach notification
Partake in vendors' onboarding processes, and life cycle with different organization teams
{business, procurement, legal, privacy)
Review vendor's SLAs, Business criticalities, and Data elements for classification (Tier) to
determine risk level based on the Appian risk matrix
Ongoing Monitoring -Provided continued oversight that included performance and risk
management of 3rd Parties and service/products, monitoring, reporting, and escalation of
risk
Off-Boarding - Oversaw the disengagement/termination of third-party relationships that
minimized risk to the business and impacted constituents, such as customers, internal
partners, and other third parties
Review SOC Reports & SIG and gather pieces of evidence to make sure it complies with
the company's control standards.
Vulnerability Analyst, 06/2018 - 07/2020 Simmons Bank – Hot Springs, AR,
Create report attributes
Create discovery scans
Perform remediation scans
Create scan policy and scan jobs
Exceeded goals through effective task prioritization and excellent work ethic
Create tickets and follow up
Worked with Technology Team to encrypt data and executed firewalls to raise security
poster of company
Recognize and escalate the scanner's status
We have demonstrated respect, friendliness, and willingness to help wherever needed
Investigate scan jobs not completed
Created plans and communicated deadlines to ensure projects were completed on time
Investigate source IPs and request the IPs to be allowed if need be
Performed risk analyses to identify appropriate security countermeasures
Responsible for managing the end-to-end vulnerability management workflow
Analyze the results of Vulnerability Scans, understand the results, and eliminate false
positives
Helped conduct an internal Risk assessment to remediate risk to prepare for External audits
It proved successful working within tight deadlines and a fast-paced atmosphere
Assisted with minimizing risk exposure by reviewing claim validity and viability
Protects sensitive information and maintains the confidentiality and integrity of data through
Knowledge of security management, network & protocols, data, and application security
solutions
Manages the day-to-day operations of the security systems by monitoring system
performance, configuration, maintenance, and repair
In addition, it ensures that records of
system downtime and equipment inventory are properly maintained
Investigates and analyze security matters, identifies methods, solutions, and responses to
situations, and provide leadership and management to deliver a high level of Service
Headed a Team of Security Analysts to assist in finding vulnerabilities by conducting and
Prioritizing Scans using NESSUS, WIRESHIRK, and NMAP
It is documented and managed Risks following SP 800-30 and SP 800-37, updated
Performs troubleshooting as required and can lead problem-solving efforts, often involving
vendors, other support personnel, and organizations
Develops procedures to maintain security and protect systems from unauthorized use and acts
of abuse
Develops tools, procedures, and training sessions for security operations and stakeholders
across the Aviva group
Stay current with cyber security developments and recommend ways for Aviva to maximize
value and take advantage of new technology and techniques
We have partnered with other security and IT professionals to assess the potential impact of
vulnerabilities specific to the client's environment and determine and implement mitigating
controls
Manage vulnerabilities across applications, endpoints, databases, networking devices, and
mobile, cloud, and third-party assets
Conducted continuous Awareness and Training to improve End Point Security and delivered
Provided analysis that included identification of potential business risks
Assesses the security and risk management maturity levels of Vendors
Involved in due diligence to determine the right vendor for onboarding
Work with vendors to discuss appropriate remediation actions and deadlines for all identified gaps
Perform a periodic vendor risk assessment to ensure confidentiality, integrity, availability, and privacy are maintained throughout the contract
Risk Assessment & Due Diligence - Performed risk assessment and associated due diligence evaluations of third-party selections
Lead efforts to effectively identify risks, partner to develop a control remediation approach, and manage remediation plans to completion
Perform third-party risk assessments and identify vulnerabilities and control gaps
Plan and execute onsite risk Assessments for third-party vendors and government agencies
Lead awareness and training of new employees on Vendor Risk Assessment
Contribute to the development and maintenance of the third-party risk management database
Reviewed compliance reports and artifacts like Pen test and Vulnerability scan reports and governance controls like policies & procedures
Create information security documentation and workflows to assist with incident response, audits, and vendor requirements
Review external regulatory reports and compliance audits, including SOC 1 & 2, PCI-DSS,
ISO Statement of Applicability (SOA), and other evidence provided for risk assessment
Collaborate with business units to identify and escalate potential gaps and vulnerabilities within business processes
Prepared departmental reports for Senior Executive team review and decision making
Analyze vendors' processes to determine deficiencies within their controls that could violate applicable law, regulation, framework, or internal policies and procedures
Developed security control assessment documentation (including but not limited to the security assessment report) and gave recommendations associated with findings on improving systems' security posture following NIST Controls.
Promoted enterprise-level risk management practices and helped instill strong culture focused on protective policies and procedures.
Instituted contingency plans, promoting business continuity through cross-training, documentation and data backups.
Developed short-term goals and long-term strategic plans to improve risk control and mitigation.
Education
Master’s: business administration and management, Expected in 2013 - University of Yaoundé 2 SOA - , GPA:
Bachelor of Science: Computer science, Expected in 2011 - University of Douala - , GPA:
Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.