LiveCareer-Resume

Third Party Risk Analyst Grc Analyst resume example with 6+ years of experience

Jessica Claire
  • , , 609 Johnson Ave., 49204, Tulsa, OK 100 Montgomery St. 10th Floor
  • H: (555) 432-1000
  • C:
  • resumesample@example.com
  • Date of Birth:
  • India:
  • :
  • single:
Professional Summary

I am an efficient, confident, and hardworking individual, skilled and meticulous, with the ability to work with a team or independently with little or no supervision. I am dynamic, attentive to detail, can adapt quickly to changing environments, and interact well at all levels. Excellent skills and experience in Third-Party, Vulnerability, and Risk management; all this gained over six years of professional record. I am looking to use my skills and expertise to help achieve Enterprise-wide information risk goals and objectives of Confidentiality, Integrity, and Availability (CIA). I am legally permitted to work anywhere in the United States without restrictions.

Skills
  • Vendor Assessment
  • Critical Thinking Skills
  • Time Management
  • Communication skills & Customer
  • Satisfaction
  • Policies and Procedures
  • Information Security
  • Microsoft Office 365
  • Excellent communication skills with focus on team building.
  • Compliance / Configuration Management
  • (STIG) and SCAP scan.
  • Outstanding organizational
  • Multitasking, EMASS
  • Strong analytical Skills
  • Risk Mitigation
  • Cloud Assessment
  • Tenable Nessus Professional (ACAS)
  • Encryption
  • ISO 2700/ PCI DSS/ GDRP/
  • HIPPIE/CCPA/NIST/HITRUST/SOC
  • Data analysis
  • Conflict resolution techniques.
  • Problem-Solving
Work History
Third-Party Risk Analyst/ GRC Analyst, 08/2020 - Current
Bluehalo Rockville, MD,
  • The Third-Party Management Program is designed to help teammates identify, evaluate, and address relevant risks and issues at the Third Party and product/service levels
  • Manage 200 vendors throughout the lifecycle
  • Tracking all activities and status of an incident ticket using Service now
  • Identify and assess risk associated with third-party vendor relationships
  • Maintain, track, and report on third-party risks to the appropriate stakeholders
  • Worked with the legal, financial, and procurement team in reviewing vendor contracts
  • Support procurement due diligence process and background checks on IT vendors
  • Help vendors create remediation strategies for identified gaps not yet handled
  • Conduct exit meetings with vendors and the legal team before contract's expiration
  • Monitor vendor service/activities relating to information security, confidentiality, integrity, availability, and privacy
  • Partake in daily, weekly, and monthly teams meeting and present reports on vendors and company risk statuses
  • Review vendors' contracts prior to the agreement to ensure security clauses are included, such as the right to audit, liability insurance, and breach notification
  • Partake in vendors' onboarding processes, and life cycle with different organization teams {business, procurement, legal, privacy)
  • Review vendor's SLAs, Business criticalities, and Data elements for classification (Tier) to determine risk level based on the Appian risk matrix
  • Ongoing Monitoring -Provided continued oversight that included performance and risk management of 3rd Parties and service/products, monitoring, reporting, and escalation of risk
  • Off-Boarding - Oversaw the disengagement/termination of third-party relationships that minimized risk to the business and impacted constituents, such as customers, internal partners, and other third parties
  • Review SOC Reports & SIG and gather pieces of evidence to make sure it complies with the company's control standards.
Vulnerability Analyst, 06/2018 - 07/2020
Simmons Bank Hot Springs, AR,
  • Create report attributes
  • Create discovery scans
  • Perform remediation scans
  • Create scan policy and scan jobs
  • Exceeded goals through effective task prioritization and excellent work ethic
  • Create tickets and follow up
  • Worked with Technology Team to encrypt data and executed firewalls to raise security poster of company
  • Recognize and escalate the scanner's status
  • We have demonstrated respect, friendliness, and willingness to help wherever needed
  • Investigate scan jobs not completed
  • Created plans and communicated deadlines to ensure projects were completed on time
  • Investigate source IPs and request the IPs to be allowed if need be
  • Performed risk analyses to identify appropriate security countermeasures
  • Responsible for managing the end-to-end vulnerability management workflow
  • Analyze the results of Vulnerability Scans, understand the results, and eliminate false positives
  • Helped conduct an internal Risk assessment to remediate risk to prepare for External audits
  • It proved successful working within tight deadlines and a fast-paced atmosphere
  • Assisted with minimizing risk exposure by reviewing claim validity and viability
  • Protects sensitive information and maintains the confidentiality and integrity of data through
  • Knowledge of security management, network & protocols, data, and application security solutions
  • Manages the day-to-day operations of the security systems by monitoring system performance, configuration, maintenance, and repair
  • In addition, it ensures that records of system downtime and equipment inventory are properly maintained
  • Investigates and analyze security matters, identifies methods, solutions, and responses to situations, and provide leadership and management to deliver a high level of Service
  • Headed a Team of Security Analysts to assist in finding vulnerabilities by conducting and
  • Prioritizing Scans using NESSUS, WIRESHIRK, and NMAP
  • It is documented and managed Risks following SP 800-30 and SP 800-37, updated
  • Performs troubleshooting as required and can lead problem-solving efforts, often involving vendors, other support personnel, and organizations
  • Develops procedures to maintain security and protect systems from unauthorized use and acts of abuse
  • Develops tools, procedures, and training sessions for security operations and stakeholders across the Aviva group
  • Stay current with cyber security developments and recommend ways for Aviva to maximize value and take advantage of new technology and techniques
  • We have partnered with other security and IT professionals to assess the potential impact of vulnerabilities specific to the client's environment and determine and implement mitigating controls
  • Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud, and third-party assets
  • Conducted continuous Awareness and Training to improve End Point Security and delivered
  • Risk Mitigation plans.
Vendor Risk Analyst, 04/2016 - 05/2018
Progressive Leasing City, STATE,
  • Provided analysis that included identification of potential business risks
  • Assesses the security and risk management maturity levels of Vendors
  • Involved in due diligence to determine the right vendor for onboarding
  • Work with vendors to discuss appropriate remediation actions and deadlines for all identified gaps
  • Perform a periodic vendor risk assessment to ensure confidentiality, integrity, availability, and privacy are maintained throughout the contract
  • Risk Assessment & Due Diligence - Performed risk assessment and associated due diligence evaluations of third-party selections
  • Lead efforts to effectively identify risks, partner to develop a control remediation approach, and manage remediation plans to completion
  • Perform third-party risk assessments and identify vulnerabilities and control gaps
  • Plan and execute onsite risk Assessments for third-party vendors and government agencies
  • Lead awareness and training of new employees on Vendor Risk Assessment
  • Contribute to the development and maintenance of the third-party risk management database
  • Reviewed compliance reports and artifacts like Pen test and Vulnerability scan reports and governance controls like policies & procedures
  • Create information security documentation and workflows to assist with incident response, audits, and vendor requirements
  • Review external regulatory reports and compliance audits, including SOC 1 & 2, PCI-DSS,
  • ISO Statement of Applicability (SOA), and other evidence provided for risk assessment
  • Collaborate with business units to identify and escalate potential gaps and vulnerabilities within business processes
  • Prepared departmental reports for Senior Executive team review and decision making
  • Analyze vendors' processes to determine deficiencies within their controls that could violate applicable law, regulation, framework, or internal policies and procedures
  • Developed security control assessment documentation (including but not limited to the security assessment report) and gave recommendations associated with findings on improving systems' security posture following NIST Controls.
  • Promoted enterprise-level risk management practices and helped instill strong culture focused on protective policies and procedures.
  • Instituted contingency plans, promoting business continuity through cross-training, documentation and data backups.
  • Developed short-term goals and long-term strategic plans to improve risk control and mitigation.
Education
Master’s: business administration and management, Expected in 2013
-
University of Yaoundé 2 SOA - ,
GPA:
Bachelor of Science: Computer science, Expected in 2011
-
University of Douala - ,
GPA:
Certifications/ Tools

CompTIA Security+

MICROSOFT OFFICE 365

SECURITY SCORECARD

GRC ARCHER

SERVICE NOW

TENABLE

KNOWB4

BITSIGHT

SPLUNK

NESSUS

TEAMS

NMAP

CISSP

CISA

ZOOM

JIRA

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • University of Yaoundé 2 SOA
  • University of Douala

Job Titles Held:

  • Third-Party Risk Analyst/ GRC Analyst
  • Vulnerability Analyst
  • Vendor Risk Analyst

Degrees

  • Master’s
  • Bachelor of Science

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: