LiveCareer-Resume

vendor risk analyst resume example with 6+ years of experience

Jessica Claire
, , 609 Johnson Ave., 49204, Tulsa, OK 100 Montgomery St. 10th Floor
Home: (555) 432-1000 - Cell: - resumesample@example.com - : - -
Professional Summary

A determined, resilient and analytical person who understands the work I carry out can have a significant impact on the success of my team and the organization I am working for. I possess strong numeracy and strategic-thinking skills; I am a solid researcher and somebody who will plan and organize my work meticulously, and I am a strong communicator, both verbally and in writing. I have been working as a third-party Risk and compliance analyst for over 6 years with great understanding and experience in vendor risk assessment to assess the information security posture of company’s third-party vendors. I do coordinate and assess vendors, categorize and select vendors. Also, identifying key risks and information security gaps. If weaknesses are discovered, I develop risk mitigation plans and strategy to be communicated to the third party and ensure timely and satisfactory remediation. Also performing continues monitoring on all company’s vendors. Reviewing and Analyzing SIG, SOC2 reports and creating Risk assessment Report meeting security objectives. I do review Vulnerability scan reports, pen test results, creating contingency and disaster recovery plan, business continuity plans. Experience in Federal Information Security Management Act (FISMA) FEDRAMP, NIST Management Framework, HIPAA/HITRUST, PCI-DSS, OMB, ISO 27001, GDPR. I also have experience with ZenGRC, Vinminder, Knowbe4, JIRA, SCOUT Tools

Skills
  • Ability to compress knowledge to easily understandable level for organization circulation
  • Knowledge of common Application frameworks and Strong attention to details
  • Proven accountable, dependable and reliable work ethics
  • Demonstrate knowledge of application security, risk assessment, validation of security pen test results, and vulnerability resolution
  • Ability to break down highly complex technical topics into language and diagrams understandable to wide audience and great team Spirit.
  • Strong attention to details
  • Good organizational skills.
  • Teamwork
  • Multi-tasking skills
  • Fast learner.
  • Analytical skills.
  • Compliance
Work History
11/2020 to Current
Vendor Risk Analyst Simmons Bank Athens, TN,
  • Develop, coordinate, plan and execute security assessments of vendors, during Company TPRM lifecycle.
  • Engage with Business relation and Procurement during sourcing of IT suppliers.
  • Conduct security Due diligence by examining RFPs, Intake forms and SLAs to gain adequate knowledge of potential Third Parties,
  • Develop Inherent Risk questionnaires, evaluate Business responses and properly Tier vendors into Risk category.
  • Develop vendor relationship in Archer and initiate Security assessment.
  • Document Assessment templates, Follow-up on outstanding results and Score Assessment with overall Risk Rating
  • Collecting, reviewing, scheduling, and remediating Internal Security Controls for Compliance and Implementation of Security Policies
  • Review Supplier’s evidence as related to Information Security aspect like SIG, SOC 2 reports, Pen Test Reports, Vulnerability scans and Remediation activities
  • Compose Assessment Reports containing findings and recommendations and present to Upper Management.
  • Collaborate with vendors to develop Plan of remediation, identified during vendors evaluation of security postures.
  • Review and update organization’s TPRM Procedures to achieve successful maturity program.
  • Work with Internal auditors to prepare company for external audit processes
  • Develop Risk Mitigation plan and Strategy to be communicated to Third-party and ensure timely and satisfactory remediation
  • Reviewing vendor’s contracts, onboarding, and monitoring vendor’s performances based on ISO 27001, PCI-DSS, GDPR, CCPA, HITRUST CSF Compliance
01/2017 to 10/2020
Business Risk analyst PNC Bank City, STATE,
  • Performed risk analysis to determine PNC's Risk Level associated with Bank's Business Partners and Suppliers.
  • Performed Internal controls evaluation to ensure Environment had appropriate controls in place, in regard to HITRUST Compliance.
  • Drove projects with various internal teams to ensure all controls are properly implemented, with associated evidence.
  • Worked with Engineers SMEs to remediate any issues identified during assessments, quarterly.
  • Advised Upper management on best Security practices, Implementation and consulted on aspect of delegating adequate resources to keep PNC Bank secure.
  • Acted as Remediation Analyst to work with Supplier's in ensuring services provided are conducted safely.
  • Supported business line management in maintaining policies and procedures and internal controls.
01/2016 to 12/2016
GRC/ TPRM Risk Analyst Kroger City, STATE,
  • Responsible for Performing Third-party IT Risk Assessments to reassess current risks and identifying emerging key risks to Kroger such ad Operational, Compliance, Technology,
  • Coordinated with Stakeholders to initiate scope and planned Control Assessments of new and existing Vendor engagements.
  • Documented Assessment results in templates and followed-up on gaps identified and score Third Parties with overall risk rating
  • Examined Supplier’s evidence as related to Information Security and Kroger's controls catalog.
  • Engaged in HITRUST achievement projects with Compliance, Privacy and Upper Management.
  • Developed, maintained and updated Kroger's Policies documentation and kept evidence in SharePoint site.
  • Liaised between External Auditors and Environment during Audit proceeding.
  • Championed Security Awareness Training, ensuring all employees are trained and maintain best security practices and keep Kroger's CIA of Information secure.
  • Documented any day-to-day activities that deviated from normal standards procedures, tracked those exceptions and provided remediation and evidence to Upper management for exception closure,
  • Reviewed SOCs reports provided by Auditors and worked with controls owners to strategize on Corrective Action Plans.
Education
Expected in to to
Bachelor of Science: computer science
University of Buea - Cameroon,
GPA:

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • University of Buea

Job Titles Held:

  • Vendor Risk Analyst
  • Business Risk analyst
  • GRC/ TPRM Risk Analyst

Degrees

  • Bachelor of Science

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: