vendor risk and compliance analyst resume example with 5+ years of experience

Jessica Claire
, , 100 Montgomery St. 10th Floor (555) 432-1000,
Professional Summary

Detail-oriented third party risk and compliance analyst with five years of experience conducting vendor risk and security assessment. Knowledgeable in identifying and mitigating inherent and residual risk implementing appropriate controls. Well-versed in using Governance risk and compliance tools reviewing security controls and accompanied artifacts. Worked with different industry specific privacy and cybersecurity framework and standards ensuring vendor regulatory compliance. Dynamic and able to adapt quickly to changing environments and interact well at all levels; working as a team to achieve enterprise-wide information security objectives of Confidentiality, Integrity, and Availability.

Expected in 05/2021 to to Master of Science | Cybersecurity Technology University of Maryland Global Campus, Adelphi, Maryland , GPA:
Expected in 05/2013 to to MBA | Business Administration And Management New Mexico Highlands University, Las Vegas, NM GPA:

CompTIA Security+ Certified

Certified Scrum Master (CSM)

Certified Information Security Manager (CISM)

Certified Information System Auditor (CISA) In Progress

Work History
10/2018 to Current Vendor Risk and Compliance Analyst Globe Life Inc. | Mckinney, TX,
  • Facilitat vendor onboarding process by performing third party risk assessment of vendors.
  • Identify and measure risk associated with new and existing vendor’s information system and business operations.
  • Assess current business practices and identify opportunities to promote effective third-party risk management.
  • Perform vendor risk assessment reviews according to pre-established policies and procedures managing multiple reviews in parallel.
  • Responsible for coordinating, and evidencing assigned vendor risk artifacts, and ensure compliance with applicable industry standards and privacy rules.
  • Review completed Standardize Information Gathering (SIG) questionnaire and supporting documentation to validate vendor appropriate implementation of security controls.
  • Compile Risk Assessment Reports (RAR) and consult with vendor primary contact about assessment findings.
  • Aid vendors in completing Standardized Information Gathering questionnaires, and nature of evidence required.
  • Assess the security and risk management maturity levels of vendors.
  • Assess and reports the IT and information risk for key controls.
  • Responsible for evaluation Service Organization Report (SOC) Reports and Standardize Information Gathering (SIG) questionnaires to make sure it complies with the company's control requirements.
  • Effectively monitor the tracking of issues, gaps, and exceptions and mitigation plans as they relate to vendor risks ensuring timely resolution and continues monitoring of vendor security posture.
  • Research best practices and stay abreast of key internal controls, security, and IT regulations such as HIPAA, PCI-DSS, ISO 270001, GDPR, COBIT, SOX and other regulatory guidelines.
  • Working knowledge of SCOUT RFP; Governance, Risk and Compliance (GRC) tools such as ZENGRC.
  • Assess Vendor Risk Profile to determine confidentiality, integrity and availability (CIA) and privacy rating of vendors.
  • Work closely with the engineers/ control owners (Database Administrators, System and Network Administrators) gather evidence from them, understand the technical functions of the organization's system, and gather architecture diagrams.
  • Maintain the share point site where evidence is uploaded and gather evidence for all your organization's internal and external controls.
  • Review third-party records to ensure accuracy of data and supporting artifacts.
  • Track vendor performance and overall security posture using BitSight security ratings report.
  • Perform continuous monitoring using BitSight for critical and high-risk vendors.
01/2017 to 03/2019 Vendor Risk Analyst Midfirst Bank | Broken Arrow, OK,
  • Performed vendor risk assessment and security assessment.
  • Reviewed completed Standardized Information Gathering questionnaires based on vendor inherent risk.
  • Document risks and recommendations based on vendors lack controls.
  • Identify and measure risk associated with vendor security controls.
  • Conducted data classification which facilitated vendor scoping/tiering.
  • Ensure all vendors are classified and assessments completed in accordance with the vendor risk assessment and security assessment policies.
  • Provide analysis and recommendations for identified security exceptions; participate in defining remediation efforts
  • Responsible for developing third party related internal policies and procedures for my company.
  • Performed periodic security and compliance gap assessments on new and existing systems, processes, and technologies in accordance with applicable industry standard framework such as NIST, COBIT, and CSF.
  • Work with the internal auditing team to conduct quarterly pre-audit reviews or preparation.
  • Drives remediation activities from identification, plans preparation and closure. Ensures accountability with respect to the Service Level Agreement.
  • Act as a liaison between the Auditors and the Engineers.
  • Assisted vendors in understanding security controls and evidences needed for the controls.
  • Manage and maintain the Vendor Management repository with up to date vendor information including but not limited to due diligence documentation, contracts, vendor policies and procedures
  • Make sure they remediate any exception/weakness/findings noted by the Auditors before the Audit ends and close the findings.
  • Develop and deliver information security training and awareness to maintain a security-aware organizational culture.
01/2016 to 09/2018 Scrum Master Amyx, Iinc. | Aberdeen, MD,
  • Collaborated with product owners, team members, technologists and other scrum masters to define solutions and drive progress.
  • Researched emerging technologies and current trends to stay knowledgeable in methods that could benefit Scrum team.
  • Provided extensive guidance on Agile scrum processes and methodologies to highly effective teams with goals of improving quality and productivity.
  • Evangelized Agile as strategic asset of culture and business value, inspiring teams in implementation of new tools and techniques.
  • Anticipated impediments to team delivery involving cultural barriers and logistical challenges.
  • Proactively identified and found ways to resolve issues to prevent distractions and keep projects on track.
  • Planned Agile best practices and encouraged team cohesion, overcoming impediments and hurdles to productivity.
  • Coached teams in Agile practices and provided necessary training to create positive mindset to Agile methodologies.
  • Managed product backlog and supported Scrum framework for monthly sprint releases.
  • Facilitated Scrum framework – sprint planning, backlog grooming, daily scrums, sprint reviews and sprint retrospectives.
  • Worked effectively with multiple Scrum teams both internally and off-shore.
  • Led sprint reviews, daily scrums and planning meetings to realize full team engagement.
  • Drove Scrum team progress to overcome obstacles and realize success throughout life of each sprint.
  • Shielded scrum team from external interference for optimal productivity and success of Agile process.
  • Enforced alignment of project strategy with business objectives and made modifications to promote efficient project completion.
  • Planned and arranged meetings with external organizations and individuals, enabling parties to meet and discuss project progress.
  • Strong writing skills and ability to proofread vendor contracts and other correspondence to identify errors in content, spelling and grammar.
  • Excellent analytical and organizational skills with focused attention to detail.
  • Ability to speak professionally and effectively with vendors representative and vendors.
  • Proficient verbal and written communication skills, including ability to effectively lead discussions and meetings.
  • Excellent communication skills and fluent in English (both written and verbal).
  • Highly organized, ability to work to tight corporate deadlines, whilst under pressure without compromising accuracy.
  • Demonstrated ability to prioritize and drive results with strong sense of urgency
  • Working knowledge of MS Office suite such as Excel and Powerpoint.
  • Teamwork
  • United States Army Reserves

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • University of Maryland Global Campus
  • New Mexico Highlands University

Job Titles Held:

  • Vendor Risk and Compliance Analyst
  • Vendor Risk Analyst
  • Scrum Master


  • Master of Science
  • MBA

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: