| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
EMAIL AVAILABLEPHONE NUMBER AVAILABLE /LINKEDIN LINK AVAILABLESUMMARYDetail-oriented Vendor Relationship specialist/GRC Analyst for over six years plus now. I have experience within Enterprise Third Party Management space, I oversee the process from Start to finish. Right from identification and screening, Evaluation & selection, Risk assessment, Risk mitigation, Contracting and procurement, Reporting and Record keeping, Ongoing monitoring, Third party offboarding. I have experience working as a GRC analyst, I ensure that all organizations internal policies are adhered to by every employee, I identify all potential risks of an organization and develop a mitigation strategy and ensure that the Organization is following all necessary legal and regulatory requirements. Proficient with compliances such PCI DSS, GDPR, SOX, CCPA, HIPPA, NIST REVISION 2, HITRUST, ISO 27000, and have hands on with various tools like GRC Archer, BitSight, Tableau, Ariba for Supply Chain Management, Zen GRC, and ServiceNow.EDUCATIONAWS CertifiedSecurity+ CertifiedCISA CertifiedCISM CertifiedCHFI CertifiedCEH CertifiedBachelors Degree Computer ScienceSkills:Data Security & PrivacyMaintaining Risk RegisterCompliance LeadGDPRFirewallsActive DirectoryAwareness and trainingMS Excel/Power PointPrivacy SharePoint LeadershipHIPPAIPS/IDSMicro soft ExcelPoliciesFISMAData PrivacyHITRUSTAwareness and TrainingPowerPoint presentationRISK managementOperating SystemsMicrosoft 365CCPABusiness continuity planSharePoint siteVendor ManagementPrivacy ComplianceActive DirectorySOX 404Disaster recoveryTeam LeadRisk AssessmentServiceNowISO 27001RMFIncident respondData Loss PreventionSOC 1,2Disaster recoveryNIST 800 53 Rev 2NIST CFRDeploy PatchesRisk AssessmentContent managementNetworkPen TestEXPERIENCECentene Corporation 07/2020 to present.Third Party Risk Analyst /Compliance AnalystEnsured cyber security policies are adhered to and controls are implemented.Knowledge in supporting a security program within industry leading compliance frameworks and regulations (ISO2700, GDPR, CCPA, PCI DSS, NIST REV 2, HIPPA, SOC 1, 2 and Privacy compliance.Design and distribute change management materials with respect to security controls certification, exceptions, and remediation.Review evidence such as SIG, SOC2 Reports, and PENTEST scans results and policies.Assisted in the design, implementation, training, and maintenance common controls framework for continuous testing and monitoring of all information security controls and activities related to SOC2, PCI-DSS, and Sox.Assisted in Analyzing and updating existing Compliance Polices and related Documentations,educate Management and other departments regarding Compliances Polices.Evaluate the Audit/Inspection Readiness process, procedure, and checklist artefacts periodically to ensure documentation is well updated and evaluated for optimization.Assist in the design, implementation, training, and standardization of security controls for the processing,storage, and transmission of payment and PII data.Participate in disaster recovery (DR) design, planning, implementation and testing activities for critical assets and processes.Coordinate with risk owners to develop recommendations for risk response and monitoring plans.Conduct security assessment/audit timeline for questionnaire, interview, evidence verification, and report preparation.I act as a remediation analyst to work with vendors in remediating findings discovered during the assessment.performed internal audits of systems prior to external auditing and Continued Monitoring Activities.Support the development and maintenance of enterprise risk management policies, standards, procedures, tools, and information systems.Interact with internal stakeholders to deliver risk analyses and perform related tasks.Find process gaps or areas of concern and develop recommendations for risk response and monitoring plans. Find, document, and organize related metrics and prepare reports as asked.Create, deploy, and support effective enterprise-wide security awareness training programs, phishing.campaigns, and cyber security communications.Hands on tools such as ServiceNow for Ticket, BitSight for Third Party Risk Assessment, and GRC Archer depending on what you are comfortable in conducting the security assessment with.Lead Vendor Risk SpecialistBank of Montreal 07/2018 06/2020Work with Enterprise Third Party Management process flow from sourcing to contract, ongoing maintenance of a third-party engagement life cycle.Work as an Engagement owner where I work with supply chain management, onboarding, and strategy sourcing, legal team, security assurance team and Business team.Consult with Line of business and assigned sourcing representative for guidance with completing the required Inherent Risk Assessment.Review recurrent due diligence assessment summited by Third Party.Serves as a subject matter expert regarding products and services being secured and the business processes related to exiting the Engagement.Work with sourcing representatives to get updates on the contract.Work as an Engagement owner proactively to ensure problem related to product /service are addressed effectively, including escalation if required.Maintain effective communication with LOB and Risk office and complete Ongoing assessments and mitigate all the Risk identify during the Assessment.Support with management of risk (purchase /renewal)Responsible for bringing consistent awareness for both Line of Business and third-party regarding risk and performance and help identifying improvement opportunities.Miscellaneous activities, as appropriate, such as responding to regulatory compliance requests and quaterly risk report.Assists the Supply chain management and Oversight teams meetings review and approval of the Third-party immaterial Risk submission.Create, Review and update policy and procedures for the Organization to ensure they are following PCI, DSS, GDPR, ISO 27001, and NIST CFR.Hands on using tools such as GRC Archer, Tableau for report, Ariba-Supply Chain Management.Experience using Power point, spreadsheet, and Applicability Metrics.Experience conducting pre audit for our organization.Reviewing a vendor's SOC report to ensure all controls are in place and working effectively in protecting data.Hands on tools such as GRC Archer, Tableau, Ariba, BitSight and Onetrust.Monitor the security posture and continuously secure our client data.Vendor Risk AnalystLifeline INC 06/2016 06/2018Coordinate, support, and maintain activities for Vendor Risk Assessment (VRA) Repository and related support tools.Responsible for coordinating, facilitating, and evidencing assigned Vendor Risk Assessments (VRA) to ensure compliance with process requirements.Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls for NIST CFR, HITRUST, GDPR, CCPA, Privacy compliance.Produce detailed documentation of assessments, consult with vendor primary contacts about assessment activities including interviewing, evidence gathering, and risk evaluation and reporting on the control in place included cloud security control.Assess the security and risk management maturity levels of Vendors.Assess and reports the IT and information risk for key initiatives.Assess SOC Reports & SIG to make sure it complies with companys Control Standards.Assess Vendor Risk Profile to determine C.I.A rating, conduct reassessment of Vendors and prepare VRA Report.Have experience using SharePoint site and ensure all artifacts are uploaded in the SharePoint site.Hands on using third party tools Like Zen GRC and GRC Archer and Service Now.Act as a remediation analyst to work with vendors in remediating findings discovered during the virtual assessment.Work on mapping the SIG and control standards to the VRA Questionnaire.Perform vendor security assessment activities including evaluation of vendor controls and practices, process enhancements, reviewing independent audit service reports.Communicate and track remediation plans with vendors, business, and IT partners and where applicable recommend mitigating/compensating controls.Perform vendor security assessment activities including evaluation of vendor controls and practices, process enhancements, performing onsite assessments, reviewing independent audit service reports.Experience with HITRUST compliance.Communicate and track remediation plans with vendors business, and IT partners and where applicable recommend mitigating/compensating controls.Continuously monitors vendor's security posture and information security risk.requirements and advise on scope and options for continuous operations improvement. AnalyzeAdheres to the processes and procedures for the management of risk, especially those arising from the use of information technology.Ability to manage and conduct meetings effectively and efficiently.Prepare and review third party due diligence reports for management. |
