| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Baltimore MD - Street Address
(C): PHONE NUMBER AVAILABLE (E): EMAIL AVAILABLEPROFESSIONAL SUMMARYHighly motivated and results-driven IT risk Analyst, IT auditor and Third-Party Risk Management Specialist with experience in Audit, Security Control & Risk Assessments. Deep knowledge of Sarbanes-Oxley Act (SOX), Application Control, IT General Controls (ITGC) and SAS70/SSAE18 attestation. Security Control Assessment with deep knowledge of HITRUST, SIG, SSAE 18 (SOC 1, SOC 2), NIST 800-53, NIST 800-37, NIST 800 -137, PCIDSS and the use of major GRC tools (RSA Archer, One Trust etc.) to achieve Confidentiality, Integrity, Availability of Information Systems.PROFESSIONAL EXPERIENCEAlkami Technology April 2022 - PresentIT Risk AnalystWork with business and IT stakeholders to define Cybersecurity risk, compliance, and control requirements.Proactively identifying technology and operational risks and assessing the adequacy of controls to mitigate risks and recommending enhanced or additional controls.Periodically reviews the department procedures and user manuals to ensure documentation is accurate and new system changes are captured on a timely basis.Maintained the risk register and developed IT Risk Management metrics and reports.Collaborate with InfoSec team members to aid in the selection and implementation of controls to meet the security and privacy requirements specified by the business.Conduct Audit, assist with the development and quality assurance/testing of key internal controls.Prepare and deliver clear and concise reports related to cybersecurity risk and control assessments and compliance status to stakeholders.Develop risk mitigation plans and strategies to reduce the likelihood and impact of identified risks.Creates, reviews, and delivers end-user documentation (gaps, process flow charts, and training materials) for customer and technical review.Identify, evaluate, and develop internal controls, identify related opportunities for internal control improvement.Partner with Legal and Compliance on 3rd Party Risk Management review of onboarding vendors and periodic assessment of existing vendors.Developed and implement strategies to identify and evaluate business and technology risks, including recommending technical and procedural controls, and collaborating with relevant teams to ensure compliance with industry regulations and standards (e.g., NIST CSF, SCF, ISO 27001).Developed policies and requisite documentation to support the regulatory and cybersecurity requirements.Experience with GRC tools that help manage risk tracking and compliance efforts.Conduct cybersecurity risk and control assessments by identifying vulnerabilities, threats, and potential impacts to the business information systems and data, mitigate identified risks.Stay up to date with the latest cybersecurity trends, threats, and technologies to adapt security measures proactively.Developed a comprehensive Business Continuity Planning strategy accompanied by a thorough Business Impact Analysis to identify critical business processes and systems, Identify the critical business processes, systems, and dependencies necessary for business continuity and assess the potential impact of disruptions.CITI GROUP June 2021 - March 2022Third Party Risk AnalystCoordinated with key stakeholders to initiate, scope and plan information security risk assessments of new and existing vendor engagements.Plan and conduct security risk assessments for all third-party vendors/suppliers.Established and maintained partnerships with internal and external stakeholders, including various levels of technical and business management, to ensure effective collaboration on vendor- related topics.Collaborate with key stakeholders to develop strategies and action plans for mitigating identified risks.Manage due diligence required for onboarding and recertification of risks and on-going monitoring of assigned third- party relationship.Analyzed vendor risk questionnaire responses to validate existence of information security and other controls to identify non-compliance with financial industry frameworks and standards.Generated workpapers of information security risk assessments and performed detailed analysis of identified issues.Maintained central repository of vendor risk assessment artifacts and supporting documentation.Communicated identified risks/issues to key stakeholders, established remediation plans, tracked, and monitored identified vendor issues to closure.Maintained strong working knowledge of emerging IT risks and regulatory/compliance-related information to contribute to the continuous improvement of the vendor risk management program. Partner with key stakeholders, including but not limited to Compliance, Information Security, and Information Technology to ensure appropriate evaluation of vendor controls and identification of potential risks.Work with third parties and internal stakeholders to identify and remediate risks, document identified issues and track remediation efforts.Ensure summary of vendor review, including risk acceptance documentation is in place prior to entering into contractual relationships with vendors.Escalated issues of 3rd party vendors non-compliance to the vendor risk management office (VMO).Performed continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites.Provided detailed reports of assessments to business owners and the vendor management office.Use of tools such as RSA Archer/JIRA to ensure secured and prompt communication of findings and deployments of questionnaire to the vendor and to track vendor progress on remediation.Worked as a remediation analyst to ensure all gaps discovered during the assessment are remediated or mitigated timely.Ensure third party relationships adhere to companys policies, procedures and compliance with regulatory guidelines and industry best practices.Prepare reports and engage all the stakeholders at the highest level of the organization.Aetna Life Insurance May 2017 - May 2021Risk Analyst SpecialistConducted all third-party service provider risk assessment using SIG questionnaires.Perform continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites.Perform Data lost prevention assessment of our data at the vendor site.Provided detailed reports of assessments to business owners and the vendor management office.Performed Quality assessment (QA) on submitted inherent risk assessment questionnaire and collaborated with various stakeholders (HR business partner, legal, Procurement, IT, Sourcing) to ensure compliance with firms guidelines and policy.Analyzed and addressed vendor processes to identify any gap or deficiency within their controls that could be at risk of applicable laws, regulation violation, and internal policies.Performed all vendors or service providers categorization/tiering,Managed vendors onboarding due diligence, ongoing monitoring, and advised on risk mitigation.Review vendor security certifications and reports for SOC 2, ISO 27001, HIPAA, PCI DSS, CCPA, GSPR.Provide initial and on-going due diligence review on third party vendors to ensure risks are identified and applicable standards, and policies are being followed.Review third party vendor assessments to identify quality of risk mitigation controls and work with the third- party vendor to address any deficiencies.Report significant third-party vendor violations and/or issues to the VRM Supervisor.Act as remediation analyst to work with vendors in remediating findings discovered during the onsite/virtual assessment.Escalates issues of 3rd party vendors non-compliance to the vendor management office.Working with the vendors to ensure risk discovered are remediated within the time frame as stipulated.Carry out various types of vendor assessments such as virtual/ onsite risk assessment for our vendors depending on triage information from the vendor management office.Act as peer-to-peer review for other colleagues to ensure all findings are accurate and well defined.Prepare assessment reports shared with the stakeholders equally use One Trust and RSA Archer for documentation and approval flow work.Assess areas such as business continuity and disaster recovery, physical security, system development, operation, access control, incident management.Validates all controls at the vendor site to ensure their confidentiality, integrity, and availability of our data in their custody.Insight-Tech Synergy Consulting LLC May 2014 April 2017 IT Security ConsultingPerformed a comprehensive full-audit cycle of the companys various business processes such as control management, risk management, and compliance with industry standards and regulations.Performed assessment of IT General Controls (ITGC) such as Access Control, Change Management, IT operations, Disaster recovery and Job Scheduling.Strong background in all stages of the auditing process, including planning, fieldwork/execution /risk assessment, reporting and follow up.Developed audit plans and programs to evaluate control areas on projects such as financial statement audit, SOX testing, SAS 70/SSAE 18.Conducted Sarbanes Oxley (SOX) testing in all the IT General Controls within the audit scope, to test their strength, effectiveness, and weaknesses in their control environment.Performed walk-through and detailed testing of controls to determine if controls are properly designed and operating effectively.Created final audit reports, and oversee implementation of corrective action plans, while maintaining communication with all levels of managementReviewed internal policies and procedures and existing laws, rules, and regulations to determine applicable compliance and the adequacy of underlying internal controls.Participated in all phases of IT Audit Planning, Fieldwork and Follow up using applicable framework.Documented control weaknesses related to testing exceptions and assisted in preparing draft audit reports to communicate findings and recommendations to senior management.Reviewed Corrective Action Plan (CAP; validates remediation control and follow-up on the remediation process.EDUCATION Osun State College of Technology Nigeria BSC Finance/Information TechnologyCERTIFICATIONCertified Information System Auditor (CISA)Certified in Risk and Information System Control (CRISC) |
