Post Job Free
Sign in

Third Party Risk Assessment

Location:
Midlothian, TX
Posted:
November 29, 2023

Contact this candidate

Resume:

AKINWALE F ENIAYEWU

Tel: 817-***-****

Email: ad1j57@r.postjobfree.com

Location: Dallas, TX

PROFILE SUMMARY

Information Technology Audit and cyber security professional with over 7 years’ experience in Governance Risk and Compliance, Information Security risk assessment, In-depth Knowledge of NIST 800-53 and COBIT Framework for mapping IT controls and Third Party Vendor Risk Assessment. Sound Knowledge of information systems audit and ITGCs using industry standard frameworks. Knowledge of Vulnerability Management.

Experience in:

General IT controls Review

Governance Risk and Compliance

Third Party Vendor Risk Assessment

Sarbanes Oxley Compliance (SOX)

TheInfrastructure Security risk assessment

Vulnerability Operations Management

PROFESSIONAL EXPERIENCE

IPCONNECT CONSULTING INC. March 2021– Present

(Client: Bank of America)

Third Party Risk Analyst

Review the adequacy of existing Third-Party Vendor Management Policy. Ensure all policies and procedure documents relating to Third Party Vendor Management are reviewed and updated at least annually when there is significant change in the environment.

Ensure Tier 2 vendors complete questionnaires every 2 years and Tier 1 on an annual basis.

Ensure vendors are classified into Tiers based upon the risk to the organization.

Review and ensure there are established procedures for vendor onboarding detailing the type of data that will be accessed, stored, or processed by the vendor etc.

Conduct on-site risk assessments based on agreed upon procedures guidelines.

Review all essential security policies and procedures documentation.

Provide detailed reports of assessments to business owners and the vendor management office.

Work as a remediation analyst to ensure all gaps discovered during the assessment are remediated or mitigated timely.

Plan and conduct security risk assessments for all third-party vendors/suppliers.

Experience with e-GRC tools such as RSA Archer to ensure secured and prompt communication of findings and deployments of questionnaire to the vendor and to track vendor progress on remediation.

Administer questionnaires to all vendors to determine the control effectiveness.

Conducts onsite and virtual risk assessment to continuously determine the security posture at the vendor site.

Escalate issues of 3rd party vendor’s non-compliance to the vendor risk management office (VMO).

Review as well as ensure adequate management of Third Vendor Life Cycle risk management from vendor onboarding through exit.

Review and identify any potential gaps that may result in possible audit issues.

Assist in improving the governance of end-user remediation and act as the subject matter expert of end-user remediation governance.

Respond to relevant requests received from stakeholders, or representatives of stakeholders, for investigation of potential reporting issues.

Provide all necessary reports and presentations on the status of remediation efforts and all gaps and potential issues to management and technical staff.

Review and validates all controls at the vendor site to ensure data confidentiality.

Collaborate with other key stakeholders such as IT Security, IT Risk and Business units to ensure applicable controls are in place before granting vendor access to data, applications, and systems of the organization.

Obtain evidence of a documented and updated third party vendor management policy.

Review the SOC Report by identifying areas of exceptions or control failure on the report.

Facilitate remediation for any third-party related operational issues as needed.

Perform information technology risk and control testing to ensure compliance with regulatory requirements and industry standards such as NIST/PCI/SOX.

Provides ongoing monitoring for third party risk due diligence.

(Client: Charles Schwab Corp.) February 2018 – February 2021

Third Party Risk Analyst/Information Security Analyst

Assessed vendors existing controls to determine the level of compliance to the applicable regulations or framework.

Interfaced with ISO, IT Security team, IT Operations and Legal to determine the applicable obligations, initial and on-going risks, recommends mitigation.

Managed timely completion of requests and follow-up with third parties for appropriate documentations e.g., (SOC) report and ISO 27001 review and evaluate materials submitted.

Maintained an understanding of privacy concepts and legal obligations, including GDPR, CCPA, HIPAA, and new or evolving privacy obligations.

Updated status of vendor assessment accordingly using JIRA.

Reviewed vendor contract redlines to ensure they are in compliance with applicable controls and industry regulations.

Performed initial risk assessment, and vulnerability assessments to identify, measure and manage third party risks.

Classified vendor’s inherent risk and recommend remediation for identified risks.

Gathered due diligence documentation and completed the risk assessments for assigned third party relationships in accordance with the third-party risk management policy.

Performed continuous annual reassessment of vendors.

Conducted security risk assessments on third parties and assisted in reviewing contract agreements to ensure necessary security controls are in place.

Reviewed the vendor due diligence process by ensuring security and data privacy requirements e.g., HIPAA, GDPR, PCI-DSS are maintained in contractual relationships and continuously monitored.

Reviewed and analyzed vendor service profile by utilizing; Service now, Archer GRC and Standardized Information Gathering (SIG) questionnaire and artifacts during onboarding and periodic assessments.

Compiled an initial risk assessment for new and existing third-party suppliers in accordance with third party risk management procedures regarding assessments and level of risk.

Ensured the legal department reviews the contract agreement with the vendor before finalization and review the contract for the following: annual off-site audit requirement, notification within 24hrs of a breach, provision of SOC report.

Reviewed vendor files for completeness and worked with business units to update accordingly.

Monitor and assess Third Party Vendor risk through the administration of annual Vendor Risk Questionnaire as well as ensure remediation of noted gaps.

Contributed to GRC programs such as IT general controls, PCI-DSS, GDPR, CCPA, SOX compliance with the NIST Cybersecurity Framework (NIST CSF) as needed.

Communicated identified risks to key stakeholders to initiate and drive risk remediation.

Ensured information security compliance with external federal regulations.

Participated in intake and status calls regarding submitted TPRM requests.

(Client: Atos International) August 2014 – February 2018

IT Risk/Security Compliance Analyst

Contributed to the development and oversight of required corrective action plans relating to security compliance issues.

Performed summary of findings meeting with process owners to ensure gaps identified are closed on time.

Oversee risk assessment and due diligence processes and ensure they are properly performed in selecting new vendors.

Provided support to TPRA office and SMEs in various areas to ensure risk management process is effective.

Supported vendor source managers in conducting and validating vendor risk assessments.

Participated in annual PCI-DSS readiness assessments.

Performed review of existing vendor contract to ensure they are compliant with company’s current infosec requirement.

Through data analysis and interviews with information technology and business units, identified all PCI/PII related applications and systems that store, transmit and process card holder and PII information.

Ensured card holder data is maintained and secured by protecting the PAN information in the custody of the organization.

Established guidelines for procedures and policies that comply with new and revised regulations.

Evaluated management process for managing operating system, software changes and maintenance to ensure all changes to company information assets are properly authorized and documented in accordance with defined standards.

Determined appropriateness of password configuration settings for compliance with standards defined in the IT Security policy.

Communicated with IT administrators, developers, and support teams to help improve the company’s security posture.

Coordinated with the external auditors and regulators for testing the organization’s internal IT controls pertaining to Sarbanes Oxley (SOX).

Coordinated quarterly penetration testing with various vendors such as McAfee to hardening servers with stakeholders.

Scheduled interview meetings, provided, and vet evidence before providing it to the auditors.

Responsible for identifying and escalating vulnerability assessment and penetration testing report.

Recognized existing and emerging information security threats and vulnerabilities.

Performed infrastructure security review, operating systems, and databases to determine appropriateness of access monitoring, users with elevated permissions, and general systems security settings.

Performed self-assessment and continuous monitoring of internal controls.

Planned and executed audit engagements, including the design and operating effectiveness of the internal control structure and compliance with policies and procedures.

Reviewed systems and application strength and weaknesses as well as recommended appropriate compensatory controls to mitigate against any potential risk.

Reviewed and tested access control-physical access relating to server room or data center and logical access control relating to applications.

Acted as facilitator between IT and Internal/External Audit Teams.

Worked using excel spreadsheet for data analysis.

SKILLS

Knowledge and Experience in COBIT, COSO, NIST, ITIL, PCI-DSS, HIPAA, SOX, ISO 27001.

Microsoft Excel, Microsoft Access, MS Project, report writing, Power Point, ACL, and network security

TECHNICAL SKILLS

SOFTWARE/HARDWARE: Quick Book, Standardized Information Gathering (SIG), MS Office 365, Visio, Service Now, Archer GRC, Qualys, Jira.

EDUCATION CERTIFICATION

Olabisi Onabanjo University, Nigeria September 2008

(Bachelor of Science in Computer Science)

CERTIFICATION

Certified information system Auditor (CISA)

ITIL V3

Six Sigma Green Belt

Certified Network Security Specialist

Licensed Scrum Master

Product Owner

CTPRP (In View)

PROFESSIONAL ORGANIZATION PARTICIPATION

Member, Information System Audit and Control Association – ISACA



Contact this candidate