Risk Management Third Party

ELFREDA QUARTEY

ad1tan@r.postjobfree.com +1-571-***-****

Experienced Strategic Operational Risk Analyst with a proven track record in analyzing and mitigating corporate risks. Demonstrates independent thinking and offers valuable insights while efficiently handling control functions and cultivating robust working relationships. Proficient in utilizing technical software tools to support risk management efforts and skilled in training colleagues to proactively address potential risks.

Skills

Policy Development and Updating

RISK Management Framework (RMF)

Security Control Testing & Validation.

Comprehensive understanding of cybersecurity principles and framework such as ISO, COSO, COBIT, NIST, PCI, HITRUST, and HIPAA.

Excellent verbal and written communication skills.

POA&M Management

SOC 1 and SOC 2 Auditing.

Threat and Vulnerability Management

Training.

IT Strategy

Tenable Nessus

BitSight

Application Security

Professional Experience

American Express. (Contract). March 2021 - July 2023

Third Party Risk Analyst

Assist with various Third-Party Risk Management program initiatives working closely with the Third-Party Risk Management Leads.

Work with the Vendor Management Office and Head Strategic Sourcing & Vendor Management to formulate holistic approach around key third parties.

Review and maintain policies and procedures to make sure it aligns with organizations requirements and maintain compliances.

Engage with Legal team during review of vendors contracts to ensure Security concerns are addressed.

Coordinates with the Third Party Program Manager to maintain the third party inventory, risk assessment information, contract, action plans, SharePoint, issues and document management system.

Assist in determining the most appropriate response to identified risk.

Vanguard. (contract). June 2020 - February 2021

Third Party Risk Analyst

Providing counsel to internal stakeholders, comprehensibly articulating the program, process and results.

Responsible for performing third-party risk assessment and analyzing the risk level of third-party engagements, both for new and existing vendors as part of ongoing review and updates cycles.

Analysis of ongoing monitoring alerts and recommending necessary subsequent action.

Ensure Third-Party Management activities conform to Regulatory and Group Policy.

Provide compliance requirements, consultation and advisement to the business and project leads around protection issues, risk management and security compliance.

Serves as a single point of contact for information security related audit and assessment requests which include Internal Audit, Key Control testing, SOC2, PCI and ISO 27001 audit engagements.

Analyze and stay current with regulations that impact information security and privacy program.

Collaborating on risk management efforts between various risk functions within the ERM team.

Analyzed vendor evidence such as SOC, Vulnerability Scans and Penetration Test reports to identify gap or expectations.

Sentara Hospital (contract). March 2018 – May 2020

Junior GRC Analyst

Conducts RMF first step kick off meeting, initial risk assessment and categorization of information security system into Low, Moderate and High system cantered on Confidentiality, Integrity, and Availability (CIA) of the information type referencing FIPS-199 and NIST 800-60.

Reviewed scan results and document findings in POA&M. Performed information security risk assessments and assist with the internal auditing of information security processes.

Assessed threats, risks, and vulnerabilities from emerging security issues.

Reviewed information systems security environments to include all aspects of physical, technical, and administrative security measures.

Monitored and evaluated a systems compliance with Information Technology security requirements in accordance with NIST 800 series.

Provided analysis of system requirements relating to security/ Vulnerability reviews, risk, and contingency planning.

Developed plans of actions and milestones (POA&M) and/ or risk assessments for identified vulnerabilities and worked with multiple teams to track the execution of POA&M items to completion.

Education And Professional Certification

BA in Human Resources, Central University, Ghana, 2017.

CompTIA Security+ Certified.

Certified Information System Security Professional (CISSP) in Progress.

Certified Third Party Risk Professional (CTPRP) in Progress.

Contact this candidate