LOVELINE CHE

Waldorf, MD, ***** United States

ad42n8@r.postjobfree.com / 301-***-****

SUMMARY

A professional with over 5+ of experience in Third-Party Risk Management, and Corporate Compliance. Competent in drafting, reviewing, and updating policies and procedures, vendor risk assessment, business continuity/disaster recovery, ongoing monitoring, and conducting interviews with both stakeholders (business owners) and potential Third-party vendors. Very strong written communication and documentation skills. Experience in Security Risk Assessment, and guidelines based on SOC 2, ISO/IEC 27001: 2013, 27005, SOX. knowledgeable in security compliance in HIPAA, GDPR, HITRUST, NIST 800.53,30, PCI DSS. A strong commitment to teamwork and service. Independently prepares, manages, and closes up issues, drafts Executive Summary after completing a risk assessment, and initiates escalations to higher management. Achieved a 95% compliance rate across all regulatory requirements through comprehensive audits and remediation efforts.

SKILLS

Vendor Assessment

Risk Identification

Due Diligence

Risk Mitigation

Threat Intelligence

Security Incident Response

Vulnerability Management

Regulatory Compliance

Policy Development

Audit and Assessment

Training and Awareness

Logistics Coordination

MS Office proficient

Windows Active Directory, SharePoint, Excel, and PowerPoint.

EXPERIENCE

Third-Party Vendor Risk Analyst. / Humana Inc - Kentucky, United States 06/2020 - Current

Conducted third-party risk assessments using tools like ProcessUnity and AuditBoard, resulting in a 20% reduction in identified risks within the first year of implementation.

Regularly performed periodic vendor review assessments, ensuring that vendor controls are properly implemented to maintain trusted service principles, leading to a 15% decrease in identified vulnerabilities.

Coordinated with stakeholders to mitigate vendor risks on time, resulting in a 25% reduction in high-risk vendor exposure.

Reviewed Incident Response Questionnaires (IRQs) and initiated Vendor Risk Management (VRM) review processes, leading to the development of risk treatment plans for the remediation of vendor exceptions.

Provided compliance consultation for HIPAA, PCI-DSS, ISO 27001, SOC 2, SOX, and GDPR, resulting in a 30% improvement in third-party compliance with regulatory requirements.

Initiated the implementation of KPIs and tracking systems to evaluate vendor performance; It led to an increase 25% enhancement in vendor performance scores by conducting regular reviews and addressing issues promptly.

Led the creation and implementation of plans to reduce risks, which led to a 30% decrease in high-risk vendor issues in the first year. Also worked with internal teams to set acceptable risk levels and negotiate contracts to manage identified risks

Conducted due diligence on Third-Party security questionnaires, ensuring that the security posture of the company's third parties aligns with organizational policies.

Reviewed various security assurance documentation, including SOC 2 reports and penetration test reports, resulting in a 40% increase in the identification of security vulnerabilities.

Participated in annual policy reviews and updates, contributing to a 20% enhancement in policy effectiveness and alignment with industry standards.

Tiered vendors based on data classification, business criticality, and risk rating, optimizing resource allocation and risk management efforts.

Participated in internal audits to ensure compliance with regulatory requirements, leading to successful recertification.

Managed escalations and follow-up on remediation plans, resulting in a 50% decrease in unresolved issues identified during risk assessments.

Reviewed security questionnaire responses from vendors, issuing recommendations to upper management on vendor approval, resulting in a 25% reduction in approved vendors with unresolved issues.

Prepared and presented monthly reports, contributing to improved visibility and transparency in third-party risk management practices.

Governance, Risk & Compliance Specialist / JPMorgan Bank, Washinton DC - Washinton DC, United States 03/2018 - 04/2020

Drafted and developed policies and procedures with the help of my team to ensure security and business objectives were achieved, resulting in a 25% improvement in policy adherence.

Assisted in the implementation of a continuous monitoring program on IT systems to ensure compliance, leading to a 30% reduction in compliance gaps.

Worked with internal third-party auditors to perform compliance assessment audits on controls, resulting in a 95% compliance rate.

Collaborated with various cross-functional teams or other compliance gatekeepers to ensure compliance is duly received, Implemented, and investigated as needed, resulting in a 20% increase in cross-departmental collaboration efficiency.

Led and guided discussions during cross-functional meetings with senior leadership to evaluate and address regulatory compliance issues; collaborated with legal and compliance teams to develop and implement corrective action plans, reducing regulatory fines by 25%.

Modernized internal control processes, reducing the average audit cycle time by 15% and enhancing overall efficiency.

Participated in reviewing the organization's risk management program using NIST SP 800-53 and 30 to identify system threats, vulnerabilities, and impact levels, resulting in a 40% reduction in high-risk vulnerabilities.

Provided compliance consultation for PCI-DSS, ISO27001, GDPR, HITRUST, and SOC 1 & SOC 2, resulting in a 15% improvement in overall compliance posture.

Partnered with clients to ensure that third-party vendors were properly screened, assessed, and continuously monitored to mitigate risk, leading to a 25% reduction in vendor-related security incidents.

Developed compliance training materials as needed to ensure within the organization to ensure compliance, resulting in a 20% increase in employee compliance awareness.

Worked with the team to ensure compliance with data privacy protection regulations, including GDPR and CCPA, achieving a 90% compliance rate.

Participated in internal control audits to verify control (such as HITRUST, SOC1, SOC2, HIPAA, PCI-DSS), resulting in a 95% compliance rate across all audits.

Provided compliance recommendations to management regarding industry best standards requirements, leading to a 20% improvement in compliance strategy effectiveness.

Researched compliance issues and recommended changes that assure compliance, resulting in a 30% reduction in non-compliance issues.

Managed compliance team projects and reported progress using Jira and Workday, achieving a 100% on-time project completion rate.

Ensured that all resources are efficiently managed and positioned the organization for operational excellence, resulting in a 15% increase in operational efficiency.

Prepared and presented monthly reports and performed other duties as assigned, maintaining a 100% accuracy rate in reporting.

FRAMEWORK

NIST, ISO 27001, CCPA, GDPR, HIPAA, HITRUST, PCI-DSS, ISO 27001/2/5.

Knowledgeable in security assurance report including but not limited to: SOC 1, SOC 2.

Excellent organizational, communication and presentation skills with the ability to multitask in a fast paced.

Experience using GRC tools including Workday, JIRA, CONFLUENCE, WORKDAY,IRQ, PROCESSUNITY, ASANA

Sig & Sig Lite Questionnaire, Due Diligence, Threat Detection, Soc2 Audit Preparation, Vendor Risk Management, AWS, Azure, Risk Management, Risk Assessment, GRC Compliance,, Data Security, Privacy Control Analysis, Security& Network Policies, Penetration test review, Incident Response and Contingency Planning, policy and compliance, CIA TRIAD, Firewall Configuration, Malware Identification, Network Security, SLA, Security Management, Authentication and Access Control, Vulnerability Management, Vulnerability Scanning, Threat Detection & Analysis.

EDUCATION AND TRAINING

Bachelor of Science: Computer Science 2012

University of Buea

CERTIFICATIONS

CompTIA Security+, CISA.

Contact this candidate