MARVELLOUS NALIOMO

THIRD PARTY VENDOR RISK ANALYST

240-***-**** Email: ad4tdo@r.postjobfree.com

Maryland MD

PROFFESSIONAL SUMMARY

Highly detail-oriented and analytical professional with strong background in information security over 5years plus experience in vendor risk management, compliance, and vulnerability management. Proficient in conducting thorough risk assessment to assess the information security posture of company’s third-party vendors. Analyzing contracts and developing risk mitigation strategies. Strong knowledge of industry regulations and standards HIPAA/HITRUST, PCI-DSS, ISO 27001 and familiar with security framework NIST 800-53, coordinate and assess vendors, categorize, and select vendors during onboarding and offboarding.

. Reviewing and Analyzing SIG, SOC2 reports and creating Risk assessment Report meeting security objectives, develop risk mitigation strategies. review Vulnerability scan reports, pen test results, creating contingency and disaster recovery plans, business continuity plans.

VENDOR RISK ANALSYT

ALLIED UNIVERSAL January 2020- Present

Assist in Third Party on-boarding process by partnering with stakeholders such as the business team, procurement team, security team and legal team during the Third-Party selection process.

Conduct vendor due-diligence and categorization according to data sensitivity and business criticality to align with my company's policy and procedure.

Perform third-party risk assessment by evaluating response to questionnaire and gathering of evidence, review of documentation as per company's policy.

Create vendor risk assessment report to track and remediate all findings during initial assessment and escalate vendor non-compliance to management when necessary.

Follow-up with vendors to discuss remediation plan and deadline to address all gaps identified during initial assessment.

Review answers to SIG questionnaire, SOC 2 report, Vulnerability scan report, penetration test report and address any findings to ensure they align with company's control requirement and policy.

Perform continuous monitoring by re-assessing the vendor security posture to ensure all controls are properly implemented to enforce data confidentiality, integrity, availability (CIA) throughout the contract.

Ensure that the vendor has clear data retention and disposal policies. Unnecessary data retention can increase the risk of data breaches, so it's essential that data is retained only for as long as necessary.

Request and review the vendor's BCP documentation. This should include their strategies for handling various types of disruptions, from natural disasters to cyberattacks.

Develop, review, update, and enforce the implementation of information security system policies, system security plans (SSP), and secure.

Microsoft Office Strong computer skills, including MS Office products (e.g. Word,

Excel, PowerPoint, Visio) and other business software to prepare reports, memos, summaries, and analyses.

VULNERABILITY MANAGEMENT

GRANT THORNTON February 2019 – December 2019

Experience in endpoint vulnerability scanning, identification, risk ranking, and reporting

Responsible in Tracking of remediation and actions taken and escalation requests through ticketing system.

Facilitate discussions with stakeholders to come up with mutually agreed upon plans for patching.

Communicate risks in a meaningful way to business units unfamiliar with security.

Perform risk assessments for business and technology initiatives such as new vendors and supporting software.

Issue phishing awareness training and simulations enterprise-wide and report metrics

Reporting of program key performance indicators and metrics

Manage/Create asset groups in vulnerability scanner.

Facilitate Risk Acceptance process for asset owners.

3rd party risk assessments, including OSS, SaaS, on-prem, and hardware.

Staying up-to-date and current on any trending vulnerabilities (including Zero-Day)

Support the Patch Tuesday Process for Microsoft Patching

Recommend and monitor security hardening settings for technology assets.

Build relationships with other business units and technology groups and champion vulnerability management.

Auditing of critical controls: Security Agents, Data protection, and malware defenses

SKILL TOOLS

Excellent communications (oral and problem solving, and interpersonal skills

Dun Bradstreet

Nessus Tenable

Ability to effectively multi-task and manage multiple priorities in a self-directed manner

ServiceNow

Confidence in working across teams and departments in a collaborative and timely manner

JIRA

Aptitude and technology and interest in finding technology solutions to meet business needs

Vin minder

Open to learn and take correction

Percipio

SharePoint

EDUCATION

UNIVERSITY OF BUEA CAMEROON

BACHELOR DEGREE IN COMPUTER SCIENCE

CERTIFICATION

CompTIA Security Plus

CISA

Contact this candidate