Third Party Supply Chain

Desmond Babila

ad5cu9@r.postjobfree.com

202-***-**** /

linkedin.com/in/desmond-ben-60256626a

SUMMARY

Detail-oriented Vendor Relationship specialist/GRC Analyst for over six years plus now. I have experience within Enterprise Third Party Management space, I oversee the process from Start to finish. Right from identification and screening, Evaluation & selection, Risk assessment, Risk mitigation, Contracting and procurement, Reporting and Record keeping, Ongoing monitoring, Third party offboarding. I have experience working as a GRC analyst, I ensure that all organization’s internal policies are adhered to by every employee, I identify all potential risks of an organization and develop a mitigation strategy and ensure that the Organization is following all necessary legal and regulatory requirements. Proficient with compliances such PCI DSS, GDPR, SOX, CCPA, HIPPA, NIST REVISION 2, HITRUST, ISO 27000, and have hands on with various tools like GRC Archer, BitSight, Tableau, Ariba for Supply Chain Management, Zen GRC, and ServiceNow.

EDUCATION

AWS Certified

Security+ Certified

CISA Certified

CISM Certified

CHFI Certified

CEH Certified

Bachelor’s Degree Computer Science

Skills:

Data Security & Privacy

Maintaining Risk Register

Compliance Lead

GDPR

Firewalls

Active Directory

Awareness and training

MS Excel/Power Point

Privacy SharePoint Leadership

HIPPA

IPS/IDS

Micro soft Excel

Policies

FISMA

Data Privacy

HITRUST

Awareness and Training

PowerPoint presentation

RISK management

Operating Systems

Microsoft 365

CCPA

Business continuity plan

SharePoint site

Vendor Management

Privacy Compliance

Active Directory

SOX 404

Disaster recovery

Team Lead

Risk Assessment

ServiceNow

ISO 27001

RMF

Incident respond

Data Loss Prevention

SOC 1,2

Disaster recovery

NIST 800 53 Rev 2

NIST CFR

Deploy Patches

Risk Assessment

Content management

Network

Pen Test

EXPERIENCE

Centene Corporation 07/2020 to present.

Third Party Risk Analyst /Compliance Analyst

Ensured cyber security policies are adhered to and controls are implemented.

Knowledge in supporting a security program within industry leading compliance frameworks and regulations (ISO2700, GDPR, CCPA, PCI DSS, NIST REV 2, HIPPA, SOC 1, 2 and Privacy compliance.

Design and distribute change management materials with respect to security controls certification, exceptions, and remediation.

Review evidence such as SIG, SOC2 Reports, and PENTEST scans results and policies.

Assisted in the design, implementation, training, and maintenance common controls’ framework for continuous testing and monitoring of all information security controls and activities related to SOC2, PCI-DSS, and Sox.

Assisted in Analyzing and updating existing Compliance Polices and related Documentations,

educate Management and other departments regarding Compliances Polices.

Evaluate the Audit/Inspection Readiness process, procedure, and checklist artefacts periodically to ensure documentation is well updated and evaluated for optimization.

Assist in the design, implementation, training, and standardization of security controls for the processing,

storage, and transmission of payment and PII data.

Participate in disaster recovery (DR) design, planning, implementation and testing activities for critical assets and processes.

Coordinate with risk owners to develop recommendations for risk response and monitoring plans.

Conduct security assessment/audit timeline for questionnaire, interview, evidence verification, and report preparation.

I act as a remediation analyst to work with vendors in remediating findings discovered during the assessment.

performed internal audits of systems prior to external auditing and Continued Monitoring Activities.

Support the development and maintenance of enterprise risk management policies, standards, procedures, tools, and information systems.

Interact with internal stakeholders to deliver risk analyses and perform related tasks.

Find process gaps or areas of concern and develop recommendations for risk response and monitoring plans. Find, document, and organize related metrics and prepare reports as asked.

Create, deploy, and support effective enterprise-wide security awareness training programs, phishing.

campaigns, and cyber security communications.

Hands on tools such as ServiceNow for Ticket, BitSight for Third Party Risk Assessment, and GRC Archer depending on what you are comfortable in conducting the security assessment with.

Lead Vendor Risk Specialist

Bank of Montreal 07/2018 – 06/2020

Work with Enterprise Third Party Management process flow from sourcing to contract, ongoing maintenance of a third-party engagement life cycle.

Work as an Engagement owner where I work with supply chain management, onboarding, and strategy sourcing, legal team, security assurance team and Business team.

Consult with Line of business and assigned sourcing representative for guidance with completing the required Inherent Risk Assessment.

Review recurrent due diligence assessment summited by Third Party.

Serves as a subject matter expert regarding products and services being secured and the business processes related to exiting the Engagement.

Work with sourcing representatives to get updates on the contract.

Work as an Engagement owner proactively to ensure problem related to product /service are addressed effectively, including escalation if required.

Maintain effective communication with LOB and Risk office and complete Ongoing assessments and mitigate all the Risk identify during the Assessment.

Support with management of risk (purchase /renewal)

Responsible for bringing consistent awareness for both Line of Business and third-party regarding risk and performance and help identifying improvement opportunities.

Miscellaneous activities, as appropriate, such as responding to regulatory compliance requests and quaterly risk report.

Assists the Supply chain management and Oversight teams meetings review and approval of the Third-party immaterial Risk submission.

Create, Review and update policy and procedures for the Organization to ensure they are following PCI, DSS, GDPR, ISO 27001, and NIST CFR.

Hands on using tools such as GRC Archer, Tableau for report, Ariba-Supply Chain Management.

Experience using Power point, spreadsheet, and Applicability Metrics.

Experience conducting pre audit for our organization.

Reviewing a vendor's SOC report to ensure all controls are in place and working effectively in protecting data.

Hands on tools such as GRC Archer, Tableau, Ariba, BitSight and Onetrust.

Monitor the security posture and continuously secure our client data.

Vendor Risk Analyst

Lifeline INC 06/2016 – 06/2018

Coordinate, support, and maintain activities for Vendor Risk Assessment (VRA) Repository and related support tools.

Responsible for coordinating, facilitating, and evidencing assigned Vendor Risk Assessments (VRA) to ensure compliance with process requirements.

Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls for NIST CFR, HITRUST, GDPR, CCPA, Privacy compliance.

Produce detailed documentation of assessments, consult with vendor primary contacts about assessment activities including interviewing, evidence gathering, and risk evaluation and reporting on the control in place included cloud security control.

Assess the security and risk management maturity levels of Vendors.

Assess and reports the IT and information risk for key initiatives.

Assess SOC Reports & SIG to make sure it complies with company’s Control Standards.

Assess Vendor Risk Profile to determine C.I.A rating, conduct reassessment of Vendors and prepare VRA Report.

Have experience using SharePoint site and ensure all artifacts are uploaded in the SharePoint site.

Hands on using third party tools Like Zen GRC and GRC Archer and Service Now.

Act as a remediation analyst to work with vendors in remediating findings discovered during the virtual assessment.

Work on mapping the SIG and control standards to the VRA Questionnaire.

Perform vendor security assessment activities including evaluation of vendor controls and practices, process enhancements, reviewing independent audit service reports.

Communicate and track remediation plans with vendors, business, and IT partners and where applicable recommend mitigating/compensating controls.

Perform vendor security assessment activities including evaluation of vendor controls and practices, process enhancements, performing onsite assessments, reviewing independent audit service reports.

Experience with HITRUST compliance.

Communicate and track remediation plans with vendors business, and IT partners and where applicable recommend mitigating/compensating controls.

Continuously monitors vendor's security posture and information security risk.

requirements and advise on scope and options for continuous operations improvement. Analyze

Adheres to the processes and procedures for the management of risk, especially those arising from the use of information technology.

Ability to manage and conduct meetings effectively and efficiently.

Prepare and review third party due diligence reports for management.

Contact this candidate