Risk Management Third Party

SYNTIA BELLEH

Lanham, MD ***** 240-***-**** *************@*****.***

Professional Summary

Highly experienced and certified Third Party Risk Management (TPRM) professional with a strong background in cyber security, risk management and compliance. Proven track record of developing and implementing effective TPRM programs, conducting risk assessments, and ensuring compliance with industry standards and regulations. Excelled in multi-tasking and analytical skills to identify vulnerabilities and improve vendor management processes. Spearheaded cybersecurity policy development.

Skills

Team Work.

Risk assessment

Vendor management

Multi-Tasking Skills.

Attention to details.

Microsoft 365.

Analytical Skills.

Technical skills

Communication Skills.

Risk Mitigation

Time Management

Organizational Skills

Audit skills

Compliance knowledge on HIPAA, PCI-DSS,

NIST, SOC2, ISO 27001, HITRUST

Work History

Third Party Risk Analyst 05/2020 to Current

Black Knight, Inc – Maryland USA

Support TPRM program by reviewing Procedures, policies and identify room for improvement. Support on-boarding and off-boarding of Suppliers, collaborating with Business, Procurement, Legal and Compliance teams.

Support Procurement in vendor sourcing and scoping, especially IT and Software suppliers. Perform due diligence on prospective and existing third party services to identify any red flags or potential vulnerabilities that could impact business operations. Tier Suppliers into Risk category based on Business criticality, and Data sensitivity, and dollar amount spent.

Develop vendor security questionnaires such as Inherent risk questions and SIG to perform security assessment on selected supplier.

Use ProcessUnity as tool to support vendor engagement, security assessments and ongoing monitoring.

Review SOC 2 reports, penetration test reports, vulnerability scan reports, business continuity plans, disaster recovery, and incidence response plans as supporting evidence provided during assessments.

Review vendor's contract, ensuring that Cybersecuity clauses are included such Liability insurance, Breach notification and re-assessments proceedings. Staying up to date with relevant regulatory requirements, industry best practices, and internal policies to ensure third party service compliance with applicable laws and regulations. Identify, monitor, track, and escalate issues requiring remediation, in ProcessUnity and GRC Archer.

Continuously monitor vendors risks (Financial, Reputational, Legal...) using tools such as Dun & Bradstreet, BitSight and UpGuard.

Review all requests submitted (modification, termination) prior to approval. GRC ANALYST 01/2018 to 04/2020

SHEIN Technology LLC – Maryland, United States

Developed and implemented cyber security policies, procedures, and standards following regulatory requirements and industry best practice. Led Risk assessment processes, leveraging industry standards such as NIST and ISO 27005 to identify and remediate risks.

Liaised with internal and external auditors and other internal teams to support certification audits and assessments.

Created, reviewed and updated organization Policies, procedures yearly. Identified policies violations and collaborated with SMEs to develop remediation and exceptions using Asana as tool.

Supported Compliance program, assuring that organization obtained and maintained NIST, ISO 27001, GDPR and SOC 2 certifications.

Continuously monitored Risk Register, ensuring that all remediation are up to date. Reviewed audits reports provided such as SOC 2, SOA and develop mitigation with appropriate stakeholders.

Championed Awareness Training program, ensuring that all new and existing employees are trained, in respect to Internal policies and procedures. Conducted monthly phishing campaigns, and devaluated results, using Percipio as tool. Quarterly conducted users access review, with departments leads, with goal of reducing Privilege creep.

Assisted in training junior analysts, sharing knowledge of best practices. Conducted yearly internal controls reviews, ensuring that organization maintained good cyber- hygiene and proper controls implementation.

Education

Bachelor of Science: Computer Science 01/2018

Higher Institute Of Business And Technology - Yaounde, Cameroon Tools

ProcessUnity

GRC Archer

Percipio

Asana

Splunk

Tenable

Nmap.

Dun & Bradstreet.

UpGuard

Certifications

CompTIA Security + certified

ISACA CISA certified

CISSP in progress

Contact this candidate