Third Party Risk Manager

Chosniel Sanji

********@*****.*** 240-***-**** Princeton, TX

SUMMARY

Seasoned Cybersecurity Analyst with over 8 years of experience in risk assessment and mitigation, including my current role at Fidelity Investments. Expert in developing risk management frameworks and conducting thorough due diligence of vendors. Skilled in cross-functional collaboration and reporting to senior management; seeking to leverage expertise in

any security environment needing robust protection, so data/information will consistently meet the CIA's triad.

SKILLS

Risk Assessment and Analysis / Security Policy Development / Vulnerability Assessment / Threat Analysis and Management / Nessus / Nexpose / Incident Response and Management / Jira / Confluence / Kanban / Project Management / Compliance and Regulatory Standards / SIEM / Excellent Communication / Project Management / SDLC / Agile Methodology / Scrum Master / Cross-functional Collaboration / PCI-DSS / SOX / SOC 2 / ISO / NIST / HIPAA / Splunk / Data Entry / Hardworking and Dedicated / Microsoft Excel.

WORK EXPERIENCE

Fidelity Investments Dallas, TX

Third-Party Risk Manager January 2021 – Present

Control TPRM programs by identifying, evaluating, and reporting relevant information security risks presented by third parties so that the business is aware and can act accordingly.

Asses third-party vendor applications, and services and determine the relevant security controls to mitigate the identified risks.

Develop and maintain a comprehensive third-party risk management framework, integrating policies, procedures, and controls to address vendor-related risks.

Conduct thorough risk assessments and due diligence on vendors to evaluate their security measures, compliance, and risk exposure.

Ensured a thorough adherence to the PCI-DSS compliance.

Collaborate with cross-functional teams to align third-party risk management with organizational goals and regulatory standards, ensuring cohesive risk mitigation strategies.

Monitor third-party risk metrics and KPIs, report findings to senior management, and lead efforts to remediate vendor risk issues and enhance security resilience.

Amway Ada, MI

Cybersecurity Risk Analyst February 2019 – December 2020

Conducted comprehensive risk and vulnerability assessments, identifying critical security risks and formulating mitigation strategies for management consideration.

Formulated and executed security policies and procedures to safeguard sensitive information, effectively reducing organizational risk exposure.

Collaborated with cross-functional teams to establish and validate security and privacy controls, ensuring adherence to industry standards.

Investigated cybersecurity incidents, documented their impact, and monitored security control efficacy, while delivering cybersecurity training to enhance staff compliance.

AmTrust Financial Services Dallas, TX

Vulnerability Manager May 2017 – January 2019

Conducted thorough vulnerability assessments on various networks, systems, and applications, employing leading scanning tools to identify and evaluate security risks.

Collaborated with IT personnel and system administrators to formulate and execute detailed remediation plans, ensuring effective mitigation of vulnerabilities.

Maintained up-to-date knowledge of industry standards and regulatory requirements, ensuring organizational adherence to security best practices.

Generated comprehensive reports and maintained meticulous records of vulnerabilities, remediation actions, and compliance statuses, facilitating cross-functional team collaboration.

WALMART Bentonville, AR

Information Security Analyst January 2016 – March 2017

Implement and maintain robust encryption and access control measures to safeguard patient records, ensuring compliance with HIPAA and other healthcare regulations.

Continuously monitor the institution’s networks for potential threats or breaches, using advanced security tools and techniques to detect and respond to cyber threats in real-time.

Conduct regular risk assessments to identify vulnerabilities in the hospital’s IT infrastructure, and develop strategies to mitigate those risks, including patch management and system updates.

Develop and implement an incident response plan to quickly address any security breaches, minimizing damage, and ensuring rapid recovery of critical systems.

Provide ongoing security training and awareness programs for staff to reduce the risk of human error, such as phishing attacks, and to promote a culture of security within the institution.

EDUCATION

University of Buea B.Sc, Computer Science December 2008

Institute of Commercial Management

Advance Diploma, Marketing, Advertising, Public Relations Jun 2011

Harvard University Certification,

Cyber Security and Risk Management Jun 2012

CERTIFICATIONS

Certified Information Systems Security Professional (CISSP)

CompTIA Security+

Certified Scrum Master (CSM)

Azure Certification, In progress

PMP certification

Qualys Vulnerability Management Certification

Qualys Asset Management Certification

Qualys Policy Compliance Certification

Contact this candidate