Information Security Manager
Resume:
Tai Victor-Osho
Elizabeth, NJ * 475-***-**** * adei8c@r.postjobfree.com
Summary:
●A Third-Party Risk Professional with over 6 years’ experience in risk management, information security, governance, technology and project management experience
●Strong knowledge of risk policies in a regulated environment (OCC, FDIC, OFAC, FRB, CFPB, FFIEC, NYDFS)
●Broad understanding of Information Systems Security/Risk and ITIL (Information Technology Infrastructure Library)
●Risk Assessment
●Control Testing
●Operational Risk Incident Management
●Business Continuity Planning
●Process/Risk / Control Frameworks (COBIT, ISO 27001, NIST)
●Extensive experience in Process and control design, remediation, or improvement initiatives
Technical Skills:
●GRC: RSA Archer, MetricStream, RSAM, Brinqa, Prevalent, Process Unity, Servicenow
●Basic: MS Excel (Advanced), MS Word, MS Access, MS Project, MS Visio
●Other: SharePoint
Education & Training:
●B.SC, Zoology – Olabisi Onabanjo University, Ogun State, Nigeria
●Certified Regulatory Vendor Program Manager (CRVPM)
●Certified in Risk and Information Systems Control (CRISC) – ISACA
Professional Experience:
Protiviti (New York, NY) Dec 2019 – May 2020
Third Party IT Risk Analyst
●Performed remote assessments of vendor engagements
●Performed vendor documentation review and analysis
●Documented and reported risk to Vendor Assessment management team, business partners and vendors
●Reviewed completed questionnaires (SIG) and supporting documentations
●Documented risks and recommendations based on a vendor’s lack of controls
●Identified and measured risk associated with vendor security controls
●Tested IT controls (content filtering, password lockout etc) and documented gaps
●Provided recommendations to remediate control gaps and assist with project management on remediation efforts
●Developed and maintained currency of supporting procedures and documentation to provide a reference source for ensuring consistency of future activities
●Performed BCP analysis on vendor hosted systems to determine if vendor RTO met company’s requirement
●Assisted with various third party risk management program initiatives working closely with the Third Party Risk Management Leads
●Performed onsite and remote assessment of third parties.
●Identified opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
●Identified and assessed potential risks by performing walkthroughs of data centers, gathering essential data, and auditing functions, recommended and implemented corrective action when necessary
●Created and presented reports for system owners and senior management.
●Collaborated directly with large groups of information technology and business stakeholders.
●Reviewed security policies, procedures, standards and guidelines
●Assess current business practices and identify opportunities to promote effective third party risk management
Sterling National Bank (New York, NY) Nov 2018 – Nov 2019
Snr Third Party Risk Analyst
●Evaluation and Due Diligence selection for all Vendors
●Ongoing Monitoring Analysis and Remediation.
●Recommended policy updates and coordinated review and approval.
●Provided third party risk guidance to cyber management, staff, and users.
●Performed other duties and/or special projects as assigned.
●Review Vendors documentation and Exit Strategy.
● Driving all aspects of the risk assessment of firm-wide critical suppliers, service providers.
●Assessing completed questionnaire and supporting materials to ensure they are complete.
●Assisting with various Third-Party Risk Management program initiatives.
●Escalating issues associated with third parties as needed.
●Document findings and work with the LOB Delivery Manager to resolve those findings through Remediation Plans (RPs) or seek Non-Compliance Acceptance (NCA) approvals.
Scotia Bank (New York, NY) Sep 2017 – Nov 2018
Third Party Risk Analyst
●Communicated Information Security Risks to Business Stakeholders at all levels and also to Suppliers.
●Evaluated supplier control effectiveness by reviewing policies, procedures, controls, systems and processes to identify control gaps.
●Recommended policy updates and coordinated review and approval.
●Initiated escalation to management for resolution on any technical or non-technical issues.
●Provided third party risk guidance to cyber management, staff, and users.
●Performed other duties and/or special projects as assigned.
●Led process improvement activities, participated in information security assessment special projects and other assessment related activities.
●Actively participated in decision making with third parties and company management for mitigating identified deficiencies and seek to understand the broader impact of the decisions made.
●Established and maintained good working relationship with third parties and engagement managers with the intention to exceed their expectations.
●Interfaced with all levels of management and technical and business sources.
●Had responsibility for understanding of business processes and technology used within the assigned areas to ensure that the business is in compliance with regulatory requirements and bank’s Information Security Policy and applicable procedures, processes and standards.
TIAA (New York, NY) Oct 2016 – Aug 2017
Third Party Risk Analyst
●Reviewed services provided by vendor and define scope of assessment based on the SIG.
●Defined appropriate risk levels and corrective actions.
●Reported on assessment outcomes, risk level and associated recommendations.
●Provided metrics on a regular basis (KPI / KRI).
●Completed risk analysis for onsite assessments/remote assessments.
●Cultivated strong ties with business and technology operations teams to manage software asset management activities, while closely collaborating with operations teams on key issues of accurate license entitlement data for software audits, worked closely with software vendors.
●Worked with the appropriate business user and technology owner to ensure that for any identified risks that require mitigating action, a plan is developed and executed.
●Ensured all vendors are classified and assessments completed in accordance with the VRM policy.
●Ensured all vendor relationships are documented in the VRM system and all contracts related to vendors that provide outsourced services are uploaded in the system in accordance with the VRM policy.
●Influenced and provided guidance to the business and other stakeholders to ensure requirements of VRM are fully understood.
MOODY’S (New York, NY) Jul 2015 – Sep 2016
Third Party Risk Analyst
●Coordinated with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements.
●Assessed completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls.
●Produced detailed documentation of assessments.
●Communicated vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
●Validated evidence from vendors before remediation plans are closed.
●Responsible for managing and reviewing the employee entitlement access to internal systems of the company.
●Escalated issues associated with vendors as needed to management.
●Supported the VRM Program to effectively manage vendor risk in accordance with internal policy and regulatory requirements, ensuring strong oversight of all vendor risks and provide visibility of existing and emerging risks.
●Maintained established relationships with the Business and applicable stakeholders to ensure proper execution and compliance with VRM policies and procedures.
●Assisted in the reporting of vendor risk management activities.
●Promoted and delivered continuous training and awareness to Business partners on vendor risk.
NATIONAL FINANCIAL PARTNERS (New York, NY) Feb 2014 – Jun 2015
Vendor Risk Manager
●Assisted Escalating issues associated with third parties as needed.in the reporting of vendor risk management activities.
●Developed and maintained standard operating procedures (SOPs).
●Provided analysis and recommendations for identified security exceptions; participated in defining remediation efforts.
●Tested controls and identified deficiencies.
●Managed all classification programs for vendors, entitlement assessment and mitigation of third-party vendor risk.
●Worked with the appropriate business user and technology owner to ensure that for any identified risks that require mitigating action, a plan is developed and executed.
●Ensured all vendors are classified and assessments completed in accordance with the VRM policy.
●Ensured all vendor relationships are documented in the VRM system and all contracts related to vendors that provide outsourced services are uploaded in the system in accordance with the VRM policy.
STANDARD CHARTERED BANK (NY) Jul 2011 – Nov 2014
Internal Controls and Compliance Analyst
●Determined what internal controls should be developed and how they will be monitored.
●Documented financial reporting processes, map key controls and sub-processes that impact financial statements.
●Performed testing of the design and operating effectiveness of internal controls over financial reporting and identified any deficiencies in accordance with Central Bank Guidance and other government policies.
●Involved in the creation of clear and accurate documentation of audit workflows in IT process and report of test results/findings and exceptions.
●Performed testing of the design and operating effectiveness of internal controls (General Controls) over financial reporting and identify any deficiencies
●Develop and provide reporting of all unresolved conflicts, misunderstandings and differences in contractual interruptions, as well as the planned course for resolution, including the source of dispute; the parties involved, anticipated timelines, measurable milestones and expected resolution date
●Ensure obligatory OFAC checks are completed for current and prospective vendors
Contact this candidate