Information Security Manager

RAYMOND TAMBI

Third Party Risk Analyst/Compliance Analyst

LANHAM, MD

Mobile:410-***-**** Email **********@*****.***

SUMMARY

I am a self-driven, confident, innovative, and hardworking skilled individual with some leadership/coaching skills working with a team or independently with little or no supervision. I am dynamic, attention to detail and possess the ability to adapt quickly to changing environments and interact well at all levels. I have over 5 years of professional record performing this task. I am looking to use my skills and expertise to help achieve Enterprise-wide information risk goals and objectives of Confidentiality, Integrity and Availability (CIA).

SKILLS

Analytical skills and detail-oriented

Multi-tasking

Adaptability and Flexibility

Demonstrate ability to prioritize.

Excellent communication skills

Ability to work in a tight cooperate deadline.

Work independently and with team.

Familiar with compliances (PCI-DSS, SOX, GDPR, CCPA, NIST, ISO 27000, HIPAA, HITRUST) and SOC audit.

Problem solving

Time management and organization

Self-motivated professional

Working knowledge of tools such as OKTA, KNOWBE4, ZenGRC, SCOUT, BITSIGHT, SERVICE NOW, PROCESS UNITY, SLACK, JIRA, ZOOM, CONFLUENCE.

Proficiency with G-Suit, Micro Soft Word, Micro Soft Team, Excel (Pivot Table, V-lookup), PowerPoint.

Project management and Risk management

PROFESSIONAL EXPERIENCE

COSTCO Washington DC (MBA TECH, Subcontractor). December 2018 – Present

Third Party Risk Analyst/Compliance Analyst

Create, review and/or update required security policies, standards, and procedures.

Conduct categorization/scoping of new vendors/suppliers.

Perform third party security risk assessments for all new vendor and reassessment for existing vendors.

Assess vendors VSQs/SIG response and supporting documentation to validate vendor appropriate implementation of information security controls.

Analyze vendor evidence such as SOC, Vulnerability Scans and Penetration Test reports to identify gaps or exceptions.

Create Risk Assessment Report (RAR) containing findings and recommendations and submit it to the security manager.

Communicate vendor security issues to stakeholders, business team and management ensuring their understanding of associated risks and actions needed to remediate those risks.

Develop innovative approach to resolve and manage risk related issues to minimize business impact.

Work closely with Legal team to review vendor contract and ensure regulatory security concerns are addressed.

Plan and execute onsite/virtual risk assessments for third party vendors focusing on compliance with regulations, policies, and internal controls.

Perform continuous monitoring using tools such as BitSight; guide process owners in implementation and mitigation process to monitor and report on success.

Monitor, and track TPRM lifecycle activities (identify, due diligence, risk assessment contract negotiation, ongoing monitoring, and termination)

Develop risk treatment plan to ensure vulnerabilities are remediated satisfactorily within the milestone.

Research on vulnerability via OWAPs, NVD, US-CERTS to develop remediations plan.

Conduct awareness and training.

Cloud assessment experience.

SOC audit experience. Act as a liaison during internal and external audit; attend meetings, gather evidence Publish by Client (PBC), response to questions related to vendor/suppliers and organization base.

Knowledge and experience in change management.

Attend conferences and events to build connections in the organization.

Support other cross operational duties assign to me.

Blue Cross Blue Shield, New York NY February 2016 – November 2018

Third Party Risk Analyst

Review and maintain policies and procedures to make sure it aligns with the organization standard.

Work with different teams during vendor onboarding process.

Conduct tiering or categorization and risk assessment of Vendors.

Work closely with Vendor POC to obtain SIG/VSQs response.

Assessed completed SIG questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls.

Review and analyzed Vendors SOC reports and Evidence.

Responsible to communicate Vendors security status to stakeholders and make sure they understand associated risk.

Review, priorities and update all findings and existing risk of vendors into the risk registry.

Document findings and work with vendor POC to resolve those findings.

Identify opportunity for improving organization and third-party risk management which include risk identification, risk mitigation and prevention.

Created documentation for vendor workflows to assist with onboarding process.

Coordinate with my manager to plan and execute onsite risk Assessment of vendors.

Conduct meetings with the IT team to gather documentation and evidence about their control environment.

Perform continuous monitoring and reassessment.

SOC audit experience. Act as a liaison during internal and external audits.

Support the vendor risk management Program to effectively manage vendor risk in accordance with internal policy and regulatory requirements.

EDUCATION/CERTIFICATION

Bachelor’s Degree in Computer Sciences U.B Cameroon 2014

CompTIA Security+ certified.

Certified Information Systems Auditor (CISA).

Certified Security Information Manager (CISM) in progress.

Associate Degree in Medical Laboratory Sciences (MLS) 2008

Contact this candidate