Information Security Analyst

FORCHICK STELLA

Information Security Risk Analyst

Email: ********@*****.***

HYATTSVILLE MD 20784 Tel: 443-***-****

-OBJECTIVES

Analytical, detail oriented, ambitious and hardworking IT security professional with over 3years of assessing the information security posture of client’s third parties and coordinating the overall execution and delivery of assessments. A very exceptional team leader with strong ability to work and collaborate effectively in a team environment. Also a great sense of urgency and able to apply risk-based approach to prioritized work. Very experienced in achieving the three goals of cyber Security, confidentiality, integrity and Availability of the organizations systems, network and data.

- SPECIAL SKILLS AND TRAINING

Strong problem solving skills.

Microsoft Office suite and advanced excel skills.

Highly motivated, and completes work within a timeframe with accuracy.

Ability to communicate risk related concepts to both technical and non-technical team members.

Ability to demonstrate professionalism with all levels of management.

Excellent presentation and interpersonal, collaborative skills.

Technical expertise in achieving cyber security goals (CIA).

Good leadership potentials and time management skills.

-Ability to prioritized workload adhere too deadlines as well escalate issues.

Detailed, organized and results oriented.

Ability to multi-task and perform effectively under pressure.

Knowledge of ISO 27001/PCI DSS/HIPAA/NIST/FISMA/FIPS /CCPNA HITRUST and SOX.

Vendor Risk/Third Party security Risk Management.

PROFESSIONAL EXPERIENCE

MATRIX RESOURCES

NESTLE INC. MD JAN 2020- PRESENT

IT COMPLAINCE ANALYST

•Coordinate with stakeholders to initiate scope and plan controls assessments of new and existing vendor engagements.

•Responsible for analyzing all new vendor contracts and pointing out areas of improvement to management.

•Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls.

•Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.

•Validate evidence from vendors before remediation plans are closed.

•Responsible for managing and reviewing the employee entitlement access to internal systems of the company.

•Support the VRM Program to effectively manage vendor risk in accordance with internal policy and regulatory requirements, ensuring strong oversight of all vendor risks and provide visibility of existing and emerging risks.

•Plan and execute onsite security/ risk assessments for third party vendors.

•Act as remediation analyst to work with vendors in remediating findings discovered during the onsite/virtual assessment.

•Validate RFI and RFP contracts evaluations when on boarding a vendor when conducting Due diligence.

•Making sure that vendors are following regulatory requirements and information security policy and applicable procedures, processes and standards.

POLSNELLI,

DEC 2017-DEC 2019

WASHINGTON DC

THIRD PARRTY RISK ANALYST

•Responsible for conducting vendor risk assessments, with a focus on Information Security and Privacy.

•Reviewed vendor compliance from a BCP/DR and Data Security perspective.

•Worked with the appropriate business users and technology owners to ensure that for any identified risks that require mitigating actions are plans, developed and executed.

•

•Reviewed services provided by vendor and define scope of assessment based on the Standard Information Gathering (SIG) questionnaire.

•Identified the top human risks to the organization and the behaviors that need to change to mitigate those risks.

•Assessed operational fitness of assigned third parties through due diligence reviews.

•Articulate writing skills to support development content and communicating information security principles at all levels from executives to non-technical employees.

•Reviewed and analyzed SOC 1, SOC 2 reports of third parties/vendors and other evidence provided during a risk assessment.

•Reviewing vendor contracts, onboarding and monitoring vendors performances.

EDUCATION/CERTIFICATIONS

•Bachelor’s Degree in computer science - University of Buea – Cameroon.

•CompTIA Security+ Certified.

•CISA Certified.

•CISSP In Progress.

Contact this candidate