Nkegoah Tasong Bless
Glenn Dale, Maryland, *****
PROFILE AND SUMMARY:
Availability to Interview: Phone/GVC: 24 hours Monday to Friday - 09:00 AM to 12.00 PM (EST) Availability to Start: 2 week
Currently Interviewing: Yes
Worked at Google previously: No
Summary: Nkegoah is a highly qualified, respected, dedicated, and result-driven Vendor Risk Analyst/Security Analyst with five years of consistent record of success in improving processes through Risk Management and enhancement initiatives in conducting vendor security and privacy control assessment. He has experience in security frameworks such as NIST, ISO 27001, HIPAA, CCPA, GDPR, and PCI DSS compliances. He is proficient in Vendor Risk Assessment and Management, Assessment, and Authorization, Vulnerability Management, Vendor Selection as well Vendor Categorization, Analyzing SOC reports, and creating risk assessment reports. He strives to maintain Confidentiality, Integrity, Availability, Privacy, and Security.
EDUCATION:
University of Buea, Cameroon 2013
Bachelor’s in computer science
CERTIFICATION:
Certified Information Systems Auditor (CISA) 2021
CompTIA Security+ 2021
CORE COMPETENCIES:
Word
PowerPoint
Excel
Outlook
OneNote
GRC Archer
Security ScoreCard,
Nessus
Due Diligent
SOC Reports
RFP/RFI
SLAs
SOW
PCI DSS
ISO 27001
HIPAA
NIST
GDPR
CCPA
OWAPS
EXPERIENCE:
MBA TECH, Arlington, TX Jan 2018 – Present
Vendor Risk Analyst
Perform vendor classification according to Data handling and Relationship as well as company policies and procedures.
Work with security and compliance team to get certified with security frameworks such as PCI-DSS, NIST, HIPPA, CCPA, and SOX
Review SOC 2 Reports, SIG Core, SIG Lite and gather evidence to complete vendor security assessment.
Forged strong relationships with vendors and business owners to ensure seamless vendor security assessment.
Conduct Risk Assessment on cloud vendors to make sure they are secure and maintaining the SOW. Training new employees on Vendor Risk Assessment best practices.
Create Vendor Risk Assessment Report and escalate issues when necessary.
Work with vendors to discuss appropriate remediation actions and deadlines for all identified gaps.
Analyze vendor’s processes to determine deficiencies within their controls that could violate applicable law, regulation, framework, or internal policies and procedures.
Perform a periodic vendor risk assessment to make sure vendor controls are properly implemented to ensure confidentiality, integrity, availability, and privacy throughout the contract.
Identify gaps and create a risk treatment plan/corrective action plan to track the gap remediation process as well as provide recommendations and work with vendors to make sure risks are being remediated in a timely manner.
I work with the legal, business, and procurement team to conduct proper due diligence in other to determine the right vendor for onboarding.
I work with the legal, financial, and procurement team in reviewing vendors’ contracts and making sure necessary security clauses are included within the contract. Speedway LLC, Enon, Ohio Feb 2016 -Jan 2018
Compliant/GRC Analyst
Assisted in the development, review, and maintenance of internal organization policies and procedures in accordance with applicable regulations such as ISO 27001, NIST 800-53 Framework Controls, HIPAA and PCI DSS.
Implement Information Technology General Control (ITGC) within our GRC Archer tool for new Applications.
Worked with control owners to complete self-test assessment within GRC Archer.
Review vulnerability scan report and work with the engineers to develop and track remediation plan Trained new employees on conducting regular day to day activities
Updated incidence response plan and developed new incident response tabletop exercise Worked with various teams to pass SOC 2 and other security certification.
Worked as a liaison between my organization and external auditors by gathering and providing the auditors with security evidence.
Developed quarterly phishing awareness test contents
Forged great working relationships with various team members in the organization
Develop high-quality supplier risk management solutions to support the achievement of business unit objectives.
Engage with Procurement, Risk Partners, and Supplier Managers to develop criteria for monitoring suppliers' risk and performance effectiveness.
Implement the Third-Party Risk Methodology and provide training/guidance to Procurement, Business Partners, Supplier Managers, and Suppliers.
Coordinate and manage Third Party risk assessments on set schedules and ensure appropriate remediation activities.