Sola Adebisi, MBA, PMP
Washington, DC, *****
Cell: 240-***-**** email: ***************@****.***
Profile
A highly qualified, dedicated, and results-driven professional with consistent record of success in improving process through risk management and enhancement initiatives. Understanding of banking and mortgage regulations, skilled in performing third party risk assessment, security test of controls evaluation and coordinating various IT Security projects. Well-versed in Industry frameworks NIST Series, ISO 27001, PCI-DSS review of SSAE 18 (SOC REPORT) Penetration Test etc. An outstanding communicator, adept at building and nurturing relationships with peers, management teams, internal departments, clients, and external agencies.
Professional Experience
Third Party Risk Management Analyst
Navy Federal Credit Union June 2021- Present
Plan and conducts third-party vendor risk management assessment that cut across all activities throughout the third- party life cycle relationship from onboarding, monitoring, risk assessment, and termination.
Oversee risk-based analysis such as communication of the identified risks to the key stakeholders, organizing remediation action plans, track and monitor identified Third – Party risks to closure.
Support internal control collaboration with legal teams and vendors to ensure compliance with regulatory obligations on an annual basis as it relates to Third – Party integration.
Drive execution of Third-Party compliance (Virtual/Onsite).
Measuring, monitoring, and reporting on customer satisfaction and vendor performance and implementing continuous improvement strategies.
Monitor and report on the performance of vendors to ensure delivery in line with contractual obligations and performance metrics.
Conduct third party audits and manage the remediation of third-party audit findings and management responses.
Use of tools such as RSA Archer/JIRA to ensure secured and prompt communication of findings and deployment of questionnaire to the vendor and to track vendor progress on remediation.
Perform continuous monitoring by assessing tools during onsite visits to validate the security of questionnaires filled out by the vendors to ensure the protection of data at the vendor sites.
Identify improvement areas internally as well as work closely with all internal stakeholders to proffer solution.
Manage regular senior level collaborative meetings between vendor and business, ensure there are metrics across all KPIs to ensure performance management
Effectively work with business-side users and vendors’ POCs to resolve issues identified in the assessment process.
Vendor Risk Analyst
Rocket Mortgage May 2017 – May 2021
Performed end to end risk assessment on the Third-Party Vendors for all assigned business areas.
Efficiently identified control gaps/deficiencies and assisted business areas with documentation and resolution.
Identified and used risk drivers to determine the overall potential inherent risk of the engagement.
I reviewed business case to understand services that’s being provided, I determined the scope and depth of the assessment based on the inherent risk of the engagement.
Administered questionnaires to all vendors using SIG by shared assessment questionnaire.
Conducted in-depth risk-based security assessments of vendors and third party hosted environment.
I worked with our vendor manager oversight to ensure adequate tiering of our vendors based on the level of data they had access to.
I reviewed all essential security policies and procedure documentation.
Document key third party risk identified in a formal report, escalate control gap findings as necessary to management.
Facilitated remediation for any third-party related operational issues as needed.
I worked with e-GRC tools such as One Trust and monitoring tools like Security Score Card, Riskrecon.
Executive management status reporting across all relevant Vendor Management activities
IT Security Analyst
Intel May, 2015 – April, 2017
Performed assessment of IT General Controls (ITGC) such as Access Control, Change Management, IT operations, Disaster recovery and Job Scheduling.
Reviewed internal policies and procedures and existing laws, rules, and regulations to determine applicable compliance and the adequacy of underlying controls.
Provided support for SOX Audits and related activities such as planning and conducting periodic User Access Review, business and IT process walkthroughs, evidence management.
Reviewed authorization documentation for completeness and accuracy for compliance.
Assessed incoming threats and developed plans to close loopholes.
Assisted in IT management in identifying gaps between policy and process, developing recommendations to remediate control weaknesses and responsible for developing and maintaining IT control metrics related to compliance activities. Strong background in all stages of the auditing process, including planning, fieldwork/execution /risk assessment, reporting and follow up.
Reviewed internal policies and procedures and existing laws, rules and regulations to determine applicable compliance and the adequacy of underlying internal controls.
Prepare Client for Audit Readiness Assessment.
Documented control weaknesses related to testing exceptions and assisted in preparing draft audit reports to communicate findings and recommendations to senior management.
Fostered positive collaboration, improving IT’s partnership with other departments.
Education
University of Benin (Nigeria) Master of Business Administration (MBA)
Certification
Project Management Professional (PMP)
Certified Information Systems Auditor (CISA) in View
Professional Association
Project Management Institute
Information Systems Audit and Control Association