Post Job Free
Sign in

Risk Analyst Information Security

Location:
Greenbelt, MD
Posted:
October 21, 2022

Contact this candidate

Resume:

AMUDALAT ADELEKE

Philadelphia, PA *****

Tel: 240-***-**** Email: ********@*****.***

THIRD-PARTY RISK ANALYST/ GRC Analyst:

An Information Security Risk Analyst professional with 5 years of experience performing GRC functions, Vendor/Third Party Risk Assessment and Security Control Assessment with an in-depth knowledge of industry framework like ISO 270001, SSAE 18 (SOC 1, SOC 2), NIST 800-53, NIST 800-37, NIST 800 -137, PCI-DSS, Hitrust to achieve Confidentiality, Integrity, Availability of Information Systems.

WORK EXPERIENCE

Ally Bank

THIRD PARTY RISK ANALYST

OCTOBER 2020 –CURRENT

Perform assessments on new and existing Suppliers/Vendors, aimed at reducing organizational risk from an Information Security & Compliance perspective by reviewing independent audit reports like ISO 27001, SSAE 18/SOC1/SOC2 PCI DSS report, Pen. Test and other third-party audit reports.

Manage due diligence required for onboarding and recertification of risks and on-going monitoring of all third- party relationship.

Collaborate with Procurement, Legal, Security, Technology, and other business functions to identify, assess and design plans to mitigate and monitor risks associated with third parties.

Review and ensure third-party service risk assessment scores accurately reflect the inherent risk of the service to Ally Bank.

Coordinate the distribution of due diligence questionnaires to the vendors, review submitted questionnaires for completeness, ensure appropriate stakeholders finalize reviews and determine overall risk remediation strategy for issue tracking.

Build rapport and relationships across the enterprise to foster a strong risk culture in owning and managing risks and controls and establish effective working relationships with all business units and departments.

Present technical information to technical and non-technical audiences to ensure the business lines understand program assessment results and thereby Present recommendations to various levels within the organization including senior management.

Perform information security risk assessments and act as a liaison analyst during internal Audits (SOC 2 type II, ISO 27001)

Ensure suppliers and Vendors relationship are in compliant with Ally's policies and industry best practices and Standards.

Facilitate remediation of any third- party findings/issues related operational issues as needed.

Assesses operational fitness of assigned third parties through due diligence reviews.

Perform continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure the protection of data at the vendor sites.

Carry out various types of vendor assessments such as virtual risk assessment. Working with the vendors to ensure risk discovered are remediated within a reasonable time

Perform continuous monitoring of all Ally Bank High Risk and Critical vendors by utilizing third party tools like Bitsight, Security Score Cards and other open-source Intelligence websites like Cisco Talos Intelligence validate the flagged Ips and domains.

Provide detailed reports of assessments to business owners and the vendor management team

Ensure third party relationship adhere to Ally Bank’s policies, procedures and compliant with regulatory guidelines and industry best practices.

Experience with e-GRC tools such as RSA Archer and One-trust to ensure secured and prompt communication of findings and deployments of questionnaire to the vendor and to track vendor progress on remediation.

Interface with Business units, vendor to discuss findings and remediation process.

Present Vendor risk reports and engage all applicable Ally Bank stakeholders during vendor onboarding weekly meetings.

Assist in evidence gathering in support of ITGC, SOC 2 type II audits and work with control owners to remediate deficiencies.

Cigna Health LLC

THIRD PARTY RISK ANALYST

AUGUST 2017 – SEPTEMBER 2020

Provided information security consultation to improve awareness and compliance with Enterprise Information Security policy, processes, and standards.

Managed and maintained the global IT Security Awareness program by Creating security awareness training necessary to ensure adherence to Cigna Health policies, standards and overall security controls.

Developed anti-phishing campaigns utilizing KnowBe4, track global metrics and identify areas for improvement.

Partnered across multiple teams to build and improved the compliance framework for developing and deploying IT systems, infrastructure and policies that adhere to industry best practice.

Identified inherent risks and managed the ongoing oversight activities for all Cigna Health high risk vendor relationships.

Performed evaluation of TPRM and Vendor engagements to identify and manage vendor inherent risk via risk assessments and initiating due diligence efforts for all Cigna Health third parties.

Communicated with internal stakeholders and Sales Executives to respond to Inbound questionnaires/security survey.

Work with vendor for oversight to ensure adequate tier-in for vendors-based application on the level of data they have access to.

Designed and constantly upgrading suppliers’ questionnaires to ensure all areas of new threat signatures discovered are covered.

Conducts onsite and virtual risk assessment to continuously determine the security posture at the vendor site.

Review and validates all controls at the vendor site to ensure data confidentiality.

Validate security questionnaires during onsite vitals, to ensure up to date data protection on vendor site.

Conduct on-site risk assessments based on agreed upon procedures guidelines.

Review all essential security policies and procedures documentation.

Provide detailed reports of assessments to business owners and the vendor management office.

Work as a remediation analyst to ensure all gaps discovered during the assessment are remediated or mitigated timely.

Escalated issues of third-party vendor’s non-compliance to the Senior Management.

Performed continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites.

Ensured third party relationship adhere to company’s policies, procedures and compliant with regulatory guidelines and industry best practices.

Facilitated remediation for any third-party related operational issues as needed.

Assessed operational fitness of assigned third parties through due diligence reviews.

Provided ongoing monitoring for third party risk due diligence.

Monitored and assisted with exit strategies and contingency plans for third parties.

Collaborated and consulted with peers, colleagues, and managers to resolve cyber security issues and achieve Cigna Health Security goals.

TOOLs

Jira

ServiceNow

Ariba

RSA Archer

OneTrust

Bitsight

Security Score card

Microsoft Suites

Google Suits

Monday.com

Loopio

PROFESSIONAL CERTIFICATION

Security + (Comptia)

Certified Information System Auditor – (CISA in-View)

EDUCATION

Lagos State University, Lagos Nigeria: (B.Sc. Accounting & Finance.)



Contact this candidate