Compliance Analyst Information Security

AWA NDAH MBULIFANG

[New Carrollton, Maryland] [301-***-****] [***********@*****.***]

Results-oriented professional with 5+ years of compliance and Third-party vendor risk management, POA&M management, continuous monitoring, and Risk Management Framework, System Monitoring and regulatory compliance following NIST, ISO 27001, HITRUST, HIPAA, FEDRAM, Assessment and Authorization, Vulnerability management, Vendor selection, and Categorization, Analyzing Soc reports and create risk Assessment report.

Professional Experience

Walmart Bentonville, Arkansas

Vendor Risk Management\ GRC Compliance Analyst August 2021 - Present

• Work with vendors to discuss appropriate remediation actions and deadlines for all identified gaps.

• Assist in the development, review, implementation, and maintenance of policies, procedures, standards, and guidelines following applicable regulations, including ISO 27001, NIST 800-53 framework controls, HIPAA, SOX, COBIT, and PCI- DSS.

• Responsible for the implementation of controls to build and enhance the G.R.C. program

• Ensure proper contractual language, security obligations, and third-party agreements in partnership with legal and procurement teams

• Perform third-party risk assessment of existing and new services, Technologies, and business counterparts.

• Negotiated remediation of security issues with vendors and third parties

• Communicated vendor security risks to business leaders to ensure a clear understanding of the risk involved.

• Assisted during auditing as a liaison between auditors and engineers and performed awareness and training of newly hired and retained employees.

• Increase the effectiveness of risk assessment efforts by delivering training to new employees

• Achieve alignment with regulatory standards by analyzing vendor processes to mitigate control deficiencies that may violate laws, regulations, frameworks, or internal policies

• Optimize information security operations by reviewing SOC2 reports, penetration test reports, vulnerability scan reports, business continuity plans, and other forms of documentation

• I updated the vendor database and requested applicable documents for vendor name changes.

• Monitor the site and ensure item compliance with established policies, rules, and guidelines.

• Providing feedback to engineering teams for product and tool enhancement

• Drafting and updating policies and standard operating procedures with input from leadership.

• Identifies compliance concerns by creating reports on findings, communicating findings to management, and recommending resolutions to the problems.

• Assess, report, and mature the compliance posture for internal policies, guidelines, and regulatory requirements based on frameworks including ISO and NIST CST.

• Experience in facilitating and perfuming third-party vendor risk assessment, training, and awareness management.

• Negotiate information security contract requirements with Legal, Procurement, and vendors

• Assist

Smith Life Homecare Rockville, Maryland

Compliance Analyst January 2020 - July 2021

• They supervised Smith life employees in a business emergency, ensuring that all actions and decisions complied with company policies and procedures.

• Facilitated security control assessment and performed internal system audit before the external Audit.

• Researched the effectiveness of regulations and provided recommendations for improving their effectiveness

• Responsible for leading internal I.T., Cybersecurity, and Third-party information security risk

• Influenced vendors and business partners to ensure compliance with risk management policies.

• Oversaw internal technology control testing and gap assessments.

• Monitored changes in relevant regulatory areas to assess compliance program gaps

• Coordinated plans and managed all annual audit activity for SOC2.PCI-DSS and HIPAA audit.

• With the internal audit team to design the annual audit plan and manage special projects as needed

• Reviewed and edited policies to align them with industry standards like NIST, ISO 27001, and HIPAA

• and assisted in identifying potential areas of compliance risk.

• Reviewed documents and maintain accurate, complete, and organized records substantiating all compliance research.

• Used BITSIGHT to conduct risk scoring to improve continuous risk monitoring.

• We performed Quantitative and Qualitative Risk Assessments to maintain a defined internal and external security posture.

• Gathered documentation for customer Engagements and assessments in HITRUST.

• Assisted in maintaining files and records for all aspects of the organization. SunTrust Bank Atlanta, GA

Jr. Information Risk Analyst October 2017 - November 2019

• Adhered to and complied with applicable federal and state laws, regulations, and guidance, including the anti-money laundry or secrecy Act.

• Prepared risk assessments to help identify potential threats and vulnerabilities.

• Coordinated and gathered vendor risk assessment data and prepared risk assessment for critical-related vendors as needed, to be published and communicated to stakeholders,

• Developed, Monitored, and executed vendor remediation actions, mitigations, and contingency plans when risks were identified.

• Adheres to bank policies and procedures and completes required training.

• Provide support for the regulatory, internal and external audit process.

• Managed vendor risk as defined in vendor contracts and accordance with existing risk management programs and policies.

• Maintained, improved, and enforced SunTrust security policies and I.T. security standards, along with security exception processes.

• Tracked, identified risk and risk events, and worked with regulatory officers and auditors as necessary.

• Adhered to SunTrust policies and procedures and completed the required training.

• Stayed up to date on regulatory and compliance requirements with a focus on PCI-DSS compliance.

• Assess service level agreement before vendor (S.L.A.s) before vendor categorization.

• Assisted in remediating any exceptions or findings noted by Auditors before the Audit ended.

• Involved in due diligence to determine the right vendor for onboarding.

• Worked with the Legal and Procurement team in reviewing vendors’ contracts.

• Led awareness and training of new employees on vendor risk assessment and responded to requests for proposals.

Technical Skills

Rapid7, Nessus TENEABLE, BITSIGHT, One Trust, ServiceNow, ZENGRC, NIST 800-37, NIST 800-60 Vol 1&2, FIPPS 199, Upguard, NIST 800-53 Vol 4&5, Microsoft Office Suite, FIPPS 200, S.S.P., Risk Register Management

Education & Certifications

Master of Science, Cybersecurity Technology, University of Maryland, 2022 Bachelor of Science, Computer Science, National Polytechnic CISA – Certified Information Systems Auditor

CompTIA Security +

Contact this candidate