Risk Analyst Compliance
Resume:
AZEEZ OLAJIDE
Mobile: 267-***-**** Location: Maryland Email: ***************@*****.***
THIRD PARTY RISK ANALYST / GRC ANALYST
PROFILE SUMMARY
An efficient and experienced Cybersecurity specialist, Vendor/Third-Party Risk Analyst and Governance, Risk and Compliance Analyst with over 5 years of experience performing Security Control Assessment, risk assessment, third-party audits, update policies and procedures with knowledge of ISO 27001, HIPAA, HITRUST, SIG, SSAE 18 (SOC 1, SOC 2), NIST 800-53, NIST- CSF, PCI-DSS, GDPR, SOX and CCPA to ensure and achieve Confidentiality, Process Integrity, Availability of Information Systems with various technologies, healthcare, and financial institutions.
WORK EXPERIENCE
TELEWORLD SOLUTIONS (WTS)
FEB 2019 - PRESENT
THIRD PARTY RISK ANALYST / GRC
Review and update of policies and procedures in accordance with applicable regulations (ISO 27001/ NIST).
Assists in the implementation of policies and procedures to adequately address and control the risk management of the company's assets.
Collaborate with Procurement team, Legal team, Security team, and other business functions to identify, assess and design plans to mitigate and monitor risks associated with third parties.
Administer questionnaires to vendors to assess their security control implementation.
Facilitate Organization wide security awareness and training using (Knowbe4).
Performs research and analysis of emerging and disruptive Information Technology / Information Security trends and tendencies that may affect the organization.
Leverage RSA Archer to perform periodic data validation, risk assessment and GRC functions.
Utilize OneTrust to streamline organization privacy process and to conduct compliance related tasks.
Performs Information Security third party due diligence and ongoing assessments of vendors to assess risks and determine effectiveness of controls. Also investigates and reports violations, third party data breach, supply chain vulnerabilities.
Assess Vendor Inherent Risk Questionnaire (IRQ) to determine Vendor Tier rating (Critical, High, Moderate and Low) based on Vendor Response to the IRQ
Categorize Vendor Risk base on Risk score and give recommendations for Approval or Denial
Conduct yearly refresh of High and Moderate Risk Vendors and prepare VRA Report
Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls.
Escalate issues associated with customer audit and third parties to senior management as needed.
Perform ongoing risk assessment and audit for vendors to ensure compliance with industry Standards.
Serve as liaison analyst during internal audits
Continuously monitors vendor’s security risk score with RiskRecon
Work as remediation analyst to ensure all gaps discovered during internal control assessment are remediated
Review vendor scan reports to identify gaps and follow up closely to ensure gaps are remediated and closed in a timely manner.
Prepare Third Party portfolios reporting of risk and performance to senior executives.
Provide detailed reports of assessments to business owners and the vendor management office.
Ensure timely and accurate escalation of issues and observations of non-compliance or risks outside of acceptable thresholds.
Function as a central third-party risk management subject matter expert looking to involve third parties in processes that interact with data. Support completion of information security review process for all new third parties, and annual reviews for all other relationships, that receive and/or interact with data.
Support Incident management associated with Supplier/third parties.
Manage the process and tools for Information Security & Risk Management, and process IT due-diligence requests and ensure compliance to policies, procedures and regulations.
Manage, coordinate and lead third-party security risk management by partnering with key stakeholders, performing reviews of new and existing vendors, calculating risk ratings, and monitoring identified security risks.
Performs other related duties as required.
UNITED HEALTHCARE
THIRD PARTY RISK ANALYST
JAN/2017 – JAN/2019.
Worked closely with the Procurement and Business Units to ascertain the scope of work/service or product to be outsourced, aligns with the activity described in the intake form, thereby ensuring proper documentation in the third-party system of record.
Managed, coordinated and led third-party security risk management by partnering with key stakeholders, performing reviews of new and existing vendors, calculating risk ratings, and monitoring identified security risks.
Supported the Business Unit’s requirement to respond to the Inherent Risk Questionnaire (Inbound)
Accurately captured, report and escalated issues identified during Vendor’s due diligence and risk assessment.
Captured and documented significant changes to the activity that alter the risk profile of third parties
Captured and document changes to Business Unit engagement ownership
Coordinated with stakeholders to initiate scope and plan controls assessments of new and existing vendor engagements.
Assessed vendor completed questionnaire and other supporting security documentation to validate appropriate implementation of security controls.
Communicated vendor information security issues to stakeholders, ensuring they understood the associated risks with the vendor and a possible remediation strategy.
Validate evidence from vendors before remediation plans are closed.
Support the VRM Program to effectively manage vendor risk in accordance with internal policy and regulatory requirements.
Assessed Vendors business continuity Plan and disaster recovery, physical security, system development, operation, access control, incident management.
Experience with e-GRC tools to ensure secure and prompt communication of findings and deployments of questionnaires to the vendor and to track vendor progress on remediation.
Worked with vendors to ensure risks discovered are remediated within reasonable time.
Carry out various types of vendor assessments such as onsite, virtual, risk assessments for vendors depending on triage information from the vendor management office.
Conduct Vendor Business/Risk Reviews, providing support to compliance personnel as it relates to the evaluation and management of risk related to third party/Vendor entities, and their continued compliance with regulatory and contractual requirements.
Maintain inventory of third parties who interact with data, including key risk information about the relationship, data attributes involved, and regulatory compliance. Monitor open third party security issues and remediation actions associated with security control gaps to ensure timely closure
Managed and led enterprise security risk assessments by collaborating with key stakeholders across the business, identifying risks, and monitoring risk remediation in accordance with the defined risk score.
EDUCATION
Olabisi Onabanjo University, NGR :- Bachelor’s Degree in Urban and Regional Planning
PROFESSIONAL CERTIFICATION
Certified Information System Auditor (CISA)
CompTIA Security+ Certification
PROFESSIONAL ASSOCIATION
Information System Audit and Control Association (ISACA)
TOOLS:
Microsoft Suit
OneTrust
ZenGRC
Cloud Security
Jira/ServiceNow
Knowbe4
Bitsight
Security Scorecard
RiskRecon
RSA Archer
SKILLS:
Analytical skills
Documentation
Multi-tasking work independently and with team
Good communication skills
Contact this candidate