Security Analyst Information

Judith Kamba

Austin-Texas Email:*************@*****.*** Cell:512-***-****

PROFESSIONAL SUMMARY

Over 6 years of experience in TPRM, Auditing, IT Security and Enterprise Risk Management, Policy and

Procedure, Security Control Assessment, Vulnerability Management, and Compliance Testing (GRC).

Experienced in all the major cybersecurity frameworks, and regulatory standards such as COSO, PCI-DSS, HIPAA, GDPR, NYDFS, SOX, COBIT, ISO 27001, NIST CSF, FedRAMP, NIST 800-53, NIST 800-30 and HITRUST. Ability to review and analyze PENTEST and other vulnerability scan reports, Vendor SOC reports, CAIQ, SIQ, ISO 27005 etc. to appropriately determine vendor risk. Experienced in using GRC tools such as ServiceNow, RSA Archer, One Trust, and Process Unity, to automate the GRC and VRM processes.

PROFESSIONAL EXPERIENCE

Information Security Risk Analyst Sep 2020 – Present

Amazon Austin-TX

I Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility.

Also Maintain and enhance the administration of issue monitoring and exception tracking and, where necessary, facilitate remediation actions to improve overall third-party performance to meet business needs.

I am also responsible of Implement processes to monitor the third-party portfolio using a risk-based approach.

Review of third party provided audit reports and supporting documents e.g., SOC 1/2 reports and other certifications, and security whitepapers.

I Request and review questionnaires completed by the third party describing their environment and controls.

Collaborate with Procurement, Compliance and Privacy in the process of supporting the program.

I work in a self-directed, collaborative, and constructive manner with the business units and our internal stakeholders to enhance the effectiveness of the TPRM processes and controls.

Build effective relationships with stakeholders who own and support key third party relationships.

Gain commitment from stakeholders to help manage and improve the risk posture of these third parties.

I Maintain and enhance the administration of issue monitoring and exception tracking and, where necessary, facilitate remediation actions to improve overall 3rd party performance to meet business needs.

I also Manage the analysis of critical information security process, documentation, and service delivery models; facilitate remediation of known issues resulting from gap analysis

I Monitor and maintain Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for appropriate escalation to stakeholders

Information Security Analyst - Third Party Risk Management May 2017-2020

Austin State Hospital Austin-TX

•I Evaluated third party vendor’s control infrastructure effectiveness and obtain evidence of controls.

•Worked directly with key business leaders to facilitate risk analysis and the risk management process.

•Identified acceptable levels of risk and establish roles and responsibilities with regards to risk management.

•Evaluated the security of vendors and hosted solutions based on approved security standards such as HIPAA Security, NIST 800-53, ISO 27K, etc.

•Conducted Third Party Vendor Risk Assessment and gap interviews with key stakeholders and produce reports/metrics and analyses conveying vulnerabilities/findings and recommendations for remediation.

•Assessed control gaps to relevant standards, compliance requirements and business policies and develop recommendations for gap closure.

•Reviewed information security management system documentation and assist in developing IT security policies, standards, and guidance.

•Provided audit support by providing compliance reports and presentations to stakeholders and regulatory bodies.

•Participated in developing policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, and data

•Communicated project responsibilities and manage milestone expectations of remediation plans that resulted from internal or external risk assessment or audit.

•Worked with security personnel, facility managers, and Vendor POCs to develop, implement, maintain, and improve the Business Continuity, Disaster Recovery, Incident Response, and the Change Management processes for compliance and Vendor Service Level Agreement (SLA) obligations

Third Party Risk Management Snr. Analyst January 2016 March 2017

NETwork Cape Town -South Africa

Developed and mature NETwork’ TPRM program by partnering with key stakeholders Partner with Compliance to develop, implement, and maintain NETwork’ TPRM policy, processes, procedures, and controls.

Developed relationships with key stakeholders, business partners, Legal, Security Engineering, Privacy, Compliance, and Quality to integrate into third party processes across NETwork.

Planned, executed, and managed risk assessments in conjunction with subject matter experts (SMEs) for new and existing vendors based on risk. Collaborate with SMEs to manage ongoing monitoring activities on existing vendors based on risk.

Led the definition, collection, and reporting of comprehensive metrics including KPIs for vendor risk management.

Supported Sourcing and Project Managers with vendor performance and risk management.

EDUCATION

Bachelor of Science (BSc.)

CERTIFICATIONS

CompTIA Security+

CISM (in progress)

AWS (in progress)

Contact this candidate