Information Security Third Party
Resume:
Polycarp F.
*********@*****.***
Dallas, Texas
INFORMATION SECURITY-THIRD PARTY & COMPLIANCE ANALYST.
With a strong background in IT risk management and security controls, I am confident that my skills and experience make me a valuable professional in this field.
With over six years of experience in the field, I have had the opportunity to work in diverse settings, including large financial organizations. Throughout my career, I have developed expertise in conducting Vendor risk assessments on applications, identifying findings, documenting risk assessment reports, and follow-up remediation actions per organization policies and procedures to ensure regulatory compliance. My experience includes Conducting vulnerability assessments to identify potential security threats and collaborating with cross-functional teams/SME’s develop remediation plans to mitigate those risks and providing regular reports to stakeholders on the status of IT risk management frameworks NSIT 800-30,39-137, GDPR, ISO27001, HIPAA, SOC2, GLBA, FFIEC, and SOX. Leading training sessions and workshops to educate staff on IT risk management and compliance best practices. I am also comfortable working with technical and non-technical staff, making complex IT concepts understandable to all. I hold a bachelor’s degree in law and currently pursuing A master’s degree in information Assurance & Cybersecurity at Grand Canyon University. I am excited about challenging opportunities to learn and use my technical and soft skills and contribute to the success of your IT risk management and compliance initiatives.
EDUCATION/CERTIFICATIONS/GRC TOOLS
Master’s degree in Cybersecurity in progress, Grand Canyon UN.
Bachelor’s degree in business law
CompTIA Security+ Certified
ISACA CISA CERTIFIED
CISSP IN Progress
ServiceNow, EDATT, Jira, ISET, SPARC, Nessus Tenable, & Microsoft Suite
INFORMATION SECURITY-THIRD PARTY ANALYST
WELLS FARGO October 12, 2022-07/07/2023
Initiate assets risk assessments, discovery, analysis, and remediation plan process to quantify risk within the organization to implement controls and controls effectiveness by Partnering or communicating with the primary Tech/SME’s team and other senior IT leaders to create, remediate, and continuously monitor the information security architecture profile for the enterprise.
Conduct risk assessments on WF’s new and existing applications and infrastructures to identify security threats, and vulnerabilities and determine risk severity to the organization.
Align Information Security processes with Cyber Security Frameworks such as GLBA, PCI, SOX, NIST 800-30-39, and FFIEC that drive assets risk assessment and remediation plan methodology.
Perform Ongoing monitoring, tracking, and reporting of aggregate and granular risk threshold limits as identified and set by Risk Assessment process and Methodology.
Provide guidance on security controls involving password and access management, segregation of duties, logging and monitoring, data encryption, data backup and recovery, disaster recovery, business continuity management, etc.
Provide periodic reporting on information security issues and gaps for compliance with the enterprise information security policies, standards, and procedures among employees, contractors, alliances, and other third parties.
Conducts onsite and virtual risk assessments to continuously determine the security posture at the vendor site.
Escalate issues of 3rd party vendor non-compliance to the vendor risk management office (VMO).
Review as well as ensure adequate management of Third Vendor Life Cycle risk management from vendor onboarding through the exit.
Investigate, recommend, and follow up on appropriate corrective actions for identified security deficiencies and policy exceptions.
Identify security risks, Track, monitor and report on Corporate Risk thresholds and limitations at an individual and aggregate level as identified by the Risk Assessment process.
Act as a liaison to the business and IT groups and assist them in the implementation of data security, compliance requirements, and information.
INFORMATION SECURITY CONTROLS ANALYST.
US BANK- January 10, 2022 -September 2022.
Conduct risk assessments on new and existing applications and infrastructures to identify security threats, vulnerabilities and determine risk severity to the organization.
Develop and implement security policies and procedures to safeguard organizational assets align to information security risk management methodology (ISRA/ISE)
Focus on key business risks while executing audit programs and testing procedures Participate in additional IT risk assessments Create process documentation and mapping Test implemented controls and perform risk assessments based on established frameworks and verify internal policies.
Effectively communicate security needs and business requirements to interdepartmental teams, lines of business, risk offices, and risk management teams relative to their business lines.
Performs information security risk assessments for third-party vendors and external business partners in coordination with Third Party Risk Program
Interpret and analyze third-party security risk assessment results, report findings to business owners, and provide recommendations for remediation Work with business owners to coordinate and oversee the management of issues stemming from third-party security risk assessments Collaborate with internal partners to document risks, issues, and mitigation plans.
Create and update governance documentation for the department. This includes policies, standards, procedures, frameworks, guidelines, charters, and any other department documents or communications.
Expert in evaluating common Information Security frameworks and Regulatory standards such as NIST, IS027001, Sox, and SOC 2 reporting.
Maintain the document repository for all department-level documentation. This includes managing sites and stay abreast of industry news and regulatory developments pertinent to the industry to assist in the identification of emerging risks and risk assessment best practices.
Manage department compliance with enterprise-level documentation & monthly review schedule for documentation reviews/updates, both department and enterprise level.
Experienced in utilizing the company’s risk management framework to identify, assess, monitor, and help mitigate the financial, reputational, regulatory, and operational risks (among others) associated with the company’s operations, products, and services. Work with various internal stakeholders, including operations, technology, product, finance, human resources, compliance and legal to identify and assess enterprise risks and implement controls and processes as well as monitor ongoing risks and mitigation efforts.
DELL TECHNOLOGIES- May 27, 2019-December 2021.
THIRD-PARTY SECURITY ANALYST.
Performed Third Party Risk Assessments for new and existing vendor tools, on-premises implementations, and third parties with access to the environment.
Conducted Third Party Risk Assessments by evaluating third-party questionnaire responses, like INHERENT RISK QUESTIONNAIRES/INTAKE PROCESS forms, Sig core/ Lite questionnaires, and performing control validation, and assessment of documentation per established procedures and standards Performing site visits to third-party facilities.
Evaluated the effectiveness of security controls for compliance with applicable policies, security laws, and regulations (ISO27000, SOC2, HIPAA, NIST 800-53, PCI-DSS) Assessing cloud technologies such as Software as a Service (SaaS) hosted applications.
Conducted risk assessments of new and existing vendors using Enterprise & Operational risk management tool One Trust, ServiceNow GRC Supported the Risk team in the development, implementation, maintenance, and execution of risk assessment processes through the various technology platforms.
Identified and analyzed risks associated with vendor relationships and recommended risk mitigation strategies.
Monitored vendor performance and conducted periodic reviews to ensure ongoing compliance with contractual obligations.
Collaborated with business stakeholders to ensure that vendor relationships were aligned with business needs and goals.
Prepared and presented reports to senior management on vendor risk and compliance.
Documented information security risk and compliance findings and recommendations for remediation Perform quality assurance and review of assessments performed by other team members delivering high-quality and thorough reports.
In-depth understanding of risk management concepts, particularly around information security, IT general controls, and basic audit terminology and concepts.
Managed data privacy roadmap in close collaboration with Information Technology, business team, procurement, and Legal teams.
Conducted third-party, independent assessments of customer systems and networks and identify deviations from acceptable configurations, organizationally promulgated and standard.
DAL TILE COOPERATION 12, 201*-**-****.
VULNERABILITY MANAGEMENT ANALYST
Conducted vulnerability assessments to identify potential vulnerabilities in the company's information systems and assets.
Worked with stakeholders to develop and implement effective mitigation strategies to minimize risks and ensure the security of the organization.
Monitored and analyzed vulnerabilities identified by vulnerability scanning and reporting tools.
Provided regular vulnerability reporting and communication to senior management and other stakeholders, ensuring visibility, and understanding of the organization's security posture.
Worked with internal teams to ensure that identified vulnerabilities were addressed in a timely and effective manner.
Developed and maintained vulnerability management policies and procedures, ensuring compliance with industry regulations and company policies and procedures.
Worked with third-party security vendors to ensure that vulnerability assessments were conducted according to the company's standards and requirements.
Monitored the company's information systems and assets for security incidents and vulnerabilities.
Conducted vulnerability scanning and reporting and provided regular security reporting and communication to senior management and other stakeholders.
Contact this candidate