Third Party Risk Assessment
Resume:
FRANCIS UKAWUIKE
(CISM, Security+)
Email: ***********@*****.*** Mobile: 301-***-**** LOCATION: Rosedale, MD
A dedicated Information Security Analyst with years of experience performing Third Party security review, Risk Assessment, with in-depth knowledge of IT general Controls. Proven track record in facilitating and managing Vendor Incident Management, Control Assessment and Gap Remediation, Awareness and Training, Internal and external audit in a fast-paced environment to achieve Confidentiality, Integrity and Availability of Information systems of an organization.
SKILLS AND TOOLS
SKILLS
TOOLS
Planning and organizational skill
Riskrecon Bitsights
Problem solving ability
Knowbe4 Lessonly
Written and oral communication skills
OneTrust ZenGRC Venminder
Microsoft Suite
Talos Intelligence
Analytical skills
Governance, Risk & Compliance
Documentation
Work Experience
Third Party Risk Analyst
FBS Corporation of America: September 2019 – Present
Manage due diligence required for onboarding and recertification of risks and on-going monitoring of assigned third- party relationship.
Ensure third party relationship adhere to company's policies and compliant with regulatory guidelines and industry best practices.
Monitor and assist with exit strategies and contingency plans for third parties.
Facilitate remediation of any third- party related operational issues as needed.
Assesses operational fitness of assigned third parties through due diligence reviews.
Work with the vendors to ensure risk discovered are remediated within a scheduled time.
Perform continuous monitoring on our critical and High-risk vendors by using multiple OSINT tools like Riskrecon, Bitsight and Talos Intelligence.
Provide detailed reports of assessments to business owners and the vendor management office.
Work as a remediation analyst to ensure all gaps discovered during the assessment are remediated or mitigated timely.
Experience with e-GRC tools such as RSA Archer to ensure secured and prompt
Review and analyze SOC 2 reports of third parties/vendors and other evidence provided during a risk assessment.
communication of findings and deployments of questionnaire to the vendor and to track vendor progress on remediation.
Ensure third party relationship adhere to company’s policy.
Proven working experience performing risk assessments using common security frameworks such as Vendor Security Alliance (VSA), Cloud Assessment Initiative Questionnaire (CAIQ), SIG, SIG-Lite, NIST 800-53 moderate baseline or equivalent.
I conduct security awareness training phishing campaign using Knowbe4.
Cyber Security Analyst
Speedway LLC: February 2017 – August 2019
Conducted vulnerability scanning using Nessus and analyzed the result in support of security controls assessment.
Participated in weekly security team meetings to provide guidance and support for the development of enterprise security architecture.
Develop, Review and update System Security Plan (SSP) using NIST SP 800-18 Appendix A.
Conduct risk assessments on identified vulnerabilities per NIST 800-30 and developed risk assessment reports.
Facilitated Security Control Assessment, performed internal audits of systems prior to external auditing and Continued Monitoring Activities.
Reviewed security logs to ensure compliance with policies and procedures and identifies potential risks.
Worked with systems and network administrators to develop implementation statement for security controls.
Created, reviewed and updated security documentations.
Improved security posture to effectively mitigate advanced threats.
Established company-wide security best practices and protocols to mitigate risk of data breach.
Conducted risk assessments using common security frameworks such as Vendor Security Alliance (VSA), Cloud Assessment Initiative Questionnaire (CAIQ), SIG, SIG-Lite, NIST 800-53 moderate baseline or equivalent
Certification
Certified Information Security Manager (CISM)
CompTIA Security+ certified
Education:
Aviation Institute of Maintenance, Manassas, Virginia – A.A.S. Degree, Airframe and Powerplant.
Contact this candidate