Risk Management Third Party
Resume:
Ohio Ozie ****.****@*****.*** Cell 469-***-****
PROFESSIONAL SUMMARY
Third Party and Risk professional with experience in identification of threat,vulnerabilities and remediation of key risks for clients across different industries. Reporting and communicating to senior management on the identified risks and opportunities to monitor the control environment as required, with a strong knowledge of policies, processes, procedure, implementation and control regulations with available tools .
•Vulnerability Scanning
•Compliance & Regulatory Analysis
•Incidence response
•Agile methodology/Scrum
•Security and privacy Controls
•ISCP
•Third Party Risk Management
•IT Risk Assessments/report
•Security Assessment
•SSP Development
•GRC Tool
•HISTRUST certification
Applications & Tools: AD Audit, Active Directory, Excel (pivot tables, vLookups, Spreadsheet),Powerpoint (Reporting),Microsoft word, Team Mate,Acl (data analysis), Servicenow, Remedy,SharePoint
Operating Systems: Unix/Linux, Windows
Regulations: SOX, GLBA, PCI-DSS, HIPAA, HITRUST,FFIEC,CMS
Vulnerability tools: Nessus, Nmap
Standards: ISO 27001, ISO 27005, ISO 8583, COBIT 5,COSO, 800-30,800-53,800-
37,800-18,800-171 and 800-137
SWANSTON CONSULTING, TX Mar 2018– till present
SR. Third Party Risk Management Professional/Senior Risk Analyst.
Perform initial risk assessment, identify, classify inherent risk and prioritize risk management to meet business needs
Review and analyze vendor service profile standardized information gathering [SIG] questionnaire artifact during onboarding and periodic assessment
Deploys ServiceNow as a risk management solution to provide solutions such as operational and enterprise risk management, security and IT risk management, third-party governance and regulatory compliance management.
Deploys standard frameworks such as NIST, ISO 27001, COBIT, Policies standard and procedures to recommend mitigating control to meet regulatory requirement specifically on SOX, CCPA, GDPR, HIPAA, PCI DCC
Develop tactical actionable timeframe to compliance issues are remediated and evidence to close finding documentation
Guild stakeholder as it relates to data minimization, tokenization, Encryption, data and anonymous to ensure appropriate security around HIPAA
Collaboration with Legal, Vendor Management, Information Security, to meet practices and application laws and regulation
Assist management in the evaluation of new technology service providers and third-party service providers
Develop, Implements, Monitor and report performance measures that demonstrate value and ensure vendor performance
Conduct privacy impact analysis to determine privacy compliance status for cloud solutions with PII based on compliance with General Data Protection Regulation.
Tested for the Operating Effectiveness of IT security controls in cloud vendor environment.
Performed risk assessment on third party cloud service provider to ensure data safety and security.
Performs Network Security Assessment where reviews are made to ensure that firewalls are configured to deny all insecure protocols such as FTP and HTTP and enabled to allow all secure protocols such as SFTP, HTTPS, and IPS
SSP(System security plan) development and annual update leveraging NIST 800-18 and NIST 800-53
Threat/vulnerability identification and mitigation where necessary.
Coordinate external/3rd party party audits, including PCI DSS, change management,Incident Response Planning and Business Process Improvement review
Assist in HITRUST certification.
Write and update IT policies, Risk assessment report and conduct third party vendor assessment in a financial environment using SSAE 18 report
CHECKPOINT SOFTWARES, Irving, TX Nov 2017- Feb 2018
Technical Advisor - firewalls
Independently identify, troubleshoot, document, replicate customer’s network security and vpn in an enterprise environment R77.30 and R80.10 checkpoint firewall using Siebel ticketing system
Independently document and conduct network Audit
Managing and monitoring firewall management server in an enterprise environment
Log monitoring in R77.30 and R80.10 checkpoint firewall
Troubleshoot TCP/IP network using relevant protocols in Linux and window environments
Responsible for providing support in Checkpoint R77.30 and R80.10 software environment
Assessed and analyzed the risks and exposures for several types of network architecture system designs (WAN/LAN),management server, internet, vpn and wireless(802.11)telephony, ensuring data is sent through secure protocols to protect critical company assets and resources
Troubleshoot and resolve network connection issues focusing on network diagnostic
Escalate complex network problems in accordance with internal processes
OMNIGREAT TRAINING AND CONSULTING, MN Jan 2015 – Nov 2017
IT Risk Analyst
Updates System Security Plans (SSP) Using NIST 800-18 as a guide to develop SSP, Risk Assessments and Incident Response Plans
Provide services as security control assessor (SCA), an integral part of the Assessment & Authorization process that includes A&A scanning, documentation, reporting and requirements analysis
Monitor Security Controls leveraging NIST 800-137 in order to perform periodic vulnerability scanning and test portions of applicable security controls annually
Review and document contingency plans (CP), privacy impact assessments (PIA) and risk assessment (RA) documents per NIST 800 guidelines for various agencies
Perform Continuous Monitoring (CONMON) NIST 800-137 tasks for the purpose of identifying & reporting new findings to clients via vulnerability assessment reports.
Applied Risk Management Framework (RMF) Using NIST 800-37 as guide to System Life Cycle Approach for Security and Privacy.
Applying NIST 800-53 for Security and Privacy Controls. Also applying NIST 800-50 for Security Awareness and Training Program
Ensured security controls were implemented correctly, executed per design and provided appropriate results
Experienced with CSAM for assessments and uploading artifacts in security documents
Performed testing, QA, and reported defects and exceptions via JIRA
Review cyber security controls, authentication mechanisms, remote access, protocols, applications, networks, operating systems, servers and all other relevant aspects of securing IT operations for corporate and client data
Assist with Security and IS management, the Legal department, Fraud department, Human Resources and law enforcement agencies to manage security vulnerabilities or inquiries.
COLINK LLC, Dallas, TX Jul 2013 - Jan 2015
IT Security Analyst
Performed vulnerability assessments using client provided security compliance scans and POA&M
Leveraged analysis results to identify and resolve anomalies with validation script, facilitating close out of findings to meet ATO due dates
Reviewed and processed manual security artifacts provided by system engineers via IV&V efforts
Developed dashboard tracker to manage received artifacts using approved Open Source Tools
Utilized Splunk machine learning capabilities to analyze logs, research incidents, and provide feedback to management (Non-Prod)
Assist Information Security Engineer with complex risk decisions and provide advice and guidance where required.
Conduct meetings, interview control owners, generate documentation request lists, evaluate documentation and prepare recommendations for improvement.
Demonstrates advance understanding of organization's Information Security, Cyber Security and Business Continuity Management to clients during onsite visit, speaking on conference calls, email responses and completing client’s questionnaire
Develop and manage the Information Security delivery of the Vendor Risk Assessment program.
Develop infrastructure and IT Process assessments for use across the organization's computing environment.
Document risk issues in the designated risk register
Engage with technical process owners to understand technical process steps, identify risk, and drive toward a completed documentation that aligns with the IT Governance and Risk Management programs
EDUCATION:
Mahatma Gandhi University, INDIA
Bachelor of Science (Honors), Information Technology
University of South Africa, RSA Certificate, Project Management
•Cisco Certified Network Professional CCNP SECURITY
•Certified information system auditor CISA
•CompTIA A+
•CompTIA Network+
•ITIL V3
Pending ISACA Certifications
•CRISC
•CISM
Contact this candidate