IT Security/Third Party Risk Analyst

Sewhenu S. Hunjah

Phone: 832-***-**** Email: *******.******@*****.***

IT SECURITY

Result oriented and highly skilled Cybersecurity Specialist with over 7 years of experience in protecting critical systems, mitigating risks, and ensuring compliance with industry standards. I have demonstrated expertise in vulnerability management, threat analysis, and implementing robust security frameworks. Adept at collaborating with cross functional teams to align security measures with organizational goals. Passionate about fostering cybersecurity awareness, creating secure, resilient environments.

CORE COMPETENCIES

Internal & External Audits

Risk Assessment & Mitigation

Governance, Risk, and Compliance (GRC)

Process Improvement

Policy Development & Implementation

Regulatory Compliance (ISO 27001, SOC, PCI-DSS, NIST, GDPR etc.)

Cloud Security (AWS, Azure, OCI)

Security Assessment & Testing

Cybersecurity Awareness Training

PROFESSIONAL EXPERIENCE

Calendly

IT Security Specialist July 2021 - Present

•Implemented and maintained GRC frameworks, ensuring alignment with ISO 27001, NIST 800-53, GDPR, HIPAA, and SOC 2 standards.

•Analyzed audit findings, prepared detailed reports, and presented actionable recommendations to senior leadership.

•Conducted internal audits to assess compliance with industry standards and organizational policies.

•Conducted risk assessments, gap analysis, and cloud security reviews to identify threats and enhance system configurations.

•Monitored and analyzed changes in regulatory requirements, ensuring timely updates to company policies.

•Designed incident response plans and conducted regular testing to ensure readiness for cybersecurity events.

•Established and maintained a centralized repository for policies, controls, risks, and compliance requirements using GRC tools (e.g., ServiceNow, Archer).

•Maintained accurate and up to date records of vendor vulnerabilities and their remediation status.

•Collaborated with external auditors and regulators during security audits, providing documentation and addressing findings.

•Collaborated closely with procurement and legal teams to include security and compliance clauses in vendor contracts.

•Collaborated with DevSecOps teams to integrate security practices into software development lifecycles.

•Performed comprehensive assessment of IT infrastructure to assess the security posture and provide actionable recommendations for improvement.

•Participated in disaster recovery planning and testing to ensure IT resilience during cybersecurity incidents or outages.

•Developed training programs to raise organizational cybersecurity awareness and compliance.

•Established risk registers, prioritized risks, and recommended actionable mitigation strategies.

Key Achievements/Notable Projects at Calendly

•Successfully led effort to align disaster recovery planning with organizational objectives.

•Reduced audit discrepancies by [specific percentage] through process improvements.

•Conducted comprehensive security reviews for cloud platforms, resulting in a 20% reduction in vulnerabilities.

•Created a centralized repository for policies, controls, and risks using GRC tools.

•Delivered detailed monthly reports and dashboards, improving communication of risks and recommendations to leadership.

•Third-Party Risk Automation. Implemented automated workflows for vendor assessments, reducing review times by 40%.

PricewaterhouseCoopers – TX June 2019 – June 2021

Senior Cybersecurity Consultant

•Maintained third-party risk assessments, ensuring vendor compliance with GDPR, HIPAA, ISO 27001 and NIST standards.

•Conducted comprehensive risk assessments and due diligence on third-party vendors, focusing on security, compliance, operational, and reputational risks.

•Conducted security contract reviews and provided guidance on compliance and risk clauses.

•Monitored vendor performance through Key Risk Indicators (KRIs), and adherence to Service Level Agreements (SLAs).

•Conducted security assessments and investigations within various cloud infrastructures (Azure, GCP, Oracle etc)

•Automated risk assessment processes using tools like RSA Archer, Whistic, and ServiceNow.

•Created risk profiles for vendors and provide risk ratings based on assessment results to inform decision-making.

•Managed vendor onboarding processes, ensuring proper evaluation of potential risks before engagement.

•Developed and executed remediation plans to address identified risks and monitor progress toward resolution.

•Stayed updated on emerging regulatory changes and industry standards, ensuring the vendor risk management program aligns with best practices.

•Tracked vendor-related incidents, analyzed root causes, and recommended corrective actions to mitigate future risks.

•Generated detailed reports and dashboards to provide stakeholders with insights into vendor risk exposure and compliance posture.

•Promoted a culture of risk awareness across the organization by providing training and guidance on third-party risk management best practices.

Key Achievements at PricewaterhouseCoopers

•Improved collaboration between procurement, legal, and security teams for robust vendor contracts.

•Enhanced vendor risk management processes, reducing compliance breaches and policy violations.

•Spearheaded the creation of automated dashboards, improving risk visibility for informed decision making.

CERTIFICATIONS

CompTIA Security+

Certified Information Systems Auditor (CISA)

Certified Data Privacy Solutions Engineer (CDPSE)

Certified Third-party Risk Professional (CTPRP)

One Trust Third-Party Risk Management Expert

Certified ServiceNow Administrator (CSA)

EDUCATION

Bachelor of Science – Lagos State University

Master of Science – University of Lagos

TECHNOLOGY PROFILE

Security Tools: WebInspect, Nessus, One Trust, Confluence, Salesforce, Oracle Cloud Infrastructure, Whistic, RSA Archer, ServiceNow, Jira

Contact this candidate