Risk Management Third-Party

Ayo Olumayowa

Washington DC • **************@*****.*** • +1-667-***-****

https://www.linkedin.com/in/ayo-olumayowa-7578151ba

PROFESSIONAL SUMMARY

Highly Skilled IT risk and security professional with over 8 years of expertise in Governance, Risk, and

Compliance (GRC), third-party risk management, and security controls. Adept at designing, implementing, and managing risk management frameworks to protect critical assets and ensure compliance with regulatory

frameworks. Proven ability to partner with cross-functional teams to improve security postures and streamline risk processes across organizations.

CORE COMPETENCIES

Enterprise Risk Management (ERM) Operational Risk Management (ORM) (TPRM) Vendor Assessments IT Security Controls Risk Assessments Incident Management Continuous Monitoring Business Continuity Disaster Recovery Issue Management Security Audits & Compliance Vulnerability Management Security Assessment Assessment & Authorization Risk Management

Framework (RMF) System Security Plan SSP Security Assessment Report (SAR) Plan of Action &

Milestone (POA&M) System Security Test and Evaluation (ST&E) COBIT FISMA NIST 800-53 rev 5 FIPS 199 ISO 27001 SOX GDPR CCPA SOC 1 & SOC 2 HIPAA HITECH PCI-DSS HITRUST

COSO ITIL RSA Archer One Trust ServiceNow Identity Access Management AWS Platforms BitSight RiskRecon Security Scorecard Nessus Tenable Black Kite Microsoft O365 JIRA Confluence

PROFESSIONAL EXPERIENCE

Security Control Assessor (TPRM) - Lead

BNY Mellon May 2022 – Present

Conduct risk assessments on third-party vendors, evaluating their security postures, financial stability, and regulatory compliance.

Implement and enforce security controls in line with federal and internal policies, including NIST SP 800-53 and other frameworks.

Coordinate with internal stakeholders, including legal, compliance, and IT teams, to integrate security and risk management into vendor contracts and agreements.

Utilize GRC tools such as Archer, One Trust, and ServiceNow to automate risk assessment processes and streamline continuous monitoring efforts.

Perform regular vendor audits and reviews to ensure ongoing compliance, identify vulnerabilities, and track vendor performance.

Oversee the incident management process, ensuring prompt response to vendor-related security breaches, including investigation, remediation, and reporting.

Develop vendor risk dashboards and reporting mechanisms to provide senior leadership with real-time insights into risk profiles and compliance status.

Establish a continuous monitoring program using tools like BitSight to assess vendor cybersecurity postures, track changes, and identify emerging risks.

Senior Third-Party Risk Analyst

USAA September 2019 - April 2022

Conducted thorough vendor risk assessments for new and existing vendors, focusing on compliance with HIPAA, HITECH, and PCI-DSS standards.

Collaborated with procurement and legal teams to negotiate vendor contracts, ensuring the inclusion of appropriate security and compliance clauses.

Managed vendor relationships by conducting on-site assessments, reviewing security controls, and ensuring adherence to privacy and data protection standards.

Utilized tools like BitSight to continuously monitor vendors’ cybersecurity postures and flag any vulnerabilities or risks for further evaluation.

Facilitated cross-functional team collaboration, bringing together IT, legal, and compliance teams to mitigate third-party risks effectively.

Developed and implemented a third-party risk management framework to streamline risk assessments and improve overall process efficiency.

Provided training and mentorship to internal teams on best practices for managing third-party risk, ensuring adherence to regulatory and security requirements.

Produced detailed risk reports and recommendations for senior management, helping to inform decision- making and drive strategic improvements.

Senior IT Auditor

BDO April 2015 – August 2018

Managed the full audit lifecycle, from planning and scoping to execution and reporting, ensuring timely and accurate delivery of audit findings.

Conducted audits focused on IT systems, data security, and operational risks, ensuring compliance with ISO 27001, NIST 800-53, and other regulatory standards.

Reviewed and tested user access controls, ensuring proper management of physical and logical access to critical systems and infrastructure.

Coordinated external audits, acting as the primary point of contact between the organization and third- party auditors for SOX, GDPR, and ISO 27001 compliance.

Analyzed and documented findings from IT audits, providing actionable insights and recommendations for improving security controls and processes.

Collaborated with cross-functional teams, including IT, legal, and compliance, to implement audit recommendations and improve risk management practices.

Monitored Information Security Management Systems (ISMS) activities, ensuring continuous compliance with organizational security policies and standards.

EDUCATION & CERTIFICATIONS

University of Ado Ekiti. (BSc)

Ladoke Akintola University of Technology. (MBA)

CERTIFICATIONS

Certified Information Systems Auditor (CISA) – ISACA

PROFESSIONAL MEMBERSHIPS

Third-Party Risk Association (TPRA)

Information Systems Audit and Control Association (ISACA)

Contact this candidate