Post Job Free
Sign in

Security Analyst It Risk

Location:
Palm Harbor, FL
Salary:
140.000
Posted:
May 03, 2025

Contact this candidate

Resume:

Anthony A. Metty

Oldsmar FL, ***** 203-***-**** *******.*****@*****.***

SENIOR SECURITY ANALYST

Dedicated and accomplished Senior Security Analyst with career expertise in IT Security, IT Risk and program management. Utilizes leadership and influencing skills to effectively deal with risks and provide solutions that include Access Control, Security Operations, Security Risk Management, Security Risk Control, 3rd party technical risk assessments, policies and standards, Security Awareness and effective staff management. PROFESSIONAL EXPERIENCE

AMJN Consulting LLC. Nov 2023 to Present.

IT Risk Specialist

• Audit areas of risk for clients, design and develop controls to mitigate risks for both internal and external systems.

• Possess a foundational understanding of common technology architectures. Solid understanding of system architecture and data flow diagrams.

• Collaborate with cross-functional teams to establish and enhance risk mitigation strategies.

• Perform technical Risk Assessments based on ISO 27001, PCI, NIST and HIPAA.

• Worked proactively with the different lines of business to provide security solutions

• Lead weekly risk meetings, provide metrics and updates to management.

• Review SSAE18, SOC Type 1, 2 audit reports, ISO 27001 site certifications and other documentation provided to ensure controls are in place.

• Perform third party risk assessment for Cloud based systems. AWS, IBM Cloud, Azure, SaaS.

• Solid project management skills, able to lead meetings, assign deliverables and follow up as needed.

• Provided input to IT Risk policies, identify gaps and implement IT Risk standards.

• SDLC Agile development standards.

Ampcus Consulting Sept 2022- Nov 2023

Sr. Security Analyst 3rd Party Vendor Risk Honda North America

● Perform risk assessments for new and existing vendors to identify areas of risks. Cloud computing. AWS, Azure, IBM, Oracle Cloud and SaaS solutions.

● Review SSAE18, SOC Type 1, 2 audit reports, TISAX, ISO 27001 site certifications and other artifacts provided by the vendor to ensure controls are in place related to HIPAA, PCI and other control standards.

● Manage all assessments through ProcessUnity GRC, and work on streamlining the overall GRC process.

● Create custom questionnaires for different vendor tiering, exit strategies and Contingency plans, continuous monitoring using Security Scorecard.

● Possess a foundational understanding of common technology architectures, understanding of system architecture and data flow diagrams.

● Collaborate with IT and LOB’s to ensure all are aware of the ever-changing risks that affect third

● Parties.

● Collaborate with cross-functional teams to establish and enhance vendor risk mitigation strategies.

● Lead efforts related to cyber investigations, 3rd party assessments, perimeter security and SaaS/cloud security configurations.

● Work with the LOB and the suppliers and provide sound, secure security solutions.

● Identify risks, work with the business and vendors to ensure risks are understood,remediated or accepted in a timely manner.

● Participate in weekly risk meetings, provide metrics and updates for all risk assessments to Sr. Management

● Solid project management skills, able to lead meetings, assign deliverables and follow up as needed. Realogy Holdings, New Jersey Oct 2021 – Aug 2022

Sr. Security Analyst 3rd Party Vendor Risk

● Perform technical 3rd party 4th Party Risk Assessments for vendors based on ISO 27001, PCI,

● NYDFS and GDPR standards and industry best practices.

● Work with Sourcing and legal on the MSA to ensure security controls are in place.

● Identify risks, work with the business and vendors to ensure risks are understood and remediated or

● accepted in a timely manner.

● Participate in weekly risk meetings, provide metrics and updates for all risk assessments to Sr.

● management.

● Ensure proper controls are in place to protect sensitive data at rest and in transit.

● Update Archer GRC as needed to ensure all data is complete for new and existing vendors.

● Collaborate with IT and LOB’s to ensure all are aware of the ever-changing risks that affect our third

● parties.

● Perform assessments for Cloud based systems. AWS, IBM Cloud, Azure.

● Project manage and operationalize new customized SIGs and Archer updates

● Review SSAE18, SOC Type 1, 2 audit reports, ISO 27001 site certifications and other artifacts provided by the vendor.

Guardian Life, New York, NY. May 2018 – Oct 2021

Sr. Security Analyst 3rd Party Vendor Risk

• Perform technical 3rd party 4TH Party Risk Assessments for vendors based on ISO 27001, PCI, HIPAA, NYDFS and GDPR standards and industries best practice.

● Perform pre assessments for new and existing vendors to ensure the proper risk tiering.

● Review SSAE18, SOC Type 1, 2 audit reports, ISO 27001 site certifications and other artifacts provided by the vendor.

● Perform assessments for Cloud based systems. AWS, IBM Cloud, Azure.

● Create custom questionnaires for different vendor tierings, exit strategies and Contingency plans, continuous monitoring using Bitsight

● Ensure proper controls are in place to protect sensitive data at rest and in transit.

● Possess a foundational understanding of common technology architectures. Able to understand system architecture and data flow diagrams for the purpose of identifying risk.

● Work with Sourcing and legal on the MSA to ensure security controls are in place.

● Identify risks, work with the business and vendors to ensure risks are understood and remediated or accepted in a timely manner.

● Participate in weekly risk meetings, provide metrics and updates for all risk assessments to Sr. management.

● Update Archer as needed to ensure all data is complete for new and existing vendors.

● Collaborate with IT and LOB’s to ensure all are aware of the ever-changing risks that affect our third parties.

● Utilize Bitsight as part of all Tier 1 & 2 vendor assessments, identifying the vendor’s Cyber security posture.

● Report on Tier 1 & 2 vendors financials, incorporating these details into the final Closure report.

● Project manage and operationalize all third-party general projects. New SIGs, Archer enhancements, Bitsight and new technologies.

● Present new projects and scope to Sr. management outlining value and cost benefits, following the SDLC agile development standards.

SGA Consulting. Sept 2017 – May 2018

Sr. Security Analyst 3rd Party Vendor Risk Guarding Life

• Performed technical 3rd party Risk Assessments for vendors based on ISO 27001, PCI, HIPAA, NYDFS and GDPR standards and industries best practice.

● Reviewed SSAE16, SOC Type 1, 2 audit reports, ISO 27001 site certifications and other documentation provided by the vendor.

● Ensured proper controls are in place to protect Guardian data.

● Interfaced with internal business managers and external vendors to ensure all information provided is complete and accurate.

● Identified risks, worked with the business and vendors to ensure risks are understood and remediated or accepted in a timely manner.

● Participated in weekly Risk meetings, producing updates for all risk assessments to Sr. management.

● Collaborated with the existing Risk team, IT and LOB’s to ensure all are aware of the ever changing risks that affect our environment.

Anthony Metty *******.*****@*****.*** Page Two

Columbia University Medical Center. May 2016 – September 2017 Manager, IT Risk

• Managed team of four Sr. Security analysts, provided guidance and direction for internal and external Risk Assessments based on HIPAA and HiTrust standards. Reporting to the CISO.

• Redesigned the risk assessment process within the GRC Rsam system, providing simplicity and normalization of the risk assessment process as a whole. This was a complete system redevelopment project that saved time and added value.

• Provided consulting for special projects, bringing departments together to provide solid security solutions.

• Managed requisition vetting, ensuring all new applications and systems are entered into Rsam as needed to ensure the risk assessment process is capturing all assets and applications.

• Performed deep dive risk assessments on large scale projects as needed, identifying risks and working with IT and LOB’s to mitigate risks.

• Managed both internal and external audits, ensuring all findings are relevant and remediated.

• Created monthly metrics and general team updates and overall statistics for the different risk assessment stages and presented all findings to the risk committee.

• Worked proactively with the different lines of business to provide security solutions.

• Provided input to IT Security policies, identify gaps and implement IT standards. CERTIFICATIONS

CISM, Microsoft Certified Professional,

Mandiant Incident Response,

HIPAA,



Contact this candidate