Risk Analyst Management
Resume:
Prosper Moses
Cyber Third-Party Risk Analyst
Email: ***********@*****.*** Mobile: +1-240-***-****
Upper Marlboro, Maryland
Experienced Governance, Risk, and Compliance (GRC) specialist with over 5 years of dedicated experience in enhancing organizational security postures and ensuring strict adherence to industry regulatory standards and client requirements. Proficient in developing impactful controls, policies, risk compliance strategies, and IT general controls (ITGC). Possesses a comprehensive understanding of SSAE 18 (SOC 1, SOC 2), NIST 800-53, ISO 27001, PCI-DSS, GDPR, SANS 18 Controls, and HIPAA, complemented by extensive audit exposure, adept risk assessment skills, vendor risk management proficiency, incident response capabilities, vulnerability management expertise, and insightful user access reviews. A catalyst in achieving the highest levels of information system confidentiality, integrity, and availability. Acknowledged for proactive leadership and the ability to efficiently prioritize multiple tasks in a dynamic environment.
TOOLS:
GRC: RSA Archer OneTrust Security Score Cards RiskRecon KnowBe4
Basic: MS Excel (Advanced) MS Word
Other: Box Confluence SharePoint Jira ServiceNow Wiz.io Monday.com
Professional Experience
Copart, Inc. (Contract)
Third Party Risk Analyst
Nov 2021 - Present
•Effectively communicate due diligence requirements to vendor relationship owners and relevant third parties, ensuring strict adherence to company standards.
•Provide comprehensive guidance on the due diligence process, promptly addressing inquiries, resulting in enhanced comprehension and more streamlined operations.
•Conduct rigorous due diligence procedures for all pertinent third parties, culminating in comprehensive risk assessments and effective mitigation strategies.
•Timely submission of risk surveys to applicable third parties, ensuring comprehensive risk assessment and prompt responses.
•Promptly escalate noteworthy findings to the relevant internal teams for thorough investigation and final approval, ensuring swift resolution.
•Proactively identify potential risks or non-compliance issues associated with third parties that could impact the company and implement proactive mitigation measures or corrective action plans.
•Collaborate seamlessly with various internal business units, including vendor relationship owners, subject matter experts, Legal, Compliance, and Finance, to foster effective collaboration in vendor management.
•Routinely monitor and initiate periodic reviews of third-party due diligence, ensuring ongoing compliance and risk mitigation.
•Meticulously manage vendor risk workflows through the Vendor Risk Management System, guaranteeing accurate data input and streamlined processes.
•Conduct thorough evaluation of third-party and vendor engagements, encompassing inherent risk assessments.
•Proficiently develop and generate reports for Vendor Risk Management, involving data collection, consolidation, analysis, and the creation of informative spreadsheets and dashboards, facilitating data-driven decision-making.
•Provide invaluable support in maintaining vendor inventory, which includes data scrubbing, validation, enhancing data accuracy, and optimizing vendor management efficiency.
•Collaborate effectively with GRC functions, offering support in critical activities such as policy development, risk assessments, and control testing, contributing significantly to improved governance and compliance.
•Collaborate seamlessly with both internal and external auditors during compliance audits, ensuring timely provision of essential documentation and supporting evidence.
•Offer valuable guidance and support to various business units concerning compliance matters, ensuring a clear understanding of regulatory requirements and the effective implementation of controls.
•Conduct thorough risk assessments and actively contribute to the development of robust risk mitigation strategies to address compliance gaps.
•Monitor, analyze, and report on compliance metrics, promptly highlighting areas of concern and providing actionable recommendations for continuous improvement.
•Provide steadfast support for security awareness programs, phishing campaigns, and reporting of metrics to senior management, contributing to enhanced security measures and employee vigilance.
Santander Bank (Remote)
GRC Analyst
Oct 2018 - Sept 2021
•Supported annual comprehensive NIST Cybersecurity Framework (CSF) recertification process, ensuring alignment with evolving industry standards and best practices.
• Collaborated with cross-functional teams to facilitate NIST CSF recertification, conducting thorough assessments of security controls and risk management processes.
•Played a key role in documenting and reporting on the results of the NIST CSF recertification, providing valuable insights and recommendations for enhancing the organization's cybersecurity posture.
•Conducted periodic reviews on existing vendors, proactively identifying and promptly escalating issues to mitigate vendor risk, resulting in the successful mitigation of potential risks and a notable resolution rate of identified issues.
•Functioned as a Subject Matter Expert for the Vendor Management Team, offering invaluable support in vendor onboarding, monitoring, and contract review processes. This strategic involvement significantly reduced onboarding time through process optimization.
•Played a pivotal role in process enhancement and updates within the Vendor Management platform, leading to a substantial increase in user efficiency and a marked improvement in data accuracy.
•Effectively managed the new vendor onboarding process, ensuring stringent compliance with all regulatory obligations and requirements, safeguarding the organization's reputation and operations.
•Developed and meticulously maintained end-to-end data within the Vendor Management System and reporting tools, resulting in the timely delivery of accurate and critical reports.
•Spearheaded the development and implementation of a standardized third-party risk assessment process, streamlining the identification and mitigation of risks associated with vendor relationships. This initiative significantly improved efficiency and effectiveness in risk management.
•Collaborated closely with internal stakeholders to establish precise risk thresholds and robust mitigation strategies tailored to vendor relationships. This collaborative effort contributed to enhanced risk management practices and bolstered business continuity.
•Demonstrated proficiency in monitoring key vendors within Riskrecon, consistently delivering timely alerts and insightful recommendations to senior management. This proactive approach effectively mitigated potential risks and minimized the impact of disruptions on critical business operations.
Additional Experience:
Shoprite Holding Ltd, NJ USA
Jan 2015 – June 2018
oScrum Master
EDUCATION
BSc Computer Networking and Cyber Security
University Of Maryland, Global Campus Maryland, USA
2024
Associate degree in General Studies
Prince George’s Community College Maryland, USA
2022
Diploma in Computer Engineering and Networking
Information Technology Business School, Nigeria.
2007
CERTIFICATIONS:
CompTIA Security+ Certified
(PSM I) Professional Scrum Master I
Certified Information Systems Auditor® (CISA)
TRAINING/CERTIFICATES:
Foundations of Healthcare Systems Engineering (2023)
AWS Cloud Practitioner Essentials (2022)
Business Analysis & Process Management (2022)
REFERENCES:
Emmanuel Ola
Senior GRC Analyst
**********@*****.***
Tolulope Yusuf
Team member
****************@*****.***
Jacob Esene
Risk Analyst
**********@*****.***
Contact this candidate