Post Job Free
Sign in

Third-Party Risk Security Engineer

Location:
Rosenberg, TX
Posted:
June 09, 2025

Contact this candidate

Resume:

Email: *************@*****.***

Tel: 202-***-****

Detail-oriented and security-focused cloud security engineer with over 10 years of experience assessing third-party security postures, facilitating onboarding assessments, and aligning vendor practices with internal GRC frameworks. Demonstrated ability to bridge the gap between compliance and technical controls through hands-on involvement in IAM reviews, SOC analyst collaboration, and general security assessments. Proven track record of ensuring vendor accountability and reducing organizational risk exposure through continuous monitoring and technical validation.

Core Competencies

Third-Party Risk Assessments

Vendor Due Diligence & Continuous Monitoring

SOC Reports (SOC 1, SOC 2), ISO 27001, NIST CSF

Identity & Access Management (IAM) Reviews

Microsoft Azure AD, Conditional Access

Microsoft Sentinel, Defender Suite

SIEM Log Analysis & Threat Correlation

Tools: Venminder, Black Kite, ServiceNow, Microsoft Purview

EXPERIENCE

MSC Security Assessment Analyst 03/2022-current

Interface with business areas, technical staff, project teams, and third parties to execute cross-functional risk assurance projects.

Conduct third-party risk assessments by reviewing vendor documentation including SOC 2 reports, penetration tests, and security questionnaires.

Initiate vendor onboarding workflows through ServiceNow and facilitated multi-stakeholder meetings to determine inherent risk ratings.

Order and reviewed third-party assessments via Venminder, analyzing control adequacy and issuing remediation recommendations.

Integrated security analysis with IAM practices by evaluating vendors' use of MFA, role-based access control (RBAC), and identity federation.

Collaborate with internal SOC team to review vendor-related security incidents, threat intelligence reports, and log alerts to assess impact on the organization.

Utilize Black Kite to implement continuous monitoring of approved vendors, tracking changes in cyber risk posture over time.

Draft and communicate risk acceptance decisions to business owners and enforced security remediation before onboarding approval.

Citi Group Cybersecurity Security Analyst 03/2020-03/2022

Conducted thorough risk assessments of third-party vendors, providing detailed insights into their cybersecurity practices and potential vulnerabilities.

Conduced comprehensive third – party risk assessments with Blackkite ensuring robust vendor security compliance and minimizing supply chain risk.

Planed and performed user acceptance testing (UAT) of GRC tool enhancements identifying issues and providing recommendations for resolution, communicating system changes to end users incorporating Qualys in the process

Reviewed and investigated the suspicious user, server, database, and application login events to prevent authorized access

Conducted thorough due diligence reviews on third party service providers

Analysed Qualys scanning results, sent results to respective asset and system owners for further action.

Utilized Qualys to keep track of recurring vulnerabilities, documented findings on ServiceNow Risk Register

ENGIE North America Inc. IT Security Analyst 07/2019-02/2020

Planed and performed user acceptance testing (UAT) of GRC tool enhancements identifying issues and providing recommendations for resolution, communicating system changes to end users incorporating Qualys in the process

Reviewed and investigated the suspicious user, server, database, and application login events to prevent authorized access

Conducted thorough due diligence reviews on third party service providers

Analysed Qualys scanning results, sent results to respective asset and system owners for further action.

Utilized Qualys to keep track of recurring vulnerabilities, documented findings on ServiceNow Risk Register

Communicated security awareness efforts to leadership and other departments on a continual basis.

T. Rowe Price IT Security Analyst 07/2017-06/2019

Coordinated & led weekly vulnerability management meeting

Contributed to the risk assessment of third-party tools used in portfolio management, evaluating integration points and security controls.

Monitored and triaged security alerts using SIEM tools, identifying malicious activity and escalating true positives to the incident response team

Utilized Microsoft Cloud App Security (MCAS) to discover Shadow IT and mitigate unsanctioned cloud usage across business units.

Conducted monthly access reviews and supported audit readiness by collecting and validating evidence of security control implementations.

Education & Certification

MBA University of Maryland University

CompTIA Security +

Microsoft Certification Az 500

Microsoft Power Bi (certificate)

Introduction to SQL (certificate)

Fundamentals of Visualization with Tableau (certificate



Contact this candidate