Information Security Compliance Analyst

Reti Daud

Cell: 312-***-**** I Email: *********@*****.*** I Location: Chicago, IL

Professional Summary

Experienced Security, Risk & Compliance analyst with over 7 years of experience in designing, implementing, documenting, governing information security controls and IT compliance programs to meet corporate, legal, and regulatory requirements. Solid technology skills and stakeholders management, collaboration abilities with detailed working knowledge of compliance best practices. Skilled technical and non technical third-party risk assessments and recommendations of mitigating action or controls.

Skills

Operational Knowledge of best practices standards such as ISO 27001/27002, NIST 800 Series, PCI DSS and other security control frameworks Experience reviewing 3rd party security reports (SSAE16 SOC 1 & 2, penetration testing reports)

Champion third party risk management from planning to termination Competency in project management in a cross functional environment and experience in managing remediation activities across the enterprise. Facilitate the review and development of policies and procedures Proficiency in GRC tools such as RSA Archer, JIRA, Vanta, Drata, Onetrust, Servicenow etc Professional Experience

Third party Risk & Compliance Analyst- Walmart Nov 2022-Till Date

● Review key vendors provided documentation such as SSAE-18 Type 11 report to ensure compliance with our information security standards

● Manage multi tasks and projects to meet partner contractual obligations, data protection laws, and regulatory needs under the guidance of legal counsel and information security architects.

● Work with all business functions to identify, document and agree on action plans to mitigate key risks.

● Assess suppliers based on control domains such as Network Security, Data protection, vulnerability management, Business continuity and Disaster Recovery etc.

● Responsible for overseeing the complete lifecycle management of third-party relationships, serving as the primary point of contact for third party requests.

● Implement a risk based strategy for identifying, assessing, and managing 3rd party risks.

● Manage internal stakeholder actions and expectations by collaborating with legal, procurement, finance, compliance and business owners to ensure proper handling of processes and procedures.

● Engage with vendor owners to identify any changes to a current vendor’s risk profile and escalate issues when necessary.

● Communicates with the business any material 3rd party issues or events and escalates to senior management for immediate resolution.

Information Security Analyst- Stratege Solutions, IL Oct 2020 - Nov 2022

● Lead internal and third party gap assessment and audit activities follow-up, conduct readiness assessment and evaluate the current compliance status against ISO 27001, SOC 1 & 2, SOX, and PCI DSS.

● Responsible for assessing and documenting IT and security risk and compliance based on process and control walkthrough to determine potential solutions that are appropriate for the organization.

● Lead quarterly access review for critical applications and systems as well as monthly SOX sustainment activities for all SOX applications.

● Supported the development and review of organization IT Policies, standards, and procedures

● Obtained and reviewed all evidence provided to validate controls are effective, retested controls that were remediated or updated as a result of previously identified deficiencies.

● Participated in internal security assessments and security reviews, conducted security risk analysis of business processes and technology solutions to evaluate compliance with policies and regulatory requirements.

● Documented risk and mitigating controls through risk control matrix including evaluating control designs and adequacy to ensure key risks are properly controlled and monitored, as well as ensured proper rationalization of controls.

● Responsible for carrying out internal and 3rd party audits/assessments, as well as facilitated evidence collection.

Cybersecurity Project Coordinator -Hasbro May 2017- Sept 2020

● Collaborated with various business units to mitigate risk, ensure compliance with security policies and standards to implement robust security measures and achieve project goals.

● Supported cybersecurity leadership in strategic planning efforts towards maintaining the security objectives and compliance goals.

● Defined project priorities and requirements for projects through planning, design, build, testing, and service transition phases.

● Partnered with relevant business leadership stakeholders to coordinate for smooth project execution.

● Facilitated regular stakeholder meetings to communicate project status and risks.

● Ensured change management within and across projects and programs.

● Created a culture of continuous improvement within the project and program.

● Developed and compiles detailed project documentation and reports for senior management.

● Developed project communications and updates for executive leadership including COO, CIO, CISO, and Senior IT leadership.

Education & Certifications

Bachelor of Business Administration

Imo State University, Nigeria

Certified Information System Auditor (CISA)

CompTIA Security+

Project Management Professional (PMP)

Contact this candidate