Senior IT Risk Analyst TPRM & Vendor Governance
Resume:
ADWOA MENSAH BSc, CISM.
NEWBURGH, NY, 845-***-**** * *************@*****.*** LinkedIn
PROFILE
Strategic and results-driven Senior IT Risk Analyst with 9+ years of experience leading third-party risk management (TPRM) programs across financial services and fintech environments. Proven track record of reducing vendor risk exposure, streamlining assessment workflows, and aligning risk practices with regulatory frameworks including OCC, FFIEC, NIST, and ISO 27001. Known for cross-functional collaboration with Legal, Compliance, and InfoSec teams to drive operational resilience and regulatory compliance. Currently pursuing CISSP certification to deepen expertise in cybersecurity and risk governance.
CONTROLS / FRAMEWORKS/ CERTIFICATION
NIST 800 53, FEDRAMP, SIG Questionnaire, HIPAA, ISO 27001:2013, ISO 27002:2013, SOC 1, SOC 2, PCI DSS, GDPR, SOX, COSO, COBIT, HITRUST.
CERTIFICATIONS
CISM (Certified Information Security Manager), Security+ (CompTIA), CRISC (In Progress).
PROFESSIONAL EXPERIENCE
STERLING BANK & TRUST F.S.B, DIVISION OF EVERBANK - SOUTHFIELD, MI
Snr IT Risk Analyst – Oct 2022 – PRESENT
Led full vendor lifecycle, from onboarding to offboarding, ensuring compliance with OCC and FDIC guidelines for 1000+ vendors.
Identified and remediated control gaps, reducing residual risk exposure by 90%
Built dashboards to monitor vendor exceptions, SLAs, and contract compliance.
Partnered with Legal, Procurement, and InfoSec to streamline due diligence and contract negotiations.
NIELSEN IQ (REMOTE CONTRACTOR) – CHICAGO, IL
Snr TPRM Analyst – Jan 2021 – Sept. 2022
Spearheaded the development and implementation of a robust vendor risk management program, resulting in a 20% reduction in high-risk vendor incidents within the first year.
Reduced vendor assessment turnaround time by 30% through automation and process redesign.
Collaborated with cross-functional teams to establish and enhance vendor risk management policies, procedures, and controls, contributing to a 15% improvement in overall risk posture.
Implemented and managed a centralized repository for third-party risk assessments, streamlining the tracking and reporting of vendor risk profiles and other decision makings around TPRM.
SMARTTHINK LLC, (AMGEN INC.) (REMOTE CONTRACTOR), THOUSAND OAKS, CA Information Security Engineer – Jan 2020 – Jan 2021
Assisted with the implementation of ISO 27001 framework in alignment with the Information Security management System (ISMS).
Conducted phone interviews with service providers to clarify processes, understand all technology involved in service delivery and identify control gaps. Conduct follow-up phone interviews with suppliers to validate their response to the remote assessment.
Identified and assessed IT related risks and control weaknesses and coordinated with Amgen’s Information Security team to define appropriate remediation.
KPMG (CONTRACTOR) – WASHINGTON, DC
Cyber Security Risk Specialist (HITRUST) – Nov 2016 – Jan 2020
Highly collaborative with a deep desire to provide innovative solutions to the marketplace, build lasting customer relationships, and be part of a winning team.
Intimate knowledge of the HITRUST CSF, including experience advising and assessing against all CSF domains for HITRUST readiness and validated assessments.
Interpreted processes and controls, identified risks and weaknesses that required remediation, developed action mitigation plans, and validated those corrective actions have been remediated.
FANNIE MAE (CONTRACTOR) – WASHINGTON, DC
Third Party Risk Analyst – May 2015 - Nov 2016
Partnered with InfoSec and Legal to implement incident response workflows for CVEs and zero-day vulnerabilities.
Assisted in developing policies and internal controls collaborating with legal teams and vendors to ensure compliance with regulatory obligations on an annual basis as it relates to Third-Party integrations.
Supported vendor risk management activities including, but not limited to, risk assessments, gap analysis, contract review, and process improvements.
STRENGTHS
TPRM Program Leadership Regulatory Compliance (OCC, FFIEC, NIST, ISO, SOC, PCI DSS, HIPAA) Cross-Functional Collaboration Policy Development & Governance Reporting Vendor Risk Assessments & Exception Management.
TECHNOLOGY SUMMARY
Security Technologies: Resolver, One Trust, RSA Archer, Nessus, Security Scorecard, SIG
Questionnaire (Full, Core Lite).
Software: MS Office (Word, Excel, PowerPoint, Access, Outlook), Windows Server 2008, AWS, and Microsoft Azure
Ticketing Tools/Applications: Jira, Service Now
Risk Metrics, KRIs, KPIs, SLA Monitoring.
EDUCATION
LEHMAN COLLEGE CUNY, BRONX, NY
Bachelor of Science in Accounting & Economics- Minor Information Systems May 2016
Contact this candidate