Risk Management Analyst

Rachael M. Cofini

Pennellville, NY 315-***-**** ****************@*****.***

linkedin.com/in/rachael-cofini/

CAREER PROFILE

Cybersecurity Risk Analyst with 3+ years of hands-on experience in Third Party Risk Management

(TPRM), Governance, Risk & Compliance (GRC), and IT Risk within Fortune 500 and highly regulated industries. Skilled in guiding vendors through the full TPRM lifecycle, leading third-party risk assessments, and managing due diligence documentation including SOC reports, SIG questionnaires, and security policies. Proven ability to evaluate vendor cybersecurity controls, support client compliance requests, and align with frameworks such as NIST CSF, ISO 27001, GDPR, HITRUST, and CCPA. Recognized for driving continuous improvement, identifying automation opportunities, and strengthening organizational resilience.

EDUCATION

Master of Science, Cybersecurity May 2027

Georgia Institute of Technology, Atlanta, GA. Overall GPA: 4.0 Bachelor of Arts, Cybersecurity, Minor in Risk Management and Computer Science May 2024 Le Moyne College, Syracuse, NY. Overall GPA: 3.8

PROFESSIONAL EXPERIENCE

Cybersecurity Risk Analyst, Paramount Global Jun 2023 - Current

• Led and coordinated 500+ internal and third-party cybersecurity risk assessments, evaluating vendor controls and enhancing enterprise-wide risk visibility and compliance posture utilizing ServiceNow and Process Unity.

• Partnered with leadership to operationalize Paramount’s Cybersecurity Risk and TPRM frameworks, driving vendor lifecycle processes from onboarding to offboarding and improving program maturity.

• Prepared executive-level risk reporting and client compliance documentation to support audits, client assessments, and board-level risk governance.

• Implemented and automated AI assessment workflows within the TPRM program, reducing manual review time by 30% and enabling scalable compliance with emerging governance policies.

• Mentored and supervised multiple interns across the cybersecurity risk management team.

• Conducted quality assurance reviews across 300+ third-party risk assessments annually, ensuring consistency and alignment with internal standards, NIST CSF, ISO, PCI, GDPR, and CCPA requirements.

• Managed due diligence collection and evaluation of vendor cybersecurity attestations (SOC 1/2, ISO 27001, SIG questionnaires, security policies), collaborating with Procurement and Legal to support contractual security reviews and mitigate vendor compliance risks. Community Bank, Information Security Analyst Intern Aug 2022 - May 2023

• Utilized AWS, IronPort, CrowdStrike, and Rapid7 to monitor infrastructure and automate routine threat detection tasks, improving team efficiency by 15%.

• Detected and reported 100+ phishing campaigns and associated malware, helping to prevent successful attacks across the organization.

• Mitigated endpoint threats and vulnerabilities using EDR tools and centralized log management, contributed to a 35% reduction in high-risk incidents over two quarters.

• Performed daily threat hunting and vulnerability analysis, uncovering and remediating over 50 critical system exposures.

• Developed and deployed quarterly phishing simulation templates, increasing phishing awareness scores by 22% among staff.

Starbucks, Supervisor Aug 2021 - May 2023

• Supervised daily operations and staff in a high-volume retail environment, enhancing customer satisfaction, training new team members, and managing cash and inventory controls. Le Moyne College, GenCyber Intern Jan 2022 - Jun 2022

• Assisted with the development of a new Cybersecurity summer camp through various programs.

• Workshopped and developed numerous Cybersecurity activities geared toward high school students.

• Audited and interviewed with the NSA regarding coursework.

• Taught the students in-depth cybersecurity material and did hands-on exercises like constructing raspberry pi's.

LEADERSHIP & RECOGNITION

• Graduated Magna Cum Laude with Departmental Honors; Dean’s List all semesters (2020–2024)

• President, Women in Cybersecurity (WiCyS) Chapter, Le Moyne College (2022 – 2024)

• Grew membership by 40% through targeted outreach and event planning, including panels and technical workshops.

• Executive Board Member, Cybersecurity Club, Le Moyne College (2020 – 2024)

• Co-led hands-on lab nights and Capture-the-Flag events, engaging over 100 students across disciplines

• Member of the ERIE21 Initiative at Le Moyne College (2020 - 2024)

• Captain, Women’s Rugby Team – Led team strategy and communication on and off the field

• Member, Alpha Lambda Delta National Honor Society Le Moyne College, Certified Instructional Tutor Aug 2023 – Dec 2024

• Mentored students about assignments, groups, labs, or other helpful information for courses.

• Created rubrics for assignments in consultation with the professor.

• Developed learning materials for cybersecurity students. Le Moyne College, ERIE21 Preorientation Leader/Mentor Jun 2023 - Aug 2023

• Designed and facilitated workshops for incoming STEM majors to ease academic transition.

• Presented campus resources and career prep strategies; addressed real-time student questions and concerns.

Contact this candidate