Vendor Risk Analyst Resume
4.00/5 (Submit Your Rating)
SUMMARY:
- 6 years of experience in internal controls, IT risk management, IT general control testing and
- Third - Party Risk Management (TPRM). Great understanding of SOC 2 report, SIG, ISO 27001
- Nist, COBIT and COSO framework required by SEC for SOX Compliance
TECHNICAL SKILLS:
- Microsoft Word, Excel, SOC1, SOC2, ISO 27001
- Access, PowerPoint, Security, Risk management
- Active directory IT Operations
- (Logging and monitoring and Back-up Recovery)
- NIST Framework and FISMA Requirements
- Review and Recommendation.
PROFESSIONAL EXPERIENCE:
Vendor Risk Analyst
Confidential
Responsibilities:
- Managed teh third-party assessment process by reviewing vendor assessment questionnaires including Soc 2 reports, SIG, and ISO 27001.
- Created draft reports for management and client review.
- Performed third party vendor risk assessments, identified control gaps, and recommend remediation initiatives.
- Conducted onsite/virtual assessments of high-Risk vendors.
- Partnered wif third-party executives and staff members to suggest mitigation solutions for risk areas.
- Analyzed controls and performed control assurance testing activities.
- Provided professional day to day execution of third-party and operational vendor compliance assessments.
- Evaluated Third Party responses to IT questionnaires and test answers as appropriate.
- Track and report progress status, issues, and challenges on a regular basis for executive reporting.
IT Auditor
Confidential
Responsibilities:
- Identified and evaluated risks during teh review and analysis of System Development Life Cycle (SDLC), including design, testing/QA, and implementation of systems and upgrades.
- Prepared audit scopes, reported findings, and presented recommendations for improving data integrity and operations.
- Conducted reviews of data centers, extranets, telecommunications, and intranets to assess controls and ensure availability, accuracy, and security under all conditions.
- Ensured quality and accuracy in concise reporting and consistency across audits.
- Developed, documents and maintain consistent audit tracking model and framework.
- Conducted 3rd party risk assessments to enable teh business and ensure compliance wif laws and contractual requirements.
- Conducted vendor risk assessment using Standardized Information Gathering Questionnaire (SIG Core/SIG-Lite) to assess service providers during onsite or virtual assessments.
- Applied experience in audit, security and regulatory frameworks including ISO 27001, SOX, HIPAA, COSO/COBIT.
- Conducted related ongoing compliance monitoring activities to ensure effectiveness of implemented controls.
- Produced third Party Vendor Assessment reports that clearly articulate risks.
- Translated security risk and communicate effectively to business partners wifin teh organization.
- Monitored and track best practices and emerging compliance changes/impacts for continuous improvement opportunities.
- Prepared written responses to routine security and compliance inquiries by preparing, modifying documents including correspondence, reports, drafts, memos, and emails.
Third Party Risk Assessor
Confidential
Responsibilities:
- Performed Third Party Risk Management (TPRM) assessments on vendor engagements.
- Plan and conduct security assessments on third party's vendors focusing on company policies, and internal controls.
- Communicate vendor risk management program wifin teh business.
- Assess identified third party findings and assist in identifying appropriate controls to mitigate.
- Document risk issues in teh client’s designated risk register
- Review Inherent Risk Questionnaire
- Prepare and analyze regular risk updates for management.
- Track progress and report status of issues that have been escalated to Vendor Risk Management.
- Maintaining an ongoing business relationship wif third party vendors.
Information Security Risk Analyst
Confidential
Responsibilities:
- Completed risk assessments, security requirements analysis, and security testing for existing and new applications controls.
- Responsible for updating any identify device authorization profile for full network access.
- Led technology risk assessment process wif business units to facilitate business objectives.
- Monitored action plans for critical and high- risk control findings.
- Updated and designed new processes, methodologies, and tools to optimize operations around department activities.
- Provided risk remediation recommendations that teh business and technology may implement to mitigate and identified control gaps.
- Performed vulnerability scans, conduct risk assessments, and implementing or overseeing of teh implementation of vulnerability assessments.
Privacy Policy
Resume Categories
- .NET Developers/Architects Resumes
- Java Developers/Architects Resumes
- Informatica Developers/Architects Resumes
- Business Analyst (BA) Resumes
- Quality Assurance (QA) Resumes
- Network and Systems Administrators Resumes
- Help Desk and Support specialists Resumes
- Oracle Developers Resumes
- SAP Resumes
- Web Developer Resumes
- Datawarehousing, ETL, Informatica Resumes
- Business Intelligence, Business Object Resumes
- MainFrame Resumes
- Network Admin Resumes
- Oracle Resumes
- ORACLE DBA Resumes
- Other Resumes
- Peoplesoft Resumes
- Project Manager Resumes
- Quality Assurance Resumes
- Recruiter Resumes
- SAS Resumes
- Sharepoint Resumes
- SQL Developers Resumes
- Technical Writers Resumes
- WebSphere Resumes
- Hot Resumes
