Experience

4moles.com

• Financial Services
• 100 - 200 Employee

• SNR.THIRD PARTY RISK ANALYST

  • Jan 2021 - Present

  • Plan and conduct security risk assessments for all third-party vendors/suppliers. • Use of e-GRC tools such as RSA Archer to ensure secured and prompt communication of findings and deployments of questionnaire to the vendor. • Drive the remediation of control gaps based on priorities set by the organization. • Co-ordinate, implement and upgrade migration process within e-GRC system. • Ensure third party relationship adhere to company’s policies, procedures and compliant with regulatory guidelines and industry best practices. • Design and constantly upgrading suppliers’ questionnaires to ensure all areas of new threat signatures discovered are covered. • Administer questionnaires to all vendors to determine the control effectiveness. • Conducts onsite and virtual risk assessment to continuously determine the security posture at the vendor site. • Perform ongoing monitoring for Citi critical vendor using security scorecard. • Perform continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites. • Build and maintain strong relationships with team members, leadership, key business unit stakeholders and third parties. • Assesses operational fitness of assigned third parties through due diligence reviews. • Perform internal and external IT risk assessments using applicable Risk Matrix templates, Risk Assessment Matrix, Risk Control Self –Assessment and Risk Management life cycle also provided recommendations on mitigation options. • Assesses operational fitness of assigned third parties through due diligence reviews. • Conduct onsite and virtual risk assessment to continuously determine the control effectiveness. • Develop methodology of risk ranking vendors and streamlined level of effort for each assessment.



loanDepot

• United States
• Financial Services
• 700 & Above Employee

• THIRD PARTY RISK ANALYST

  • Jan 2017 - Dec 2020

  • Planned and conducted security risk assessments for all third-party vendors/suppliers. • Work with vendor for oversight to ensure adequate tier-in for vendors-based application on the level of data they have access to. • Designed and constantly upgrading suppliers’ questionnaires to ensure all areas of new threat signatures discovered are covered. • Administer questionnaires to all vendors to determine the control effectiveness. • Conducts onsite and virtual risk assessment to continuously determine the security posture at the vendor site. • Review and validates all controls at the vendor site to ensure data confidentiality. • Validate security questionnaires during onsite vitals, to ensure up to date data protection on vendor site. • Conduct on-site risk assessments based on agreed upon procedures guidelines. • Review all essential security policies and procedures documentation. • Provide detailed reports of assessments to business owners and the vendor management office. • Work as a remediation analyst to ensure all gaps discovered during the assessment are remediated or mitigated timely. • Escalate issues of 3rd party vendor’s non-compliance to the vendor risk management office (VMO). • Performed continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites. • Ensure third party relationship adhere to company’s policies, procedures and compliant with regulatory guidelines and industry best practices. • Facilitated remediation for any third-party related operational issues as needed. • Assesses operational fitness of assigned third parties through due diligence reviews. • Provides ongoing monitoring for third party risk due diligence.



Xerox

• United States
• Business Consulting and Services
• 700 & Above Employee

• Information Technology Auditor

  • Nov 2014 - Dec 2016

  • Performed assessment of IT General Controls (ITGC) such as Access Control, Change Management, IT operations, Disaster recovery and Job Scheduling. • Assisted IT management in identifying gaps between policy and process, developing recommendations to remediate control weaknesses and responsible for developing and maintaining IT control metrics related to compliance activities. • Strong background in all stages of the auditing process, including planning, fieldwork/execution /risk assessment, reporting and follow up • Developed audit plans and programs to evaluate control areas on projects such as financial statement audit, SOX testing, SAS 70/SSAE 18. • Conducted Sarbanes Oxley (SOX) testing in all the IT General Controls within the audit scope, to test their strength, effectiveness, and also weaknesses in their control environment. • Performed walk-through and detailed testing of controls to determine if controls are properly designed and operating effectively. • Created final audit reports, and oversee implementation of corrective action plans, while maintaining communication with all levels of management • Reviewed internal policies and procedures and existing laws, rules and regulations to determine applicable compliance and the adequacy of underlying internal controls • Performed IT general controls such as access control, change management, IT operations, disaster recovery and platform reviews (Window and UNIX OS) • Participated in all phases of IT Audit – Planning, Fieldwork and Follow up using applicable framework. . • Documented control weaknesses related to testing exceptions and assisted in preparing draft audit reports to communicate findings and recommendations to senior management. • Reviewed Corrective Action Plan (CAP; validates remediation control and follow-up on the remediation process. • Performed internal and external IT risk assessments, conducts gap analysis against industry standards and provides recommendations on mitigating options.