CLAUDE TENDO CISA, CRISC, CISM , ComPTIA Security
Senior Compliance security Analyst/Vendor Risk Analyst (CISA, CRISC CISM ComPTIA Security+) at Coco Cola Inc (WTS)- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
Topline Score
Bio
Credentials
-
Certified Information Systems Auditor (CISA)
ISACA -
CompTIA Security+
CompTIA
Experience
-
Coco Cola Inc
-
United States
-
IT Services and IT Consulting
-
1 - 100 Employee
-
Senior Compliance security Analyst/Vendor Risk Analyst (CISA, CRISC CISM ComPTIA Security+)
-
Jan 2017 - Present
• Assist in the development, review, implementation and maintenance of policies, procedures, standards and guidelines in accordance with applicable regulations including ISO 27001, NIST 800-53 Framework Controls, HIPAA and PCI DSS • Create information security documentation and workflows to assist with incident response, audits, and vendor requirements • Perform vendor classification according to Data handling and Relationship as well as company policies and procedures • Lead awareness and training of new employees on Vendor Risk Assessment. • Create Vendor Risk Assessment Report and escalate issues when necessary • Work with vendors to discuss appropriate remediation actions and deadlines for all identified gaps • Analyze vendors processes to determine deficiencies within their controls that could violate applicable law, regulation, framework or internal policies and procedures • Present gap analyzes to stakeholders and management to give a better knowledge of the risk level • Perform periodic vendor risk assessment to make sure vendor controls are properly implemented to ensure confidentiality, integrity, availability, and privacy throughout the contract • Identify gaps and create a risk treatment plan/corrective action plan to track gap remediation process as well as providing recommendations • Perform Quantitative and Qualitative Risk Assessment to maintain a defined internal and external security posture • Review SOC 2 Reports & SIG and gather evidences to make sure it complies with company’s control standards • Validate remediation plans by reviewing data handling/provisioning characteristics, underlying controls, data transformation, monitoring processes, process and controls, version control, and documented approvals. • Perform Documentation Review • Championed control assessment • Assisted in SOC 2 ,ISO 27000 Audits by gathering of evidences and answering to security questions • Responding to Request of Proposals Show less
-
-
-
Ncc Group Security Services, Inc
-
Maryland, United States
-
Cyber Security Analyst/GRC Compliance Analyst
-
Jan 2016 - Jan 2017
• Perform continuous monitoring by updating the A&A documents and run vulnerability scans using tools such as Nessus and Tenable security center to identify vulnerabilities applicable to the system • Evaluate the likelihood that vulnerabilities could be exploited and assess the impact associated with this threat and vulnerabilities • Experience creating Standard Operational Policies (SOP) • Experience researching, and reviewing vulnerabilities reports, working with developers, system admins and engineers to remediates vulnerabilities on scan report and create POA&M. • Experience categorizing a system with the appropriate stakeholders into either high, moderate or low using FIPS 199 and SP 800-60 Vol 1&2 as a guide • Conduct self-control assessment to determine the adequacy of management, operational, privacy and technical security controls implemented • Assist System Owners and ISSO in preparing certification and Accreditation packages for IT System, making sure that management, operational and technical security controls adhere to a federal and well-established security requirement authorized by NIST 800- 53R4 to obtain and maintain • Conduct risk management using NIST SP 800-39 and risk assessment using NIST SP 800-30 to identify system threats, vulnerabilities, and impact level • Experience with auditing by acting as a Liaison Analysis by responding to and assisting with audits, assessments . • Prepare recommendation strategies that are made available to system owners, system admins or system engineers to remediate identified vulnerabilities • Analyze and update system security plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security Test & Evaluation (ST&E), E- Authentication, Contingency Plan (CP) and Plan of Actions & Milestone (POA&M) • Perform Documentation Review • Assisted in SOC 2 ,ISO 27000 Audits by gathering of evidences and answering to security questions • Responding to Request of Proposals Show less
-
-
-
Gozem - Africa's Super App
-
Singapore
-
Internet Publishing
-
300 - 400 Employee
-
Oracle Database Administrator/ SECURITY ASSESSOR
-
Jun 2014 - Aug 2016
• Installation and configuration of oracle 11g standalone and RAC databases in Linux, Windows. Migrate and upgrade oracle 10g RAC databases to 11g. RAC databases are 2 - 8 nodes on RHEL. • Followed System Development Life Cycle (SDLC) methodology for designing, analysis, development and implementation. • Installed and configure the Oracle Golden Gate software on Unix/Linux platform for both Unidirectional and Bidirectional replications. • Tuned database for higher performance, analyze, explained and trace sessions for bottleneck queries, and configured instance optimal parameter setting • Discuss preassessment procedures with team members and notated findings and relevant questions • Participate in the development of Security Assessment Plan (SAP) and perform assessment using NIST SP 800-53A as a guideline • Perform comprehensive security control assessment using assessment method such as, interviewing, examination and testing • Participate in weekly meetings to discuss the status of the assessment • -OCA Show less
-
-
Education
-
The University of SIANTOU
Bachelor's degree, Computer Science