Sr. Risk Analyst Resume
5.00/5 (Submit Your Rating)
TX
SUMMARY
- Insightful, result driven Risk and Compliance Analyst with over eight years of experience in Governance, Risk and Compliance, to include Third Party Risk Management, VRM contract reviews, risk assessments/scoring, monitoring SLAs, managing vendor onboarding/off - boarding process, RCSA, SOC1/2 reports, Information Security, Security Awareness Training, IT Control Auditing.
TECHNICAL SKILLS
- Legal and Compliance
- Risk Management
- Risk Analysis
- Risk Assessment
- Data Privacy/Assurance
- Auditing
- Policy and Contract Review
- Disaster Recovery
- Security Awareness Training
- Documentation
- Due Diligence
- Quality Control and Quality Assurance
PROFESSIONAL EXPERIENCE
Confidential, TX
Sr. Risk Analyst
Responsibilities:
- Conduct Due Diligence Assessments on Third Parties utilizing various regulatory standards, tools, applications, etc.
- Conduct virtual meetings with Third Parties to obtain additional documentation and classifications to complete assessments.
- Attend internal meetings as needed.
- Follow policies and procedures outlined by USAA Third Party Risk Management Program.
- Review key reporting to validate accuracy and identify discrepancies and gaps.
- Conduct annual onsite performance, and regulatory compliance reviews for mission critical service providers to ensure regulatory, contractual, and operational compliance.
- Test teh design/operation of general, contractual, and regulatory controls.
- Report risk assessment results to senior management, vendor business liaisons, and service providers, and recommend remediation/mitigation actions.
- Developing strong working relationships with all vendors to ensure seamless audits/reviews.
- Ensuring Third Party adherence to contractual/regulatory compliance to minimize teh risk of fines and reputational harm.
Confidential, DALLAS, TX
Third Party Risk and Compliance Analyst
Responsibilities:
- Executed due diligence for new vendor requests and assign inherent risk score.
- Partnered with business liaisons for teh collection of critical artifacts and evidence required from vendor.
- Performed risk and control assessments for all Vendors to evaluate TEMPeffectiveness of control systems.
- Engaged with service providers to obtain due diligence reports and evidence of control operation.
- Reviewed key reporting to validate accuracy and identify discrepancies and gaps.
- Conducted annual onsite performance, and regulatory compliance reviews for mission critical service providers to ensure regulatory, contractual, and operational compliance.
- Tested teh design/operation of general, contractual, and regulatory controls.
- Reported risk assessment results to senior management, vendor business liaisons, and service providers, and recommend remediation/mitigation actions.
- Developed strong working relationships with all vendors to ensure seamless audits/reviews.
- Ensured Third Party adherence to contractual/regulatory compliance to minimize teh risk of fines and reputational harm.
Confidential, DALLAS, TX
Security Risk Analyst
Responsibilities:
- Participated in all Audit activities to include Risk Assessment, Planning, Control Testing and Evaluation, Documentation
- Worked with GRC Tools for Vendor Risk Management, Auditing, Policy and Compliance, using NIST SP risk frameworks.
- Engaged with IT Teams to identify and correct process control design and execute issues.
- Worked with internal and external auditors as liaison during their engagements.
- Assisted in Risk Identification, Control design, and creation of testing guidance/procedures to domain owners and testers.
- Helped remediate Internal Control Deficiencies and engaged in review activities.
- Monitored various projects, created, and maintained IT Control documentation
- Led teh Incident Response Team in addressing all incidents including Business Email Compromise (BEC) and provided security awareness training for employees.
- Assessed vendor(s) existing controls to determine level of compliance to PCI-DSS, NIST, HIPAA, HITRUST/HITECH, FISMA, SOX, COBIT, COSO
- Performed vendor/customer contract negotiations and reviews to include redlining and contract language updates.
- Conducted Vendor SOC Readiness reviews to identify control deficiencies and make recommendations for remediation.
- Worked with Governance Manager in developing and maintaining Vendor SOC Reports that meets industry standards.
- Worked with Procurement, Legal and Compliance teams and performed Contract Reviews, Due Diligence, Electronic Data Discovery and Third-Party Attestation and Audit Reports/Recommendations
- Conducted Risk Control Self-Assessment (RCSA) Audit, Monitoring and Evaluation using industry standard frameworks.
Confidential, AUSTIN, TX
Information Assurance Analyst
Responsibilities:
- Worked with Information System Security Officers to prepare Assessment and Authorization (A&A) package for reviews using teh Six Step Risk Management Framework (RMF) process
- Identified, implemented, monitored, and enforced information security compliance, regulatory, and control frameworks.
- Assisted with teh development of processes and procedures to improve incident analysis and response times, gap analysis, and incident resolution.
- Evaluated security controls annually for FISMA self-assessment testing and continuously monitored detailed change orders for information updates.
- Conducted SOC Readiness reviews to identify control deficiencies and make recommendations for remediation.
- Conducted Quality Assurance reviews of RCSA.
- Reviewed security logs and patch management reports in accordance with best practice and compliance requirements.
- Keeping current on Technology and best practices, Certification and Accreditation guidance such as FISMA, NIST Special Publications, OMB Memorandum, Privacy Act, HIPAA - HITECH
- Worked across multiple internal teams and handled customer meetings on security related topics such as Social Engineering.
- Led teh Incident Response Team in addressing all incidents including Business Email Compromise (BEC) and provided security awareness training for employees utilizing KnowB4 Technology.
TECHNICAL SKILLS
- SIG
- OCC
- GRC
- CIA
- Access Control
- OMB Circular A-130 Appendix III
- Privacy Act
- HIPAA
- ISO 27001/2
- Information Security Governance and Risk Management
- Security Assessment and Authorization
- Risk Assessment
- Security Maintenance
- Contingency Planning
- Policies and Procedures
- FIPS
- FISMA
- FedRAMP
- PCI DSS
- HITRUST
- HITECH
- COBIT
- NIST SP 800 series.
Privacy Policy
Resume Categories
- .NET Developers/Architects Resumes
- Java Developers/Architects Resumes
- Informatica Developers/Architects Resumes
- Business Analyst (BA) Resumes
- Quality Assurance (QA) Resumes
- Network and Systems Administrators Resumes
- Help Desk and Support specialists Resumes
- Oracle Developers Resumes
- SAP Resumes
- Web Developer Resumes
- Datawarehousing, ETL, Informatica Resumes
- Business Intelligence, Business Object Resumes
- MainFrame Resumes
- Network Admin Resumes
- Oracle Resumes
- ORACLE DBA Resumes
- Other Resumes
- Peoplesoft Resumes
- Project Manager Resumes
- Quality Assurance Resumes
- Recruiter Resumes
- SAS Resumes
- Sharepoint Resumes
- SQL Developers Resumes
- Technical Writers Resumes
- WebSphere Resumes
- Hot Resumes
