We provide IT Staff Augmentation Services!

Sr. Vendor Risk Analyst Resume

Santa Ana, CA


  • Over 8 years of experience of Business Analyst, managing Vendor and Client relationship for financial industry at a program level
  • Knowledge of effective project management strategy, technique and skills required to effectively manage project scope, schedule, costs, communication, vendor management, resources and quality assurance
  • Experienced in test creation and execution, performed user acceptance test and functional testing
  • Deep knowledge and understanding of traditional SDLC’s through all stages of application development Life - cycle
  • Knowledge and experience of requirements capturing/gathering through research, formal-informal sessions and JAD sessions with SMEs and end users
  • Specialized in AS-IS and To-Be Processes for functional requirements and building use-cases, data flow diagrams, workflows and swim Lanes
  • Excellent analytical, grasping, problem solving, documentation, communication and interpersonal skills
  • Strong technical and business skills with experience on business and process modeling
  • Understanding of IT Terminology, Business, Compliance, BC/DR and Infrastructure related terms
  • Manage Small to large scale projects with moderate to high risk initiatives
  • Creative thinking, decision-making abilities and high level of confidentiality
  • Maintain professional relationship with Clients, Vendors and Project Managers
  • Ability to work in fast-paced environments and deliver quality output; handle multiple task on short deadline
  • Highly motivated and self-learner in fast paced, rapidly changing and collaborative team environment
  • Excellent knowledge of Adobe Photoshop, Illustrator, InDesign, Macromedia Dreamweaver, Macromedia Flash, HTML, Cascading Style Sheets (CSS) and Microsoft Office


Microsoft Office: Word, Excel, PowerPoint, Publisher, Access, Project, Visio, OneNote

Management/Support/Communication Tools: Sharepoint (CRM), Rally Dev, ARMS, Caliber RM, TFS, Visual Studio, Outlook, Lotus notes, Incident Management Remedy System, LIMS, Clarity, Service Now (CRM), RSA Archer, Python, Beeline (CRM), Clarizen, SAP, HP QC

Designing Tools: Photoshop, Illustrator, DocuSign, Acrobat Pro, InDesign Premiere, After Effects, Flash, Firework, DreamWeaver, Director, Sound Edit Pro, Director, Apple DVD Studio Pro, Apple Final Cut

Web Skills: Logo Design, Graphic Design Website Design and Development, Content and Article Writing

Technical Coordination: Network Infrastructure Setup, Offshore Development Center, Provisioning Virtual Desktop, and Packaging application

Specialty Skills: Business Analys is, Security & Risk Compliance, Access Review, Process Improvement, Project Management Outsourcing, Vendor Management, Third Party Service, Business Continuity and Disaster Recovery


Confidential, Santa Ana, CA

Sr. Vendor Risk Analyst


  • Develop, implement, and monitor a risk-based program to identify, assess and mitigate potential operational risks that may arise from inadequate or failed internal processes, people, systems or external events while maintaining a balance between risk mitigation and operational efficiency.
  • Work with business units and Stakeholders to provide compliance expertise, risk expertise and consulting for projects and initiatives with moderate to high risk to identify, assess and mitigate regulatory risk in all business activities.
  • Assist Business Continuity Planning (BCP) team to collect and maintain the third party provider’s Business Impact Analysis (BIA) and BC/DR documentation in accordance with company regulatory and industry guidance for BCP and to understand the criteria of Recovery Point Objectives ( RPO) and Recovery Time Objectives (RTO) meets bank’s expectation.
  • Work closely with Information Security and Privacy team to assess the third party provider’s controlled environment and usage of Nonpublic Personal Information (NPI) through SSAE16 and SOC reports.
  • Review and approve functional design definitions such as Application Requirements for RSA Archer deliverables to ensure business requirements are being met.
  • Created policies and desktop procedures, created workflow for the functional requirement based on the concurrent situation.
  • Facilitated JAD sessions and working to create workflows to ensure that the process was actively running
  • Evaluate information gathered from multiple sources, reconcile conflicts and translate high-level information, business requirements into technical specifications.
  • Participate in testing, monitor user acceptance testing and develop training material for new implementation or enhancements to existing functionality.
  • Proactively communicate and collaborate with external and internal customers throughout the project lifecycle.
  • Assist Third Party Risk Management Program/ Senior Vice President with day-to-day execution of project implementations: planning, tracking, documentation, status updates and issue escalation.
  • Track and report status of contract pipeline, negotiations, Annual Reviews and backlogs
  • Audit and evaluate the adequacy and effectiveness of service level agreements (SLA), policies, procedures, processes, initiatives, products and internal controls and identifies issues resulting from internal and/or external compliance examinations.
  • Participate in negotiation of new contracts and amendments to existing contracts for third party providers to keep organization Risk Acceptance and Remediation plan with current and new regulations such as OCC (Office of the Comptroller of the Currency), OFAC, FFIEC, GLBA and SEC regulatory
  • Maintains vendor contract database and SharePoint pipeline of new and existing third party contracts
  • Responsible for assisting in the development of monitoring oversight program of third-party service providers.
  • Provide recommendations and share best practices on Archer as part of continuous improvement initiatives.
Confidential, Costa Mesa, CA

Compliance Process Analyst for Vendor Risk Management


  • Subject matter expert to understand and assess the third party Risk. Assessments and controls include those relevant to laws, regulations and industry security standards, determining their ability to protect confidential data. Perform security assessments of systems, applications, data centers, and service providers using an established framework and tools to evaluate vulnerabilities.
  • Developed appropriate information security policies, standards, procedures, checklists, and guidelines using generally- recognized security concepts tailored to meet the requirements of the organization
  • Provide an application support for RSA Archer which includes creating user account using python script, manage user access, update access, password reset, update finding, troubleshoot user account etc.
  • Assist in analyzing the findings and establish a risk score based on an established scoring framework in RSA Archer. Present findings and assessments to business owners as well as third party service provider.
  • Review third party service remediation plans and determine if the plan sufficiently mitigates identified risks.
  • Track and report the progress on remediation of identified risks and vulnerabilities. Enhance risk/vulnerability assessment programs and questionnaires to aid in the identification and mitigation of security risks for top-tier clients.
  • Monitor appropriate sources for newly identified vulnerabilities, audit and evaluate the risks such vulnerabilities pose to the organization's information and systems, and advise management of appropriate measures to eliminate or reduce the organization's risk or exposure to such vulnerabilities.
  • Drive automation of routine data collection and develop reporting processes for performance management.
Confidential, Torrance, CA

IT Enterprise Operations Governance Lead


  • Manage relationship with infrastructure vendor (HCL), vendor performance, contracts, the terms and conditions of contracts, SLA and financial with Toyota.
  • Gathered requirement to automate and customize the monthly performance metrics reports in Service Now
  • Ensuring that the solution will be built on a scalable open-architecture that will provide Vendor the extensibility to customize
  • Improvised and optimized performance exception request process by conducting gap analysis
  • Set up and documented Engagement Model for IMS Governance and streamlined business processes
  • Managed Service Now to query data and metrics
  • Developed the Test cases, conducted UAT and functional testing on the customize report
  • Actively questioning and challenging users to understand their requirements and design optimal solutions.
  • Developing use cases, process flows, maintaining requirements traceability matrix, supplementary requirements, business rules, gap analysis etc. perform Root Cause Analysis (RCA)
  • Supported the review of technology contract deals to ensure a sound sourcing approach, strategy adherence and that a competitive environment is maintained.
  • Prepared reports for performance and financial metrics/KPIs in collaboration with the IT Service Management (ITSM) Team.
  • Monitored the supplier’s compliance with contract terms and conditions, service level requirements and provided reports on the status of all deliverables with IT outsourcing provider and infrastructure technical Services
  • Executed recurring financial data, performance and contract compliance processes and data analysis on a monthly basis
  • Coordinated in support of Integration Governance, quality control and auditing of information, including working directly with Suppliers and Infrastructure Managers and Leads the to resolve data conflicts and inappropriate usage; scope of this activity includes Service Desk, Deskside, Network, Data Center Operations, IT Facilities and Security Management.
  • Performed quarterly audit of IT Enterprise Operations Supplier SOWs across all platforms and projects working directly with IT Tower Managers/Leads to ensure compliance and delivered audit report to OCIO for interpretation and further discussion with Supplier.
  • Provided coordination and administrative support to ensure adequate Disaster Recovery arrangements have been made and tested to deliver acceptable audit results.
  • Provided necessary help to the framework for decision making and extract changes across multiple departments, including training for Associates and Suppliers.
  • Track, analyze, and communicated appropriate key vendor performance metrics.
  • Supported efforts to rectify failures by following established issue and escalation processes and procedures
  • Supported department compliance to establish IT policies, practices, standards, processes and procedures.
  • Driving continuous improvement efforts (e.g., Kaizen; cost reduction).
Confidential, Irvine, CA

Business Analyst/Vendor Analyst


  • Subject Matter Expert for transitioning new requirement to offshore and manage transitioning lifecycle for Global Sourcing Office (GSO)
  • Provide coordination, documentation and enhancement support for operational processes to meet the project/program goals in areas of consultant/resources on-boarding, consultant location movement, data security, infrastructure, information security - risk assessment, data protection, application packaging, provisioning, UAT for VDI, help desk, issue management, time tracking & billing, Invoicing, reporting and any other offshore related areas
  • Develop and maintain standard project artifacts, process guideline for engagement model, hand off plan between the teams, streamlined onboarding contractor’s process for vendors, Business application list, action items lists, meeting minutes, agendas, risks, issue and change control procedure and log
  • Analyze and documented the functional/technological gaps to improvise outsourcing process for GSO
  • Created Offshore Program website workflow by gathering business requirements, conducting workshops, creating process workflow diagrams and end to end testing.
  • Gathered infrastructure requirement for provisioning team to prepare the virtual desktop images (VDI) for over 100 + New and steady state projects and managed 900 VDI for onsite/offshore resources, conduct UAT with the onsite lead to ensure the requirements are executed as per BU’s expectations.
  • Ensured a risk assessment review is completed for offshore feasibility with Information Security team, compliance and the project team to determine appropriate risk controls and have them implemented as part of the solution across ITG Sourcing committee if needed
  • Assisted Governance Risk and Assessment team with realignment initiative to update the Third Party Access Control (TPAC) to new Data Classification Matrix control on over 200 business applications to ensure they align with compliance regulatory and created test plan
  • Maintain CRM database of all vendor resources. Map all offshore/onsite resources to key projects, systems plans and stakeholders. Coordinate headcount and resource information with SPOC, Data Security, F&A and any other departments to support their needs in Beeline.
  • Establish infrastructure environment, network connectivity and remote access for new vendors
  • Responsible for interfacing with the IT Managers and Vendors to ensure the resources are being ramped up with appropriate network access, badge, AD Group using ARMS and BMC Remedy System
  • Assisted Infrastructure team to plan a oversee disaster recovery exercises including data center fail-overs; system, network, application and data restorations; and third-party service provider testing.
  • Update content, available documentation and processes on the GSO website and SharePoint
  • Responsible for reporting Financial Ratios, Blended Rate, Spend Distribution, Onshore Offshore Ratios, Headcount and other metrics for $15 M project portfolio to directors and executives within the organization.
  • Track, manage and facilitate invoices and billing issue resolution.
  • Conducted compliance check on the export controls (ECCN) on certain commercial items and technology
  • Manage GSO audits, conducted by internal compliance organizations and external auditors
Confidential, Torrance, CA

Project Analyst


  • Knowledge of effective project management strategy, technique and skills required to effectively manage project scope, schedule, costs, communication, resources and quality
  • Ability to proficiently manage demanding requirements in a deadline oriented environment
  • Prepare Statement of Work (SOW) for various contracting vendors and financial report for each contractor; create consulting agreement addendum upon the renewal of resource.
  • Consolidate bugs report from TFS (Team Foundation Server) and Rally Dev
  • Maintain the backlogs for each release, and ensured user stories are captured accurately in Rally Dev, created Sprint Dashboard, Scrum Board in Rally
  • Complete status report for PMO consolidation as defined in the Program Status Reporting guidelines
  • Manage project task and milestone, issues and risks and managed the remediation tracker for escalations
  • Assisted PM's on the project and prioritized planned activities and accomplishments on the weekly basis.
  • Maintained and reported periodic status by proactively monitoring the milestone and go-live dates, deliverables, activities of the team members, and the “project health” (red, yellow and green).
  • Experience in writing basic SQL search queries.
  • Assist Top Executive in meeting preparation, create Agendas and take Minutes of Meetings. Track and follow-up on action Items.
  • Prepared the Steering committee meeting (SCM) presentation for the Board of Director and PMO, coordinated department and off-site meetings
  • Create burn down charts, Manage/update documents on SharePoint, manage Active Directory and User Access for NextGen and PMO department
  • Create new user accounts, assign roles for new employees/contractors, and updates account assignments for transferred/terminated/Moved associates. Creates, maintains, and disables user access within various technologies and systems,
  • Manage Active Directory group for application level access. Provided an administrator support for SharePoint and Rally Dev
  • Layout and Design company event’s flyer, create icons for the software

Confidential, Torrance, CA

Website Design and Search Engine Optimization


  • Coordinated in-house technical projects to the efficiency, quality and cost effectiveness of providing web designing service for small business
  • Planning, Layout and design and implementation of complete web sites
  • Creating custom graphics layouts, Photo cleanup, Logo design, Banner design, splash page and Flash Intro
  • Edited website and redesigned the websites, with custom Logo and new Layouts
  • Design and Code the websites using different mediums such as Adobe Photoshop, Illustrator, Flash, HTML and CSS
  • Design with standards compliant code with emphasis on browser compatibility, accessibility, and search engine optimization including: keyword research/selection, Meta tagging, search engine submissions, position tracking
  • Create fresh content, writes, edit and proofread a variety of documents, plan and prepare articles for online distribution for website promotion & marketing,
  • Use very effective marketing techniques to increase website traffic
  • Maintaining websites

Hire Now