DWOMOH ANTWI YAW
LAUREL
Summary
Highly qualified proactive and results-oriented professional with over 6 years of experience as vendor Risk Analyst. Experienced in TPRM process optimization, vendor security reviews, and risk mitigation. Good knowledge of governance risk and controls implementation related to various industry standards/compliances. Self-motivated individual with a solid understanding of compliances, such as NIST SP 800 series and ISO 2700. Full understanding of the Federal Risk and Authorization Management Program FEDRAMP, Federal Information Security Management Act (FISMA), Health Insurance Probability and Accountability ACT (HIPAA) and Payment Card Industry Data Security Standard (PCI-DSS). Possess knowledge on the Risk Management Framework (RMF) process and the System Development Life Cycle (SDLC). Personal objectives are to protect the information system by using acquired skills acquired to help achieve the Enterprise-wide goal to maintain Confidentiality, Integrity and Availability. TECHNICAL SKILLS & TOOLS Risk Management Framework (RMF) Fed RAMP, OMB, FISMA Vulnerability Scanning Vulnerability Management Regulatory requirements such as GDPR, CCPA, HIPAA, ISO 27001,PCI DSS. Security Assessment Plan (SAP) Security Assessment (SAR) Standard Operating Procedures (SOP) Regulatory requirements such as GDPR, CCPA, HIPAA, ISO 27001,PCI DSS. Knowledge of industry leading security frameworks such as NIST, ISO, and COBIT. System Security Plan (SSP) Plan of Action & Milestone (POA&M)
Overview
9
9
years of professional experience
1
1
Certification
Work History
Third Party Risk Analyst
Pepsico,
Laurel
04.2019 - Current
- Optimization of Third-Party Risk Management Process (TPRM) to meet PepsiCo's goals and Industry standards
- Collaborate with different teams and prospective third parties during vendor onboarding activities.
- Review vendor intake forms and use cases to ensure appropriate Tier to drive security assessments.
- Complete inherent risk/ categorization of all newly submitted third parties/vendors
- Lead security assessments for all third-party/service providers
- Review vendor security questionnaires (SIG) and supporting evidences to evaluate vendor security posture.
- Work with vendor relationship manager to resolve vendor related issues especially on non-responsive vendors and vendors’ refusal to provide evidence for assessment.
- Review SOC 2 Type 2, scans results, Penetration tests results, policies in order to identify vulnerabilities and gaps in vendors' environments.
- Identify and evaluate vendor’s risks findings, request mitigation summary of all Critical and High severity findings, track Risk treatment plans, and make recommendations
- Good mastery in reviewing independent auditor reports like SOC1, SOC2, HITRUST and PCI DSS to ensure reports are in scope and valid
- Communicate vendor security issues to stakeholders, ensuring good understanding of associated risks and actions needed to remediate those risks
- Engage with Legal team during review of vendors contracts to ensure Security concerns are addressed.
- Document and assign all identified risk to specified risk owners and update risk register on remediation status
- Review and maintain policies and procedures to make sure it aligns with organization standards
- Assist in reviewing internal security controls to ensure organizations meet and maintain compliances
- Act as liaison during organization internal and external audits
- Conduct internal security controls review, and drive corrective action plans.
- Conduct PepsiCo security awareness and training.
- Completed paperwork, recognizing discrepancies and promptly addressing for resolution
Third Party Risk/Compliance Analyst
Costco Wholesale
San Diego
09.2018 - 04.2019
- Conducted categorization/scoping of new vendors/suppliers
- Performed third party security risk assessments for all new vendors and reassessment for existing vendors
- Assessed vendors VSQs/SIG responses and supporting documentation to validate vendor appropriate implementation of information security controls
- Analyzed vendor evidences such as SOC, Vulnerability Scans and Penetration Test reports to identify gaps or exceptions
- Planed and executed onsite/virtual risk assessments for third party vendors focusing on compliance with regulations, policies, and internal controls
- Monitored, and tracked TPRM lifecycle activities (identify, due diligence, risk assessment contract negotiation, ongoing monitoring, and termination
- Created, updated and reviewed Costco Risk register
- Reviewed all vendors' correctives plans as part of environment assessments.
- Communicated with controls owners to mitigate risks identified during internal and external audits activities.
- Escalated unresolved issues with suppliers to upper management, for problems resolutions.
- Familiar with ISO 27000 controls mapping and adherence.
GRC Analyst
OneMain Financial
East Syracuse
07.2016 - 09.2018
- Supported HITRUST Compliance activities for OneMain Financial, and ensured compliance.
- Supported internal controls review, update and ensured proper controls implementation with effective evidences in place.
- Collaborated with vinous teams and controls owners to ensure policies and procedures are met.
- Performed Internal security controls testing, in preparation of OneMain internal and external audits activities.
- Responded to security questionnaires inquiries.
- Reviewed audits reports such as SOC 1, 2 and developed correctives actions plans.
- Reviewed Policies documents such as BCP, DRP, IRP, Access Controls policies to ensure accuracy.
Education
BSc Civil Engineering -
undefined
Cape Coast Technical University
Skills
- Vendor Assessment
- Risk Mitigation
- Analytical skills
- Problem Solving skills
- Time Management
- HITRUST/ HIPAA/ NIST/ ISO 27000
- Microsoft Office 365
- Team Building
- Oral and Writing Communication
- Mitigation Strategy
Certification
- CompTIA Security+ certified
- ISACA CISA certified
Tools
- GRC ARCHER
- ZENGRC
- TENABLE
- SPLUNK
- BITSIGHT
- KNOWB4
- ZOOM
- JIRA
Timeline
Third Party Risk Analyst
Pepsico,
04.2019 - Current
Third Party Risk/Compliance Analyst
Costco Wholesale
09.2018 - 04.2019
GRC Analyst
OneMain Financial
07.2016 - 09.2018
BSc Civil Engineering -
undefined
Cape Coast Technical University
Similar Profiles
William GreenWilliam Green
Inventory at PepsiCo,Inventory at PepsiCo,
Nick StrachanNick Strachan
Packaging Machine Operator at PepsiCoPackaging Machine Operator at PepsiCo
Wayne ReidWayne Reid
Field Sales Manager (6 Month Secondment) at PepsiCoField Sales Manager (6 Month Secondment) at PepsiCo