Marie Toure
Third Party Risk Analyst
New York,NY
Summary
Qualified and results driven TPRM professional with advanced experience in risk assessment and management and strong knowledge of risk policies in a regulated environment (OCC, FDIC, OFAC, FRB, CFPB, FFIEC, NYDFS). Extensive experience in Process and control design, remediation, or improvement initiatives.
Overview
2
2
Languages
4
4
years of professional experience
Work History
Third Party Oversight Analyst
Mizuho Financial Group
New York, NY
02.2020 - Current
- Conduct thorough risk assessment of critical vendors throughout the third-party life cycle (planning, due diligence, contract, transition, on-going monitoring, and exit).
- Performing periodic vendor due diligence and reviewed of all supporting documents to define appropriate risk levels and respective corrective actions
- Prepared monthly Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) reports within the (GRC) tool for Senior Management
- Facilitated and coordinated with SMEs in areas such as Data Privacy, Export Licensing, and Continuity of Business (COB) to complete required due diligence activities
- Supported the TPRM team with multiple audit requests from various areas, i.e. audit requests, regulatory requests
- Performed other duties and/or special projects as assigned.
Information Security - Third Party Risk Analyst
Prudential
Newark, NJ
09.2018 - 02.2020
- Executed third party security risk assessments for new and existing vendors in accordance with internal policies and regulations
- Using information provided by the business owner, identified third party vendors' inherent risk and IS weaknesses that could be exploited while providing services to our organization.
- Reviewed completed questionnaires vendor’s IS policy, penetration test report, vulnerability scan report, network topology, business continuity plan policy, SDLC policy, cryptographic policy, physical and environmental policy
- Reviewed supplier’s network topology by checking for key controls for traffic management e.g. firewalls, intrusion detection system, intrusion prevention system, and configurations
- Escalated issues associated with third parties to Senior Management and validated evidence from third party before Remediation Plans are executed
- Supported vendors' ongoing monitoring to ensure continuous compliance with SLAs and new Federal and organizational regulations
Vendor Management Analyst
FreshDirect
New York, NY
04.2017 - 10.2018
- Coordinated vendor processes; Tracked, reported and evaluated vendor performance
- Performed Due Diligence on new vendors to ensure that all vendors are entered and classified congruent with the organization's VRM policy
- Provided analysis and recommendations for identified security exceptions; recommended vendors for remediation.
- Assisted in the reporting of vendor risk management activities and participated in the execution and development of a mitigation action plan for any identified risks with the Business.
- Conducted process improvement activities, participated in information security assessment special projects and other assessment related activities
- Great Plains - vendor database management
Skills
ServiceNow GRC, Great Plains
MS Excel (Advanced), Sharepoint
Framework and Guidelines: OCC-2013, HITRUST, HIPAA, OWASP, GDPR, COBIT, COSO, NIST 800-30, NIST 800-53, ISO 27001, ISO 27005, GBLA, and FFEIC
Timeline
Third Party Oversight Analyst
Mizuho Financial Group
02.2020 - Current
Information Security - Third Party Risk Analyst
Prudential
09.2018 - 02.2020
Vendor Management Analyst
FreshDirect
04.2017 - 10.2018