Andrew Annor

Led global vendor risk initiatives, improving third-party security review workflows and integrating them across procurement, legal, and HR to protect company data and strengthen overall governance.

• Conducted comprehensive third-party risk assessments, documenting and driving remediation plans aligned to enterprise security objectives, resulting in measurable reduction of vendor-related risks.
• Partnered with security engineering to review penetration testing findings; prioritized and addressed vulnerabilities which enhanced security controls and audit readiness.
• Evaluated new technologies for security impact, updated governance baselines, and influenced onboarding and policy guidance for company-wide adoption.
• Developed policy documentation and delivered training that embedded risk awareness throughout all levels of the organization.
• Reviewed over 150 vendors per quarter.
• Provided training sessions on data protection laws and compliance, raising awareness across the organization.

• Performed SOX compliance walkthroughs and ITGC testing, proactively collecting and organizing audit evidence ahead of deadlines to support successful internal and external audit outcomes.
• Authored detailed audit narratives and process documentation, providing remediation guidance that strengthened process controls and regulatory compliance across finance and IT teams.
• Tracked Key Risk Indicators and compliance findings, enabling timely remediation actions and promoting a continuous improvement culture organization-wide.
• Advised and coached business/IT units on SOX control requirements, bridging communication between technical, operational, and executive stakeholders for effective compliance enablement.
• Hybrid

• Conducted cybersecurity risk assessments internally and for external vendors, reviewing SOC 2 reports and penetration test results to calibrate risk levels and inform partnership decisions.
• Executed vulnerability scans and collaborated with IT teams to prioritize and resolve security gaps, supporting regulatory compliance and governance improvement projects.
• Tiered vendors’ risk profiles across onboarding, monitoring, and contract offboarding, directly influencing procurement strategy and minimizing enterprise risk exposure.
• Prepared audit and regulatory exam evidence and produced risk reports for senior leadership, enabling data-driven decisions for resource allocation and resilience strengthening.
• Remote