Summary
Overview
Work History
Education
Skills
Certification
Languages
Timeline
Generic

CHRIST T

Summary

Highly qualified vendor risk analyst with 6+ years of experience in Third-Party Vendor Risk Management, expertly optimizing TPRM processes, conducting comprehensive vendor security reviews, and implementing effective risk mitigation strategies. knowledge of governance, risk, and controls implementation related to various industry standards and compliances, including payment card industry data security system (PCI-DSS), System and Organization Controls (SOC), General Data Protection Regulation (GDPR), International Organization for Standard (ISO), NIST Cybersecurity Framework (CSF), and Health Information Trust (HITRUST). Proficient in tools like Venminder, Zen GRC, RSA Archer, and BitSight Tools. Committed to long-term risk management through strong internal protocols and team training, with a proven track record of ensuring regulatory compliance and developing risk management strategies.

Overview

3
3
years of professional experience
1
1
Certification

Work History

VENDOR RISK ANALYST

TAZO company
08.2023 - Current
  • Performed vendor risk assessment
  • Assist on reviewing completed standardized information questionnaires based on vendor inherent risk
  • Facilitate vendor on-boarding process with different organization teams (business, procurement, legal, privacy)
  • Collaborate with the business owners to document vendor relationship and adherence to requirements as service level agreements
  • Assisting in developing third party related internal policies and procedures for my company
  • Support procurement to due diligence process by designing, reviewing and updating request for proposal questionnaires
  • Review vendor’s profile in Venminder tool, request for proposal results to develop inherent questionnaires
  • Evaluating results to classify vendors into appropriate risk category (critical, high, moderate, low)
  • Conducted data classification which facilitated vendor scoping/tiering
  • Coordinate with stakeholders to initiate scope and plan vendor assessment of new and existing vendors
  • Assist vendor in understanding security controls and evidence needed for the controls
  • Develop information security training and awareness to maintain a security aware in organizational
  • Conduct continuous monitoring process using BITSIGHT tool to ensure vendors service level agreements performances.

GRC (Government Risk Compliance) ANALYST

Alsco company
02.2021 - 07.2023
  • Review, manage and update company policies, procedures and controls implementation to ensure laws and regulations are up to date or respected
  • Perform quality assessment (QA) on submitting inherent questionnaires
  • Interact with vendors to discuss appropriate plan of action and deadlines for all identified gaps
  • Assist on reviewed controls population in SOC 2 type 2
  • Review SIG questionnaires response from vendors
  • Perform risk scoring rating to improve continuous monitoring using BITSIGHT
  • Conduct awareness training for new employees on vendor Risk Assessment
  • Works with procurement team in reviewing vendor contracts
  • Make sure they remediate any exception/weakness/findings noted by the auditors before the audit ends and close the findings
  • Staying up-to-date on changes in laws and regulations affecting the organization Maintained user confidence and protected operations by keeping information confidential
  • Prepare company for yearly ISO 27001 compliance certification.

Education

Skills

  • Identifying and managing risk
  • Understanding security policies and best practices
  • Reviewing and complying with industry standards
  • Assessing vendor risks and conducting due diligence
  • Understanding compliance regulations
  • Analyzing and mitigating risks
  • Communicating and negotiating with vendors
  • Vendor Risk Management
  • Third-Party Risk Management
  • Compliance Auditing
  • Training and Education
  • Compliance Tools (Ven Minder tool)
  • Vendor Onboarding and offboarding
  • Attention to Detail
  • Fast-Learner
  • Risk Assessment/Audit Report
  • Contract Review
  • Leadership Skills
  • Familiar with different Standards and Compliance (PCI-DSS, SOC, ISO 27001, NIST CSF, HITRUST)
  • Teamwork/team player
  • Bilingual speaking

Certification

  • CompTIA Security+
  • CISA (Certified Information Security Auditor)

Languages

French
Native/ Bilingual
German
Elementary
Spanish
Limited

Timeline

VENDOR RISK ANALYST

TAZO company
08.2023 - Current

GRC (Government Risk Compliance) ANALYST

Alsco company
02.2021 - 07.2023

Similar Profiles

  • Yvonne Baah

    Yvonne BaahYvonne Baah

    NA at Dameba Company Limited, Display and Bargain Company Limited Quizno’s Restaurant Company Limited Soft Company Limited, Courtesy International HotelNA at Dameba Company Limited, Display and Bargain Company Limited Quizno’s Restaurant Company Limited Soft Company Limited, Courtesy International Hotel

  • Mahmoud Salah Abdallah

    Mahmoud Salah AbdallahMahmoud Salah Abdallah

    Senior Mechanical Technician & Field Operator at Petrofac (Client: Petrosuman Company & Al Nasr Refinery Company)Senior Mechanical Technician & Field Operator at Petrofac (Client: Petrosuman Company & Al Nasr Refinery Company)

  • MAHMOUD EL MARZOKY

    MAHMOUD EL MARZOKYMAHMOUD EL MARZOKY

    Head Of Finished Goods Distribution Center at Al-Hatab Food Company | Al Daajan Holding CompanyHead Of Finished Goods Distribution Center at Al-Hatab Food Company | Al Daajan Holding Company

  • Bebe Yang

    Bebe YangBebe Yang

    Vendor Risk Analyst at US BankVendor Risk Analyst at US Bank

  • Jacob Griffin

    Jacob GriffinJacob Griffin

    Vendor Risk Analyst at Wells FargoVendor Risk Analyst at Wells Fargo

CREATE PROFILE
CHRIST T