Summary
Overview
Work History
Education
Skills
Affiliations
Certification
Timeline
Generic

Christian Anyanwu

Summary

A perceptive Governance, Risk, and Compliance (GRC) analyst with over 5-year track record, dedicated to enhancing the security postures of business entities while ensuring adherence to industry regulatory standards and customer requirements. Proficient in recommending controls, policies, risk compliance strategies, technologies, and IT General Controls (ITGC). Possesses a robust background encompassing SSAE 18 (SOC 1, SOC 2), NIST 800-53, NIST 800-37, PCI-DSS, GDPR, CCPA, HIPAA, coupled with extensive audit experience, risk assessment, Vendor Risk Management, Incident Management, Vulnerability Management, and User Access Reviews. Proven commitment to achieving Confidentiality, Integrity, and Availability of Information Systems. Known for demonstrating initiative and the ability to prioritize multiple tasks in a fast-paced environment.

Overview

6
6
years of professional experience
1
1
Certification

Work History

Cyber THIRD-PARTY RISK ANALYST

Costco
Remote
11.2020 - Current
  • Contribute to the development of the Third-Party Risk Management program and collaborate with cross-functional teams to assess third-party vendors and perform due diligence to manage third-party risks effectively
  • Perform assessments of potential and existing suppliers through questionnaires, site visits, and review of other documentation including audit reports (ISO 27001 Statement of applicability, SOC 2 reports, PCI DSS AOC) to identify control gaps and risks
  • Experience with e-GRC tools such as Bit Sight to ensure secured and prompt communication of findings and deployments of questionnaire to the vendor and to track vendor progress on remediation
  • Work with Enterprise Third Party Management process flow from sourcing to contract and ongoing monitoring of third-party engagement life cycle
  • Conduct peer to peer review to ensure all findings are accurate and well defined
  • Consult with Line of Business and assigned sourcing representative for guidance with completing the required Inherent Risk Assessment
  • Assess Third parties on areas such as business continuity and disaster recovery, physical security, system development, operation, access control, incident management and other ITGC
  • Coordinate, support, and maintain activities for Vendor Risk Assessment (VRA) Repository and related support tools
  • Work on mapping Vendor’s SIG, SOC report and control standards to internal Control requirements
  • Perform vendor security assessment activities including evaluation of vendor controls and practices, process enhancements, reviewing independent audit service reports
  • Conduct in-depth risk-based security assessments of SaaS vendor and third party hosted applications while focusing security best practices
  • Work as vendor oversight to ensure adequate tier-in of our vendors based on the level of data they have access to
  • Review and validate all controls at the vendor site to ensure data confidentiality, integrity, and security
  • Ensure timely and accurate escalation of issues and observations of non-compliance or risks outside of acceptable thresholds
  • Plan and conduct security risk assessments for all Vendors
  • Administer questionnaires to all vendors to determine the control effectiveness
  • Design and constantly upgrading suppliers’ questionnaires to ensure all areas of new threat signatures discovered are covered
  • Provide detailed reports of assessments to business owners and other stakeholders
  • Prepare Third Party portfolios reporting of risk and performance to senior executives
  • Provide detailed reports of assessments to business owners and the vendor management office
  • Ensure timely and accurate escalation of issues and observations of non-compliance or risks outside of acceptable thresholds
  • Serve as TPRM subject matter expert to first line, providing risk management guidance as needed
  • Support the Security & Compliance team in ensuring compliance with industry standards and privacy regulations
  • Support Incident management associated with Supplier/third parties
  • Serve as liaison analyst during internal audits
  • Support the development and implementation of training programs and awareness initiatives to foster a strong culture of risk management and compliance throughout the organization
  • Support preliminary internal audit by updating policies and procedures and gathering evidence from various SMEs to support internal audits
  • Contribute to the development of information security metrics and KPI’s
  • Monitor and analyze information security metrics and KPIs to assess the effectiveness of security controls, identify trends, and make recommendations for improvement
  • Conduct audits and assessments to evaluate compliance with relevant regulations, industry standards, and internal policies, including SOC compliance
  • Prepare comprehensive reports and presentations that effectively communicate risk assessment findings, compliance gaps, and recommend remediation actions to stakeholders and senior management.

Vendor Risk and Compliance Analyst

Santander Bank
11.2018 - 10.2020
  • Worked closely with the Procurement and Business Units to ascertain the scope of work/service or product to be outsourced, aligns with the activity described in the intake form, thereby ensuring proper documentation in the third-party system of record
  • Supported the Business Unit’s requirement to respond to the Inherent Risk Questionnaire (Inbound)
  • Accurately captured, report and escalated issues identified during Vendor’s due diligence and risk assessment
  • Captured and documented significant changes to the activity that alter the risk profile of third parties
  • Captured and document changes to Business Unit engagement ownership
  • Coordinated with stakeholders to initiate scope and plan controls assessments of new and existing vendor engagements
  • Administered assessment questionnaires to our vendors
  • Assessed vendor completed questionnaire and other supporting security documentation to validate appropriate implementation of security controls
  • Communicated vendor information security issues to stakeholders, ensuring they understood the associated risks with the vendor and a possible remediation strategy
  • Validate evidence of controls from vendors before remediation plans are closed
  • Support the VRM Program to effectively manage vendor risk in accordance with internal policy and regulatory requirements
  • Experience with e-GRC tools to ensure secure and prompt communication of findings and deployments of questionnaires to the vendor and to track vendor progress on remediation
  • Worked with vendors to ensure risks discovered are remediated within reasonable time
  • Carry out various types of vendor assessments such as onsite, virtual, risk assessments for vendors depending on triage information from the vendor management office
  • Escalated suppliers related Issues of non-compliance to the management
  • Performed Continuous monitoring of all Critical and High-Risk vendors using BitSight and other open-source web pages like Virus total and Talos Intelligence.

Education

Masters Cybersecurity Technology -

UMGC Maryland
01.2025

PGD Human Development and Security studies -

University of Abuja FCT

B.Sc. Biochemistry -

Abia State University

Skills

  • Risk Analysis and Assessment
  • Security Policy and Procedure Review
  • Vulnerability Assessment and Management
  • Incident Management
  • Security Awareness Training
  • Compliance and Regulatory Standards
  • Technical writing and Documentation
  • Strong Communication Skills
  • IT Audit

Affiliations

Information System Audit and Control Association (ISACA)

Certification

  • Certified Information System Auditor (CISA) In-progress
  • CompTIA Security +

Timeline

Cyber THIRD-PARTY RISK ANALYST

Costco
11.2020 - Current

Vendor Risk and Compliance Analyst

Santander Bank
11.2018 - 10.2020

Masters Cybersecurity Technology -

UMGC Maryland

PGD Human Development and Security studies -

University of Abuja FCT

B.Sc. Biochemistry -

Abia State University

Similar Profiles

CREATE PROFILE
Christian Anyanwu