Summary
Overview
Work History
Education
Skills
Certification
Timeline
film making
film making
Hi, I’m

Curts Damour

New York,NY
Curts Damour

Summary

Experienced TPRM hire for enterprise and regulatory IT control objectives within vendor management and information security, privacy and protection, auditing, controls, compliance, governance, and risk management. Extensive experience using the Shared Assessments Framework (SIG, SCA), Trusight BPQ, Cloud Security Alliance CAIQ, and FIPPS 199 (CIA).Broad understanding of Information Systems Security/Risk, IT Auditing, and ITIL (Information Technology Infrastructure Library). Ability to handle multiple projects simultaneously with a high degree of accuracy.

Overview

11
years of professional experience
1
Certificate

Work History

Kyndryl

Senior Third-Party SSRM Analyst
03.2023 - Current

Job overview

  • Conducted risk triage with RBOs to understand the scope of work
  • Communicated with suppliers on the due diligence process
  • Interacted with Kyndryl partners and brokers on special scopes of work
  • Advised RBO on contract terms and made recommendations for critical services
  • Conducted assessments on supplier controls
  • Evaluated supporting documentation for exceptions
  • Initiated escalations on critical suppliers and high-priority engagements
  • Supported procedure updates
  • Documented issues/findings for tracking.
  • Managed an average of 35 assessments monthly.

Fidelity Investments

Vendor Risk Manager
10.2021 - 01.2023

Job overview

  • Administered all contracts and developed initiatives for enterprises
  • Planned and executed security risk assessments for all third parties
  • Worked with vendor oversight to ensure appropriate tiering of vendors
  • Conducted onsite/remote assessments based on agreed-upon procedures and guidelines
  • Reviewed supporting documentation provided by vendors
  • Advised suppliers on strategies to identify and mitigate risks and potential vulnerabilities
  • Evaluated supplier control effectiveness by reviewing policies, procedures, controls, systems, and processes to identify control gaps
  • Recommended policy changes and coordinated review and approval
  • Initiated escalations to management for resolution of technical or non-technical issues
  • Provided third-party risk guidance to cyber management, staff, and users
  • Assisted in evaluating successful implementation and functionality of security requirements and appropriate IT solutions
  • Performed other duties and special projects as assigned.

Deloitte

Vendor Risk Assessor
05.2019 - 08.2021

Job overview

  • Conducted onsite/remote assessments of third parties
  • Reviewed security policies, procedures, standards, and guidelines
  • Tested IT controls to validate effectiveness
  • Documented and implemented standard operating procedures
  • Streamlined vendor selection and key control validation strategies in collaboration with cross-functional teams
  • Coordinated resolution of operational risk-related issues
  • Supported systematic review of external risk controls and development of risk management policies, strategies, and procedures
  • Promoted sound risk management culture across firm by providing oversight and support to first line of defense through various operational risk, third-party/vendor risk, and new product management programs
  • Assisted in identifying and evaluating risk areas across firm's operational activities and developing processes and controls to mitigate such risks
  • Maintained, developed, and prepared documentation for risk management, including risk policies, procedures, and reporting.

Protiviti Consulting
, Remote

Third Party Risk Analyst
04.2017 - 02.2019

Job overview

  • Worked within and improved defined vendor management processes, tools, and best practices
  • Assisted management in evaluating new technology service providers and third-party service providers
  • Managed and tracked vendor reviews to comply with vendor performance management program
  • Coordinated with stakeholders to initiate, scope, and plan control assessments of new and existing vendor engagements
  • Developed, implemented, monitored, and reported performance measures
  • Assessed completed questionnaires and supporting documentation to validate vendor implementation of information security controls
  • Produced detailed documentation of assessments
  • Communicated vendor information security issues to stakeholders and escalated issues to management
  • Supported vendor risk management program to effectively manage vendor risk in accordance with internal policy and regulatory requirements
  • Provided recommendations to remediate control gaps and assisted with project management on remediation efforts
  • Maintained relationships with business and stakeholders to ensure proper execution and compliance with VRM policies and procedures
  • Assisted in reporting vendor risk management activities and provided training and awareness to business partners on vendor risk management.
  • Reviewed contracts and agreements to identify potential risks and ideal mitigation strategies

TD Ameritrade

Third Party Risk Analyst
02.2016 - 02.2017

Job overview

  • Led risk assessment of firm-wide critical suppliers and service providers
  • Assessed completed questionnaires and supporting materials to ensure completeness
  • Identified control breaks and vulnerabilities with third parties
  • Engaged with multiple LOB Delivery Managers for firm-wide critical suppliers to ensure compliance with required assessments
  • Documented findings and worked with LOB Delivery Managers to resolve findings
  • Validated evidence from third parties before closing Remediation Plans
  • Escalated issues associated with third parties
  • Assisted with various Third-Party Risk Management program initiatives
  • Supported internal education and best practices sharing.

BMO Harris Bank

Third Party Risk Analyst
02.2014 - 12.2015

Job overview

  • Addressed IT risk and security control issues and ensured corrective action plans were completed
  • Ensured proper documentation for new and existing third-party relationships
  • Managed application security testing reviews and vulnerability assessments
  • Defined appropriate risk levels based on CIA TRAID
  • Mapped internal IT security controls to frameworks in Metric Stream
  • Conducted IT risk assessments and documented findings
  • Ensured security and loss prevention standards were consistently applied
  • Participated in development and analysis of product defect data and reduction efforts
  • Reviewed and evaluated new security tools and systems
  • Assisted in investigation and remediation of security incidents
  • Contributed to creating secure working environment
  • Built partnerships with internal and external stakeholders
  • Participated in driving security change and improvement
  • Prepared weekly and monthly status reports.

Sky Broadcasting Group PLC (BSKYB)

Control Assurance Analyst
03.2013 - 10.2013

Job overview

  • Maintained Process Risk Control (PRC) library and managed GIS Risk Control Self-Assessment
  • Developed and created IRQ and CRQ for IT Risk Assessment
  • Tracked statuses of issues, remediation plans, risk acceptance, and policy exceptions
  • Mapped internal IT security controls to frameworks
  • Led project management for governance, risk management, internal controls, and security programs
  • Collated and quality assured data provided to other departments
  • Responded to and resolved reported security incidents when appropriate
  • Created BRD/FRD for risk assessment tool
  • Defined issue management process flow
  • Reviewed security policies, procedures, standards, and guidelines.

Education

Full Sail University
Winter Park, FL

Bachelor of Science from Information Technology
01.2010

University Overview

Skills

  • GRC Tools: RSA Archer, Metric Stream, One Trust, Process Unity, Prevalent, SNOW
  • Basic: MS Excel (Advanced), MS Word, MS Project, MS Visio, Microsoft Office Suite
  • Business Intelligence: SSRS, IBM Cognos Analytics, SAP Business Objects Business Intelligence, Transform Data, Crystal Reports
  • CRM: Salesforcecom
  • Other: SharePoint
  • Root Cause Identification
  • SOX Compliance
  • Data Architecture
  • Data Quality
  • Google Docs
  • Project Management Process
  • Audit Rating

Certification

  • Certified Regulatory Vendor Program Manager (CRVPM) – Compliance Institute
  • Certified Third Party Risk Professional (CTPRP) – Shared Assessments (In Progress)
  • Certified in Risk and Information Systems Control (CRISC)

Timeline

Senior Third-Party SSRM Analyst
Kyndryl
03.2023 - Current
Vendor Risk Manager
Fidelity Investments
10.2021 - 01.2023
Vendor Risk Assessor
Deloitte
05.2019 - 08.2021
Third Party Risk Analyst
Protiviti Consulting
04.2017 - 02.2019
Third Party Risk Analyst
TD Ameritrade
02.2016 - 02.2017
Third Party Risk Analyst
BMO Harris Bank
02.2014 - 12.2015
Control Assurance Analyst
Sky Broadcasting Group PLC (BSKYB)
03.2013 - 10.2013
Full Sail University
Bachelor of Science from Information Technology

film making

film making

In my spare time, I am passionate about corporate filmmaking. I enjoy conceptualizing, shooting, and editing videos to tell compelling stories, educate and promote organizations messages effectively.

  • Video Production: Proficient in planning, shooting, and editing high-quality corporate videos.
  • Storytelling: Adept at crafting compelling narratives to effectively convey brand messages.
  • Visual Creativity: Skilled in using visual elements to engage and captivate audiences.
  • Project Management: Capable of managing all aspects of video production, including scheduling, budgeting, and team coordination.
  • Client Communication: Effective in understanding client needs and delivering results that align with their goals.
  • Technical Proficiency: Proficient with industry-standard video editing software and equipment.

film making

film making

In my spare time, I am passionate about corporate filmmaking. I enjoy conceptualizing, shooting, and editing videos to tell compelling stories, educate and promote organizations messages effectively.

  • Video Production: Proficient in planning, shooting, and editing high-quality corporate videos.
  • Storytelling: Adept at crafting compelling narratives to effectively convey brand messages.
  • Visual Creativity: Skilled in using visual elements to engage and captivate audiences.
  • Project Management: Capable of managing all aspects of video production, including scheduling, budgeting, and team coordination.
  • Client Communication: Effective in understanding client needs and delivering results that align with their goals.
  • Technical Proficiency: Proficient with industry-standard video editing software and equipment.

Similar Profiles

CREATE PROFILE
Curts Damour