Derek Tupy
Saint Clair Shores
Summary
Information Security Analyst with over 7 years experience in the information security domain. Proficient in identifying and mitigating security incidents, developing compliance controls, and managing third-party risk assessments. Adept at collaborating with cross-functional teams to enhance security procedures and ensure regulatory compliance.
Overview
8
8
years of professional experience
1
1
Certification
Work History
Advanced Security Analyst - Third Party Risk
Hagerty Insurance
05.2023 - Current
- Streamlined the Third Party Cyber Risk Assessment process to align with ISO 27001 requirements
- Manage a portfolio of ~500 vendors to ensure accurate documentation for compliance and incident response
- Establish close relationships with various teams (Procurement, Legal, Privacy, Internal Audit) to ensure proper involvement in the TPRM process
- Review vendor contracts to ensure proper security requirements are in place
- Lead the Third-Party Security review process of all new vendors that interact with company data
- Conduct thorough reviews of vendor security documentation to assign risk ratings and identify control gaps
- Review vendor contracts to ensure proper security requirements are in place
- Lead the Third-Party Security review process of all new vendors that interact with Hagerty data
- Report identified risks up the appropriate lines of business and work with risk owners to establish remediation plans
- Developed a monthly metrics program for executive leadership to improve visibility into TPRM processes
- Created playbooks and procedures to document all TPRM related processes for less experienced analysts to follow
- Respond to and triage daily vendor security alerts identified by vendor continuous monitoring tools
- Aid in internal risk identification, using both quantitative and qualitative scoring to create a risk register
- Create and present detailed risk reports to upper management highlighting risks to the company and proposing risk treatment plans
- Lead the monitoring process of remediation efforts on identified risks and review evidence to ensure risk is properly mitigated
Third Party Risk Analyst - Continuous Monitoring
Bank of Montreal
02.2023 - 05.2023
- Performed risk assessments on over 500 third party vendors through security questionnaires and direct interactions
- Created and updated security questionnaires to ensure accurate vendor assessments
- Managed incident response processes for third-party incidents, ensuring thorough documentation and reporting
- Reviewed penetration tests and incident reports to identify potential risks and mitigating factors
- Understand both foreign and domestic rules and regulations for third party monitoring, ensure these regulations are being followed and documented properly for auditing purposes
Information Security Threat Hunter
Rocket Central
05.2022 - 01.2023
- Conducted threat hunts and created detection mechanisms based on TTPs from major breaches
- Documented findings in both technical and non-technical reports for stakeholder review
- Worked daily in SIEM and EDR tools to remediate security incidents and tune alerting
- Reviewed recent vulnerabilities and threat intelligence, understood the risk presented to the company, and created detections to ensure proper monitoring of exploitation attempts
- Prioritized vulnerabilities and ensure the risk was explained to relevant stakeholders
- Saw the vulnerability process through to completion and ensured risk was mitigated once completed
- Conducted third party risk assessments of potential vendors and assisted with securely onboarding new vendor relationships
- Worked closely with security engineering teams to implement and maintain data loss prevention tools, endpoint security tools, and SIEM tooling
Tier 2 Information Security Analyst
Rocket Central
08.2019 - 05.2022
- Managed security alerts generated by SIEM and EDR products, documenting actions taken and escalating as necessary
- Administered daily vulnerability scans and delivered comprehensive reports to relevant stakeholders
- Collaborated with SOX audit team to create repeatable audit deliverables
- Conduct third party risk management assessments and assist with securely onboarding third party tools / vendors into environment
- Mentored tier 1 security analysts on day to day tasks
Tier 1 Information Security Analyst
Quicken Loans
09.2017 - 08.2019
- Investigated suspicious emails and fully remediated identified phishing campaigns
- Configured firewall appliances to block known malicious sites, enhancing email security
- Responded to security alerts generated by SIEM and EDR products, worked to completion or escalated as necessary
- Conducted third party risk assessments to ensure secure onboarding of new tools
Education
Networking and Cybersecurity -
Lansing Community College
12.2017
Skills
- AWS
- Crowdstrike
- Microsoft Azure
- Cofense Triage
- RSA Archer
- Bitsight
- Agiloft
- Recorded Future
- Coupa
- Risk Recon
- SAFE Security
- Splunk
- Servicenow IRM and TPRM
- ISO 27001 Compliance
- Quantitative and Qualitative Risk Analysis
Certification
SANS GSEC
Timeline
Advanced Security Analyst - Third Party Risk
Hagerty Insurance
05.2023 - Current
Third Party Risk Analyst - Continuous Monitoring
Bank of Montreal
02.2023 - 05.2023
Information Security Threat Hunter
Rocket Central
05.2022 - 01.2023
Tier 2 Information Security Analyst
Rocket Central
08.2019 - 05.2022
Tier 1 Information Security Analyst
Quicken Loans
09.2017 - 08.2019
Networking and Cybersecurity -
Lansing Community College
Similar Profiles
Allison VolkAllison Volk
Automotive Enthusiast Advisor 3 (AEA3) at Hagerty InsuranceAutomotive Enthusiast Advisor 3 (AEA3) at Hagerty Insurance
Taylor GlynnTaylor Glynn
Assistant Manager | Private Client at Hagerty InsuranceAssistant Manager | Private Client at Hagerty Insurance
Benjamin ThorneBenjamin Thorne
Automotive Enthusiast Advisor (AEA2) at Hagerty InsuranceAutomotive Enthusiast Advisor (AEA2) at Hagerty Insurance
Emma LezotteEmma Lezotte
Online Reseller at Mercari, Inc.Online Reseller at Mercari, Inc.
Monica McGloryMonica McGlory
Oncology Infusion Registered Nurse at Ascension St. John HospitalOncology Infusion Registered Nurse at Ascension St. John Hospital