Eric Muluh

Complete vendor risk assessments by clients and prospective clients

Provide information security due diligence on third-party vendors to determine the effectiveness

of their security posture.

Conduct third-party online reviews to assess their current information security posture and

practices.

Develop and update security policies and procedures

Provide recommendations for mitigating identified risks.

Facilitate vendor onboarding by performing third-party risk assessments on vendors.

Ensure compliance with applicable privacy and industry standards by coordinating and

analyzing risk artifacts.

Assess completed questionnaire and supporting documentation (SIG Core, SIG Lite) to validate

vendor appropriate implementation of information security controls.

Manage vendor risk in compliance with internal policies and regulatory requirements (NIST CSF,

ISO 27001, PCI-DSS, GDPR), ensuring robust oversight of all vendor risks and providing visibility into

emerging threats.Perform audit readiness planning and scope.

Clearly communicate vendor risk to stakeholders with suggestions on how to

mitigate/remediate.

Track third-party risks effectively using the Governance, Risk, and compliance system.