Summary
Overview
Work History
Education
Skills
Websites
Certification
Technology and tools
Timeline
Generic

FRANTZ GILBERT

Canal Winchester,OH

Summary

Strategic leader with over a decade of experience in third-party risk management (TPRM), cybersecurity, and compliance. Experienced in building robust risk frameworks, mitigating vendor risks, and ensuring compliance with industry standards including NERC CIP, SOC 2, PCI-DSS, HIPAA, and FISMA. Adept at fostering cross-functional collaboration and engaging stakeholders to drive successful outcomes. Well-versed in automating risk assessment workflows using tools like Archer and Fortress Platform to enhance TPRM program efficiency.

Overview

13
13
years of professional experience
1
1
Certification

Work History

Senior Manager, Third-Party Risk Management

Avangrid
04.2023 - 07.2024
  • Led the Third-Party Risk Management (TPRM) program, overseeing 500+ vendors to ensure compliance across cybersecurity, resiliency, and financial risk
  • Enhanced risk frameworks, reducing compliance gaps by 25% and aligning vendor oversight with regulatory mandates
  • Directed NERC CIP-013 audits, achieving 100% compliance and mitigating vendor-related security risks
  • Designed automated risk assessment processes, improving vendor due diligence efficiency by 30%
  • Developed and maintained vendor risk reporting dashboards, improving leadership decision-making
  • Conducted in-depth vendor financial and operational risk assessments, reducing high-risk exposure by 20%
  • Led team-wide training initiatives to ensure risk analysts followed best practices and industry standards

Security Manager, Third-Party Risk Governance

American Electric Power (AEP)
11.2021 - 03.2023
  • Managed 20,000+ vendor risk assessments, implementing a risk-ranking model to prioritize high-risk vendors
  • Established third-party contract security provisions, ensuring adherence to SOC 2, PCI-DSS, and FISMA compliance
  • Led security incident investigations, ensuring vendors adhered to security remediation timelines
  • Conducted periodic reviews and audits to identify gaps in vendor security postures
  • Spearheaded cross-functional collaboration with Procurement, Legal, and Security teams to enforce risk mitigation strategies
  • Developed executive dashboards to highlight vendor risk exposure, improving reporting efficiency by 40%
  • Implemented risk assessment automation tools, reducing manual effort by 35%

Senior Security Specialist, Third-Party Risk Governance Lead

American Electric Power (AEP)
02.2020 - 11.2021
  • Managed vendor risk teams across risk ranking, vendor assessments, and platform development
  • Directed onsite vendor risk assessments, ensuring compliance with industry cybersecurity regulations
  • Trained and mentored risk analysts, increasing assessment efficiency by 25%
  • Created standardized processes for risk assessments, improving accuracy and compliance adherence
  • Provided quarterly risk updates to executives, influencing key strategic decisions
  • Led continuous improvement initiatives, ensuring risk assessment methodologies evolved with industry trends

Senior Security Specialist, Third-Party Risk Governance

American Electric Power (AEP)
06.2017 - 02.2020
  • Conducted risk-based third-party assessments and recommended security controls for vendor engagement
  • Ensured compliance with regulatory frameworks including NERC CIP-013, HIPAA, and FISMA
  • Collaborated with Legal and Procurement teams to negotiate security contract supplements
  • Designed and refined risk evaluation processes for high-risk vendors, improving response time by 30%
  • Acted as the subject matter expert for TPRM initiatives and industry partnerships

Business Continuity Coordinator

Nationwide Children's Hospital
06.2015 - 06.2017
  • Developed Business Continuity Plans (BCPs), enhancing organizational resilience by 20%
  • Conducted tabletop exercises to test crisis response, identifying key areas of improvement
  • Provided emergency response training to over 100 personnel, improving overall preparedness
  • Worked closely with IT and operations teams to develop disaster recovery strategies
  • Ensured compliance with industry standards by implementing best practices for continuity planning

Technical Analyst, Enterprise Risk Management

JPMorgan Chase
01.2014 - 05.2015
  • Designed business process automation frameworks, improving efficiency in risk and compliance operations
  • Led business impact analyses, aligning enterprise risk objectives with operational goals
  • Created mockups and prototypes to streamline system testing and implementation processes
  • Collaborated with internal teams to ensure risk mitigation strategies were aligned with corporate security standards
  • Developed key risk indicators (KRIs) to monitor risk trends across business units

Information Security Analyst

AAA Ohio Auto Club
07.2011 - 12.2013
  • Performed network vulnerability scanning and remediation monitoring to strengthen cybersecurity defenses
  • Developed and implemented an Information Security Awareness program for employees
  • Conducted security audits and ensured compliance with PCI-DSS requirements
  • Supported business resumption and recovery testing for high-availability environments
  • Investigated security incidents and contributed to policy enhancements for risk reduction

Education

Bachelor of Science - Network and Communications Management

DeVry University
Columbus, OH

Skills

  • Third-Party Risk Management
  • Risk Assessments
  • Due Diligence
  • Contract Risk Reviews
  • Cybersecurity & Compliance
  • NIST
  • ISO 27001
  • HIPAA
  • SOC 2
  • PCI-DSS
  • FISMA
  • NERC CIP-013
  • Leadership & Collaboration
  • Stakeholder Engagement
  • Vendor Lifecycle Management
  • Policy Governance
  • Risk Reporting & Metrics
  • Risk Dashboards
  • KPI-Driven Reporting
  • Executive Communication
  • Technology & Automation
  • Archer
  • ServiceNow
  • Fortress Platform
  • Risk Assessment Automation

Certification

  • Certified Third-Party Risk Professional (CTPRP) - Shared Assessments
  • CompTIA Security+
  • ITIL Foundation Certificate in IT Service Management

Technology and tools

  • Risk Management Platforms: Archer, Fortress Platform and ServiceNow (Ticket tracking, Technology Requests, Employee Onboarding, etc.)
  • Compliance & Governance: NERC CIP, HIPAA, SOC 2, PCI-DSS

Timeline

Senior Manager, Third-Party Risk Management

Avangrid
04.2023 - 07.2024

Security Manager, Third-Party Risk Governance

American Electric Power (AEP)
11.2021 - 03.2023

Senior Security Specialist, Third-Party Risk Governance Lead

American Electric Power (AEP)
02.2020 - 11.2021

Senior Security Specialist, Third-Party Risk Governance

American Electric Power (AEP)
06.2017 - 02.2020

Business Continuity Coordinator

Nationwide Children's Hospital
06.2015 - 06.2017

Technical Analyst, Enterprise Risk Management

JPMorgan Chase
01.2014 - 05.2015

Information Security Analyst

AAA Ohio Auto Club
07.2011 - 12.2013

Bachelor of Science - Network and Communications Management

DeVry University

Similar Profiles

  • Tim Altier

    Tim AltierTim Altier

    Senior Manager – Energy Land Management at AvangridSenior Manager – Energy Land Management at Avangrid

    View Profile
  • Cody Smith

    Cody SmithCody Smith

    Senior Technical Trainer at AvangridSenior Technical Trainer at Avangrid

    View Profile
  • Tumani Edwards

    Tumani EdwardsTumani Edwards

    People Business Partner at AvangridPeople Business Partner at Avangrid

    View Profile
FRANTZ GILBERT