GLORIA OBENG
Dumfries,VA
Summary
A meticulous third-party risk and compliance analyst with an accomplished five-year tenure, specializing in the execution of comprehensive vendor risk assessments and security evaluations. Proficient in the identification and reduction of both inherent and residual risks through the strategic implementation of suitable controls. Possesses adeptness in the utilization of Governance, Risk, and Compliance (GRC) tools to meticulously review security controls and their corresponding artifacts. Holds a proven record of engagement with diverse industry-specific privacy and cybersecurity frameworks and standards, ensuring unwavering adherence to vendor regulatory mandates.
Overview
7
7
years of professional experience
1
1
Certification
Work History
Vendor Risk and Compliance Analyst
Capital City
12.2021 - Current
- Conduct comprehensive vendor security assessments to evaluate third-party cyber risk exposure
- Develop and implement a standardized vendor assessment framework, streamlining evaluation processes and ensuring consistent risk analysis
- Collaborate with cross-functional teams to gather vendor information, assess security controls, and review compliance with industry standards (e.g., ISO 27001, NIST CSF)
- Analyze assessment findings to identify potential vulnerabilities, gaps in security controls, and areas of concern within vendor relationships
- Produce detailed assessment reports outlining risk levels, identified vulnerabilities, and recommend mitigation strategies for internal stakeholders
- Advise procurement and vendor management teams on security risks associated with vendor partnerships, enabling informed decision-making
- Collaborate with vendors to communicate assessment results, address security concerns, and recommend remediation actions to enhance overall security posture
- Track and monitor vendor remediation efforts, ensuring timely resolution of identified security issues and track progress over time
- Continuously monitor industry trends and emerging threats to enhance the vendor assessment process and adapt strategies to evolving risks.
Vendor Risk Analyst
Lollicash
01.2017 - 09.2021
- Verified vendor documentation, including SSAE 18 Type-I & II reports, vulnerability scan reports, independent penetration test reports, ISO 27001, and PCIDSS certifications, to ensure alignment with security standards and compliance requirements
- Conducted comprehensive end-to-end Information Security Risk Assessments, involving review of questionnaires, third-party security audit reports, evidence, and on-site assessments as needed, to detect and mitigate potential risks effectively
- Enhanced vendor security assessment program by consistently analyzing, updating, and refining procedures, leading to notable improvements in operational efficiency and overall effectiveness
- Proactively conducted continuous assessments of third-party cyber risks, offering valuable support to clients in identification and evaluation of intricate business and technology risks tied to their external partnerships
- Developed and maintained robust TPRM policies and standards in accordance with federal and state regulatory laws, contributing significantly to establishment of compliant and resilient risk management framework
- Tracked and managed issues, gaps, exceptions, and mitigation plans related to third-party risks, ensuring prompt resolution and effective handling of identified vulnerabilities
- Analyzed risk metrics and prepared comprehensive reports for senior executives, furnishing key insights into organization's overall exposure to third-party risks and facilitating well-informed decision-making
- Escalated non-compliance issues or risks exceeding acceptable thresholds in proactive manner, ensuring swift and accurate resolution
- Identified opportunities for process enhancement and provided recommendations for optimization, leveraging business analysis techniques to align TPRM functions seamlessly with organization's broader risk frameworks
- Strong writing skills and ability to proofread vendor contracts and other correspondence to
Education
Bachelor Of Science - Mathematics
Kwame Nkrumah University of Science And Technology
06.2010
Skills
- Complaint Management Privacy Compliance
- Identify errors
- Intuit QuickBooks
- Risk Identification and Mitigation
- Administrative Support
- Complaint Response
Certification
Certified Information Systems Auditor (CISA) CompTIA security +
Professional Scrum Master (PSM)
Timeline
Vendor Risk and Compliance Analyst
Capital City
12.2021 - Current
Vendor Risk Analyst
Lollicash
01.2017 - 09.2021
Bachelor Of Science - Mathematics
Kwame Nkrumah University of Science And Technology
Similar Profiles
Angellica HindsAngellica Hinds
Direct Support Professional at Capital CityDirect Support Professional at Capital City
Gloria ObengGloria Obeng
Vendor Risk and Compliance Analyst at Capital CityVendor Risk and Compliance Analyst at Capital City
Rachel StarkRachel Stark
BDC Agent at Capital City HondaBDC Agent at Capital City Honda
Christian AwuahChristian Awuah
Community Manager at Independent CollaborationCommunity Manager at Independent Collaboration
Renita HarrisRenita Harris
Sales Associate at MCCS Package StoreSales Associate at MCCS Package Store