Halidou Moussa Y.
Stafford,Texas
Summary
Qualified Risk Analyst with 5 years of comprehensive experience in identifying and analyzing areas of potential risk threatening the well-being of investments and organizations. Aim to protect the information system by using acquired skills to help the organizations’ goal to maintain Confidentiality, Integrity, and Availability. Methodical professional polished in projecting potential losses and making recommendations to limit and mitigate risk at each level. Experienced in policies and procedures management, control assessments, risk assessments, vulnerability management, patch management, business impact analysis, awareness and training, disaster recovery plan and incident response. Adept with strategic planning and program leadership abilities in Third Party Risk Management environments, vendor security reviews and risk mitigation, vendor tiering, vendor onboarding and offboarding, artifacts gathering, do follow ups with auditors and continue monitoring of vendors. Possess full understanding of ISO 27001, SOC2 Types2, PC DIS, HIPAA, HITRUST, FEDRAMP and FISMA.
Overview
5
5
years of professional experience
1
1
Certification
Work History
Third-Party Risk Analyst
Romsds Inc
02.2023 - Current
- Optimize Third part Risk Management processes to meet Romsds goals and industry standards
- Collaborate with different teams and prospective third parties during the onboarding process
- Review vendor intake forms and use cases to ensure appropriate tier to drive security assessments
- Complete inherent risk and the categorization of all newly submitted third party vendors
- Lead security assessments for all third party/service providers
- Review vendor Security Questionnaire SIQ and supporting artifacts to evaluate vendor security posture
- Work with vendor relationship manager to resolve vendor related issues especially a non-responsive vendor and vendors refusal to provide evidence for assessment
- Review SOC2 Type2, scan results, Penetration testing results, policies to identify vulnerabilities and gaps
- Identify and evaluate vendors risk findings, request mitigation summary for all critical and high findings, track risk treatment plans and draft recommendations
- Review independent auditor reports like SOC1, SOC2, ISO27001, HITRUST and PCI DSS to ensure they are valid
- Communicate vendor security issues to the business team, ensuring good understanding of associated risk and plan needed for risk remediation
- Conduct transition, ongoing monitoring, and oversight of onboarded engagements including periodic reassessment, business, and onsite reviews
- Engage with Legal team during review of vendors contracts to ensure security issues are taken care of
- Review, document and assign all identified risks to the specified risk owners and update the risk register on remediation process
- Review and maintain policies and procedures to make sure they are in conformity with the organization’s standards
- Assist in reviewing internal security controls, conduct internal security controls review and drive the Corrective Action Plan to make sure the organization meets and maintains compliance
- Continuously monitoring available intelligence sources related to existing vendors
- Calculate risk by quantifying vendors’ inherent and residual risk for various risk domains and implementing a risk tiering methodology thereby determining the overall risk score
- This is done manually using excel or automatically using processunity
- In charge of conducting Romsds security awareness and training
- Create the campaigns, customize them, and send them to various teams.
Third Party Risk Analyst
HSK
05.2020 - 01.2023
- Facilitated the escalation of high-risk vendors incidents or performance failures to the appropriate executive levels for problem resolution
- Reviewed vendor evidence such as vulnerability scan reports, penetration test reports, and SOC reports to identify gaps/exceptions
- Tracked and monitored TPRM activities such as due diligence, risk assessment, contract negotiation, continuous monitoring, and termination
- Created, updated HSK Risk Register and reviewed all vendors Corrective Plans as part of environmental assessment
- Conducted third party security risk reassessments for existing vendors and risk assessments for new vendors
- Assisted and communicated with control owners to mitigate risk identified during internal and external audit processes
- Analyzed vendor SIG responses and their supporting documentations to validate the implementation of the information security controls of vendors
- Conducted scoping or categorization of new vendors
- Tracked the remediation of open issued from the reviews and advised stakeholders on resolution plans
- Reviewed internal policies and procedures to determine the applicable compliance
- Provided risk assessment reviews for system documentation and procedures as outlined in NIST such as physical security, access control, incident response, as well as awareness and training
- Performed contract reviews and agreements to identify potential risk and possible strategies for mitigation
- Made sure the business Team implemented the complementary user entity controls suggested by the vendor
- Conducted OFAC risk assessment on vendors
- Built evidence bank/question and answer bank in both SharePoint site and excel sheet to respond to questions from potential clients
- Demonstrated the ability to effectively interact across all levels within the organization and worked independently within teams based locally and abroad.
IT Security Analyst
Eddins Enterprise
09.2018 - 01.2020
- Performed vulnerability assessments on the internal network of the organization to identify if they are patched and updated
- Researched and prepared demos on latest vulnerabilities with exploits which will affect the organization
- Scheduled and initiated automated vulnerability scans in Nessus and verification of the vulnerabilities by conducting penetration testing to quantify the impact and calculate patch time frame
- Investigated and resolved security issues found in the host systems, databases, network configurations, OS vulnerabilities
- Conducted vulnerability assessment using Tenable Nessus scanner to identify vulnerabilities that cyber attackers could exploit
- (credential and non-credential scans) Performed security and compliance monitoring tasks including network vulnerability scans using NIST 800-137 as guide
- Identified, documented, and reported vulnerabilities in a tracker, describing remediation plans with the ability of extensively communicate the results in both layman and technical terms to the audience concerned
- Ran validation scans to confirm risk has been remediated and documented them in a risk tracker
- In cases of zero-day vulnerabilities, did constant checks using the CVE number of the vulnerability and researching for remedies at the National Vulnerability Database
- Followed up with them during daily stand ups
- Real time monitoring of third-party security feeds, forums, and mailing list to gather information on vulnerabilities and exploits related to the vendor
- Conducted security risk governance activities, assigned risk owners, document remediation action plans in Eddins Enterprise risk register and followed up for closure
- Conducted the various types of phishing campaigns in the organization using Proofpoint.
Education
MS in computer science -
University of Houston
Houston, TX01.2018
BS International Trade and Economics -
Shanghai Finance University
Shanghai01.2016
Skills
- Relationship Management
- Risk Mitigation and Corrective Actions
- Regulatory Compliance
- Due Diligence
- Vendor Assessment
- Analytical skills
- Collaboration and Communication skills
- Technical knowledge and proficiency with financial data
- Problem Solving and Time Management
- Written and Verbal communication skills
- Performance Monitoring
- Documentation and Reporting
- Trend Forecasting
- Process Enhancement
- Workflow Analysis
- Audit Support
- Project Management
- Detail knowledge of security tools such as Processunity, Venminder, Emass, Nessus, ServiceNow, Jira, Bidsight, Microsoft Office 365
Certification
- CompTIA Security plus
- Certified in Risk and Information Systems Control, CRISC
- Scrum Fundamentals Certified, SFC
- Project Management Professional, PMP
Languages
English
Full Professional
French
Full Professional
Chinese (Mandarin)
Professional Working
Timeline
Third-Party Risk Analyst
Romsds Inc
02.2023 - Current
Third Party Risk Analyst
HSK
05.2020 - 01.2023
IT Security Analyst
Eddins Enterprise
09.2018 - 01.2020
MS in computer science -
University of Houston
BS International Trade and Economics -
Shanghai Finance University
Similar Profiles
Sarah ElboussouniSarah Elboussouni
Party Host /Sales and Marketing Representative at Kangas Indoor PlaycenterParty Host /Sales and Marketing Representative at Kangas Indoor Playcenter
Jeremiah Jacob CherianJeremiah Jacob Cherian
Electric Guitarist at Worship Support NetworkElectric Guitarist at Worship Support Network
Dustin IngersollDustin Ingersoll
Flare Applications / Commissioning Technician at GBA-CORONAFlare Applications / Commissioning Technician at GBA-CORONA
Trastevia AcklinTrastevia Acklin
Food and Nutrition Supervisor at Houston Methodist HospitalFood and Nutrition Supervisor at Houston Methodist Hospital
Sue BachstadtSue Bachstadt
Third Party Risk Analyst-Third Party Risk Management at ExperianThird Party Risk Analyst-Third Party Risk Management at Experian