Mabe Atone-Nforlem

• Optimization of Third-Party Risk Management Process (TPRM) to meet Florida Blue's goals and Industry standards
• Collaborate with different teams and prospective third parties during vendor onboarding activities.
• Review vendor intake forms and use cases to ensure appropriate Tier to drive security assessments.
• Complete inherent risk/ categorization of all newly submitted third parties/vendors
• Lead security assessments for all third-party/service providers
• Review vendor security questionnaires (SIG) and supporting evidences to evaluate vendor security posture.
• Work with vendor relationship manager to resolve vendor related issues especially on non-responsive vendors and vendors’ refusal to provide evidence for assessment.
• Review SOC 2 Type 2, scans results, Penetration tests results, policies in order to identify vulnerabilities and gaps in vendors' environments.
• Identify and evaluate vendor’s risks findings, request mitigation summary of all Critical and High severity findings, track Risk treatment plans, and make recommendations
• Communicate vendor security issues to stakeholders, ensuring good understanding of associated risks and actions needed to remediate those risks
• Engage with Legal team during review of vendors contracts to ensure Security concerns are addressed.
• Document and assign all identified risk to specified risk owners and update risk register on remediation status
• Review and maintain policies and procedures to make sure it aligns with organization standards
• Assist in reviewing internal security controls to ensure organizations meet and maintain compliances
• Act as liaison during organization internal and external audits
• Conduct internal security controls review, and drive corrective action plans.
• Completed paperwork, recognizing discrepancies and promptly addressing for resolution.
• Experience with integrated risks management tools-RSA Archer.

• Responsible for documenting and maintaining accurate vendor inventory in database
• Completing daily activities associated with, but not limited to the following:

o Identification of third parties not in the vendor inventory database

o Engaging Vendor Managers and/or vendors for onboarding of third parties

o Onboarding third party engagements including performing/facilitating/documenting all efforts and results

o Conducting assessments on the third parties and identifying potential risk

o Continued monitoring and management of third party engagements, as defined through the help of BitSight, LexisNexis and other relevant tools.

• Effectively communicate with internal departments, including, but not limited to Legal, Information Security, IT, and Procurement
• Accountable for identification and tracking of vendor issues and associated remediation plans, including reporting and escalation activities.
• Work with vendor contacts to ensure that plans of actions and milestones or remediation plans are in place for findings /vulnerabilities identified via third party sources.
• Supporting cultural integration and institutionalization of Vendor Risk program
• Other duties and projects as assigned.

• Assist in managing the company's vendor lifecycle phases of planning, due diligence, contract negotiation, ongoing monitoring and termination.
• Develop and maintain effective working relationships with vendors to create open channels of communication and ensure vendors align with company's priorities and goals.
• Conduct risk assessment on vendors to identify risk levels.
• Develop treatment plans for identified issues that have been recorded in ZenGRC.
• Evaluate SOC reports, vendors questionnaires responses and examine

evidence to validate controls implementation.

• Familiar / worked with GRC tools such as JIRA, ZenGRC, OneTrust and communication platforms (teams, Webex etc).
• Review and assess vulnerability scans /penetration test reports and request remediation where applicable.
• Participated in organization audit processes (Soc 1, Soc 2 and ISO 27001) audits.

• Assisted in conducting risk scoring/rating of vendors based on organizational matrix.
• Worked with vendors to discuss appropriate remediation actions and deadlines for all identified gaps
• Supported internal controls review, update and ensured proper controls implementation with effective evidences in place.
• Collaborated with various teams and controls owners to ensure policies and procedures are met.
• Worked with vendors to reduce and mitigate findings identified in vendors audit reports.
• Responded to security questionnaires inquiries.
• Reviewed audits reports such as SOC 1, 2 to make sure it complies with company's control standards and developed correctives actions plans.
• Participated in audits such as SOC 1 , SOC 2, ISO 22301 to ensure compliance.