Michael Nwachukwu
Durham,NC
Summary
Professional CyberSecurity Analyst with over five years of expertise in Information Security with a focus on Third Party Vendor Risk Assessment and CyberSecurity best practices. Real-world experience with risk management, vendor due diligence, and compliance. A track record of successfully identifying, evaluating, and mitigating vendor-related risks to guarantee compliance to industry regulations and company policies. A person with a focus on results who is familiar with the following industry compliance programs: NIST, GDPR, CCPA, ISO 27001, PCI-DSS, HIPAA, HITRUST, and best security practices. A dynamic IT specialist that can adapt to shifting settings, has strong communication and analytical abilities, and works well with people at all levels. A track record of being able to direct and lead, think creatively, and pay close attention to detail.
Overview
6
6
years of professional experience
1
1
Certification
Work History
KY3P Control Assessor
S&P Global
08.2024 - Current
- Review and evaluate completed questionnaire(s) and supporting materials provided by suppliers to ensure completeness and alignment with KY3P product standards
- Manage all aspects of the risk assessment process and lead assessments of suppliers, providing the overall technical, risk and security expertise needed to determine control disposition
- Effectively communicate with key stakeholders (third parties and internal owners) to ensure a positive assessment experience
Third Party Risk Management Analyst II
Erie Insurance Group
07.2023 - 08.2024
- Analyzes responses to third-party assessment questionnaires and reviews supporting documentation (SOC reports, etc.) received from vendors to identify and evaluate the risks in establishing or continuing operations with them
- Composes assessment reports containing findings and recommendations and presents them to the business and the third party, where appropriate
- Works with other subject matter experts from the Law, Privacy, Information Security, Enterprise Risk Management, Sourcing and Vendor Management, Business Continuity and Disaster Recovery Departments, and business areas to apply risk assessment criteria in line with corporate policies
- Works directly with vendors to assist them in effectively managing operational risks related to the identification of potential areas of concern with business processes, applications, and systems
- Assigns an overall risk rating with refined qualifications based on potential risk in business processes, applications, and systems
- Works with internal business owners to assist them and, if necessary, build a plan for effectively managing third party operational risks related to business processes, applications, and systems
- Works with interdisciplinary teams across ERIE to ensure identified risks that require mitigation have a plan developed and are executed for resolution
- Promotes and delivers continuous training and awareness to business partners on vendor risks and enhances ERIE's internal service model that informs business owners of key risks in a timely manner
IT Risk Analyst (TPRM)
TrueAccord
09.2020 - 04.2023
- Identify, validate, and mitigate IT and cybersecurity risk through risk/security assessments of vendors and other third parties
- Create and update vendor questionnaires for inherent risk and vendor onboarding and work directly with stakeholders to effectively communicate information on TrueAccord security controls
- Conduct detailed vendor risk assessments and accurately determine the risk rating with qualifications based on the potential impact and likelihood
- Work with Legal, Procurement, and other departments to facilitate the contract review and approval process and communicate risk assessment findings
- Use a risk-based approach to conduct a reassessment of vendors periodically and monitor third-party vendors' security practices and compliance with contractual obligations
- Strong understanding of vendor management best practices and methodologies
- Support continuous monitoring of Suppliers and Third Parties to review compliance against compliance and regulatory requirements
- Tiering suppliers based on Data Sensitivity and Business Criticality both on an automated and manual approach
- Review required documentation and reports to onboard vendors such as SOC 2 Type 2, Penetration report, AOC, and more for a financial service infrastructure
Cybersecurity Risk Analyst
Valeo
06.2018 - 05.2020
- Conduct Cyber Security Risk Assessments for Regulatory Compliance for Third Party Risk
- Perform a Gap Analysis to align products with applicable regulations, guidelines, and standards along with executing Quality Control processes to ensure accurate mapping
- Partner with Procurement and Legal in the contract negotiation process to ensure appropriate security obligations are incorporated in vendor agreement/contract
- Manage tracking of identified findings and actions to closure and reporting to leadership
- Tag vendor with appropriate risk tier to determine the next reassessment date
- Develop and maintain high-quality risk assessment documentation covering findings, risk ratings, justifications, and recommendations in our tool and risk register
- Execute monthly validations of the Data Mapping and Data Flow Diagrams created for Data Privacy requirements
- Develop and deliver security awareness and training programs tailored to team members and educate employees on security best practices, policies, and procedures to foster a culture of security awareness and compliance
- Perform IT audit and compliance tasks including gathering information, requesting and examining controls evidence, and acting as the liaison for internal and external audits, and other GRC assessments
- Strong knowledge of vendor management software and tools such as OneTrust to conduct assessments
Education
Bachelor Of Science -
North Carolina Central University
Durham, NCSkills
- Conducting Risk Assessments
- Vendor management software
- Continuous monitoring
- Governance, Risk, and Compliance
- Data Mapping
- Testing ITGC Controls
- Gap Analysis
- Technical knowledge
- Understanding of security frameworks
- Financial Service Industry
- Insurance Industry
- Conducting Issues with recommended actions
- Analytical skills
- Critical thinking skills
- Communication skills
- Presentation skills
- Continuous learning
- Attention to detail
- Multitasking
- Proficient in Microsoft Office
- Proficient in Google Suite
- Time management
- Self-motivation
- Understanding of IT and cyber security risks
- Awareness and Training program development
- Written communication skills
- Verbal communication skills
- Preparing for Information Security audit
Certification
- CompTIA Security+
- Certified Information Security Auditor (CISA)
- Certified Third Party Risk Assessor (CTPRA)
- CRISC In Progress
Organization
Omega Psi Phi Fraternity, Inc., Member March 2020 - Present
Timeline
KY3P Control Assessor
S&P Global
08.2024 - Current
Third Party Risk Management Analyst II
Erie Insurance Group
07.2023 - 08.2024
IT Risk Analyst (TPRM)
TrueAccord
09.2020 - 04.2023
Cybersecurity Risk Analyst
Valeo
06.2018 - 05.2020
Bachelor Of Science -
North Carolina Central University
Similar Profiles
SUSHANTH REDDY MyakaSUSHANTH REDDY Myaka
Senior Data Quality Researcher at S&P GlobalSenior Data Quality Researcher at S&P Global
Ismail MohammedIsmail Mohammed
Data Specialist at S&P GlobalData Specialist at S&P Global
Suraj ShettySuraj Shetty
Principal Analyst – Automotive | S&P Mobility at S&P GlobalPrincipal Analyst – Automotive | S&P Mobility at S&P Global
Komal Komal null
Research Associate II at S&P GlobalResearch Associate II at S&P Global
Carlos CastroCarlos Castro
Teller at Wells FargoTeller at Wells Fargo