MIRACLE OGBOR AMAH
Peoria,Illinois
Summary
Dynamic IT Vendor Risk Analyst with a proven track record at Summit Credit Union, excelling in risk assessment and management. Spearheaded vendor evaluations, enhancing compliance and reducing incidents by 10%. Adept at cross-functional collaboration and policy development, ensuring robust security frameworks and effective stakeholder communication.
Overview
9
9
years of professional experience
Work History
IT VENDOR RISK ANALYST
Summit Credit Union
02.2024 - Current
- Developed third-party risk management strategies, methodologies, and workflows aligned with Summit's security, privacy, and business objectives, leveraging NIST and ISO 27001 frameworks, which streamlined vendor onboarding and reduced assessment time
- Oversaw vendor security evaluations, analyzed controls and compliance documentation, and implemented automated methodologies for high-risk domains such as cloud security and data privacy, which accelerated assessment cycles and improved risk visibility
- Collaborated with procurement, IT, legal, and external vendors as SME for technical risks, communicated remediation strategies to technical teams and executive leadership, enabling timely risk mitigation and reducing exposure.
- Conducted nearly 2,000 comprehensive vendor risk reviews, evaluating cybersecurity posture, data protection practices, and operational resilience, which identified critical gaps and guided remediation plans to strengthen overall vendor security
- Assessed vendors across IT security, compliance, financial stability, and business continuity using a risk-scoring matrix and KPI tracking, identifying high-risk vendors to guide informed procurement decisions.
- Authored and maintained vendor risk management policies and procedures, ensuring alignment with regulatory requirements and industry best practices.
- Collaborated with IT, compliance, and legal teams to implement and update governance frameworks based on NIST CSF, resulting in a unified risk-assessment process across the organization
- Reviewed and monitored vendor contracts to ensure inclusion of critical risk mitigation clauses (e.g., breach notification, data handling, SLAs).
- Worked with legal and procurement teams to negotiate terms that align with organizational risk appetite.
- Performed in-depth due diligence on third-party vendors, including analysis of SOC reports, ISO certifications, and regulatory compliance (e.g., GDPR, HIPAA).
- Developed and maintained vendor risk scoring models to quantify and communicate risk levels to stakeholders.
- Generated detailed reports and dashboards for leadership and audit teams, enhancing visibility into vendor risk and compliance status.
- Tracked vendor adherence to performance metrics and compliance obligations through periodic reviews and assessments.
- Participated in vendor-related incident investigations, ensuring timely response and remediation of security breaches or compliance failures.
- Partnered with internal teams including IT Security, Legal, Procurement, and Business Units to ensure cohesive vendor risk strategies.
- Provided documentation and evidence for internal and external audits, supporting regulatory compliance and risk management initiatives.
- Maintained a centralized repository of vendor profiles, risk ratings, and assessment history for transparency and tracking.
- Refined risk assessment methodologies and tools to adapt to emerging threats and evolving regulatory landscapes.
GRC ANALYST
Thelix Holdings
06.2021 - 02.2024
- Developed and executed tailored GRC strategies using Excel and Microsoft 365, which cut audit preparation time by 20% and achieved a 98% compliance rating (Venmonitor)
- Pioneered risk assessments using NIST framework and Jira to evaluate security, compliance, and operational risks for clients, enhancing identification accuracy of potential risks and vulnerabilities by 15%.
- Collaborated closely with cross-functional teams to conceptualize and enhance risk mitigation processes, resulting in a substantial 25% reduction in cybersecurity incidents.
- Monitored regulatory changes and translated into practical, action-ready policies, thereby ensuring an unwavering 100% compliance with the most up-to-date industry standards.
- Performed in-depth security audits and vulnerability assessments, identifying and remediating 10 critical vulnerabilities, thus fortifying client security.
- Streamlined incident response procedures, reducing resolution time by 30% and minimizing potential financial losses.
- Established and maintained relationships with third-party compliance partners, achieving a 15% decrease in security incidents involving vendors.
- Prepared and delivered engaging, informative training sessions on GRC best practices for the internal team, enhancing overall compliance awareness by a substantial 25%.
VENDOR RISK ANALYST
Thelix Holdings
02.2017 - 05.2021
- Engaged in the development and successful implementation of vendor risk management strategies, leading to a 15% decrease in third-party compliance violations.
- Performed vendor assessments using a risk-assessment framework and data-analysis tools, evaluated security and compliance factors, and reduced vendor-related security incidents by 10%
- Designed and executed a timely vendor risk monitoring system, reducing potential risks by an appreciable 15%.
- Created and maintained vendor risk database, integrating risk scores and audit logs to increase efficiency of vendor assessment processes by 25%
- Audited vendor contracts to ensure unwavering compliance with industry standards and regulatory requirements, culminating in an impressive 98% vendor contract compliance rate.
- Collaborated with procurement teams to design a streamlined vendor onboarding workflow using automated checklists, cutting onboarding time by 20%
- Liaised with vendors to identify and resolve potential issues, enhancing security and compliance measures and increasing vendor collaboration efficiency by 30%
- Conducted vendor risk training sessions for internal teams, enhancing vendor risk awareness by 20%
Education
Doctoral Degree - Arts
James Madison University
Harrisonburg, Virginia05.2022
Some College (No Degree) - Certified Regulatory Vendor Program Manager
Compliance Education Institute
OnlineSkills
- Risk assessment and management
- Vendor risk oversight
- Regulatory compliance
- Audit and monitoring
- Documentation control
- Policy development and implementation
- Stakeholder communication
- Task supervision
- Report analysis
- NDA review
- Stakeholder presentations
- Cross-functional collaboration
- Due diligence onboarding
- Issue tracking and monitoring
- Offboarding processes
- Supervisory responsibilities
- Training and education programs
- Incident response planning
- Business continuity strategies
- Data privacy management
- IT security frameworks
- Data analysis and interpretation
- KPI and KRI evaluation
- ServiceNow proficiency
- Office tools proficiency
- Clear communication skills
- Procurement and contract management
- Risk remediation and escalation
Accomplishments
- Implemented process improvements that reduced audit completion times by 20%.
- Spearheaded a vendor collaboration initiative that established stronger partnerships with key vendors.
- Led the implementation of a comprehensive cyber resilience program.
- Conducted 2500+ risk assessments and training sessions.
Timeline
IT VENDOR RISK ANALYST
Summit Credit Union
02.2024 - Current
GRC ANALYST
Thelix Holdings
06.2021 - 02.2024
VENDOR RISK ANALYST
Thelix Holdings
02.2017 - 05.2021
Doctoral Degree - Arts
James Madison University
Some College (No Degree) - Certified Regulatory Vendor Program Manager
Compliance Education Institute