Mulet Dompierre

Conduct periodic security risk assessment on vendors to ensure that security controls are appropriately.

designed, implemented, and produce the desired outcome.

Mitigates vendor risk through oversight activities.  Creating vendor profile into the Rsam tool once a new vendor has been identified by the Business
OwnerEstablishes a consistent standard for assessing third party vendor risk.  Implements an effective process to evaluate third party vendor risk and oversight of the related vendor
activities  Making sure the vendors comply with applicable legal and governance requirements  Conduct continuous monitoring throughout the life cycle of the vendor to ensure that security controls
are appropriately designed, implemented and produce the desired outcome.  Analyze vendors processes to determine deficiencies within their controls that could violate applicable
law, regulation, framework or internal policies and procedures then recommend the appropriate
frameworks.  Submitted inherent risk questionnaire and work with the various partners to ensure accuracy.  Present gap analysis to stakeholders and management to give a better knowledge of the risk level.

 Perform periodic vendor risk assessment to make sure vendor controls are properly implemented to
ensure the trusted service principles of security, confidentiality, integrity, availability, and privacy
throughout the contract are maintained and risk reduced.  Handles customers security assessments on the client facing side
 Review SOC 2 reports, penetration test report, vulnerability scan reports, business continuity plans,
disaster recovery and incidence response plans as supporting evidence backing up the information
security questionnaire.  Initiate and lead vendor report and recommendation to manager for approval, closely collaborating
other key stakeholders in organization.  Analyze data classification based on business criticality and data sensitivity and risk rating which will
enable us to tier the vendor into (High, Medium and low).  Work with 3rd party auditors to finalize audit findings and created remediation steps for risk gaps
identified which were communicated to management and audit committee to drive security
governance.  Working with FDR ( ( First Tier Down Stream Related Entity) downstream Entity Attestation that the
company implements and maintains: Fraud,waste and abuse and General compliance
training,Distribution of a code of conduct and/or compliance policies, Exclusions/
Debarment,Monitoring and Auditing,safeguards to ensure protection of PHI,  Open a risk treatment plan after conducting an assessment and recommendations to manager for
review (Risk Acceptance, Mitigation, Transfer and Avoidance) based on ISO 27001 risk assessment.  Open a risk treatment plan following the company’s completion of its risk assessment, documenting its
action to address each risk identified during the assessment process. (Risk Acceptance, Mitigation,
transfer and avoidance).  Coordinate and submit the SIG questionnaire to vendors to respond to the questions within a given
time frame.  Participate in quarterly security reviews with (CEO, CTO, PTD, and other Stakeholders) on the security
posture of my organization through(zoom).  Raised awareness and training for situational security of end-users reduce phishing risk by training
users on emerging phishing threats.  Submit monthly reports to the chief information officer regarding the statues of new vendors and
existing vendors via risk matrix then drafting executive summaries.  Perform continuing monitoring to remediating risk after a risk assessment has been conducted.  Review Security and participating in contracts working with our legal and procurement team to make
sure security terminologies are incorporated into as required and equally ensures that the contractual
requirements raised during assessment are incorporated into the contract documents.  Establish an Executive Summary at the of vendor assessment showing the Impact level, Likelihood and
the Risk rating to upper management.  Assessing Control testing , working with control owners by making sure that our internal controls are
operating effectively as designed ,by inquiry screenshoots, inspections interview, walkthroughs.  Making sure that risk, threats and vulnerabilities identified while conducting an assessment are
mitigated by implementing appropriate security controls to a residual risk level.  Perform regulatory compliance and risk assessments to identify and mitigate compliance and cyber

• Performed periodic vendor risk assessment to make sure vendor controls are properly implemented to ensure the trusted service principles of security, confidentiality, integrity, availability, and privacy throughout the contract are maintained and risk reduced
• Identified gaps and create a risk treatment plan/corrective action plan to track gap remediation process as well as providing recommendations
• Reviewed SOC 2 reports, penetration test report, vulnerability scan reports, business continuity plans, disaster recovery and incidence response plans as supporting evidence backing up the information security questionnaire
• Conducted regular audits of IT systems to verify the adherence to established security policies and regulatory requirements
• Worked with 3rd party auditors to finalize audit findings and created remediation steps for risk gaps identified which were communicated to management and audit committee to drive security governance
• Proactively advise management on key risk areas and ensure that processes and quality control techniques are implemented and adopted to support the company's growth through continuous oversight and remediation efforts
• Performed HITRUST control mapping into established or existence ISO 27001 policies and procedures for HITRUST compliance
• Reduced operational risk through conducting regular audits and compliance checks of information security practices
• Applied business management principles to coordinate and oversee all activities related to information security compliance
• Reviewed alerts generated by detection infrastructure for false positive alerts and modified alerts as needed
• Used Cisco Sourcefire to monitor network traffic to ensure malicious network traffic is dropped
• Analyzed and responded to security events and incidents from Firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Network Access Control and other client data sources
• Developed dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc
• Investigated malicious phishing email, domains and IPS using open-source threat intelligence tools and recommend proper blocking based on analysis
• Ensured the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerabilities scanning devices
• Monitored, detected and investigated the operational status of monitoring components
• Performed proactive hunting for threats that may have escaped the monitoring system
• Perform network security monitoring and incident response for a large organization