Nancy Agyapon

• Initiate third-party risk governance efforts by engaging with business partners and vendors.
• Ensure that vendor risk management activities are completed promptly through regular follow-ups.
• Perform quality assurance reviews to confirm the accurate collection of necessary information and data.
• Maintain and update the Third-Party Risk Management solution, including the uploading of relevant documents.
• Offer support and training to vendors and business partners to promote compliance and understanding.
• Provide updates on project status and escalate any issues to the Vendor Management Manager.
• Involved in special projects and assignments to improve vendor management practices.

• Managed day-to-day communications with multiple vendors simultaneously.
• Collaborated with cross-functional teams to ensure successful execution of vendor projects.
• Assisted with centralizing all vendors into governance risk tool.
• Made sure risk register is up-to-date
• Ensured compliance with relevant regulations and laws governing vendor relationships.
• Identified opportunities for process improvements within the vendor management program.

• Performs third party identification, risk assessment and Tier classification based on their services and level of access to data.
• Administer Inherent Risk Questionnaire to business unit and Security Questionnaire to vendors point of contact with set of instructions and timeline.
• Utilization of GRC tool, Archer to conduct application assessment and track issues identified during the assessment with supporting mitigations measures.
• Review and evaluate vulnerability scans, pen-test, and SOC 2 type 2 reports of third-party companies to assess their overall risk and impact level.
• Develop third-party risk assessment reports of identified findings and recommend corrective actions for management consideration.
• Prepare, evaluate, and review mitigation plans that keep residual risk within the organization minimal.
• Conduct ongoing re-assessment and monitor vendors to ensure compliance after the offboarding process has been completed, change in ownership, scope of practice or breach in their database.
• Identify and analyze conditions, with input from management and key stakeholders, for third parties requiring risk exceptions/acceptance and documents, escalates and retains approval, as needed.
• Provide recommendations regarding qualitative and quantitative aspects of potential third parties to determine if a relationship would help achieve the organization's operational and financial goals.

Assess the effect of any changes in key third party personnel involved in the relationship with the organization.

• Review the adequacy and adherence of the third party’s policies relating to internal controls and security issues.
• Ensure integration with other relevant functions and processes, e.g., procurement.
• Knowledge of controls and industry standard frameworks (COSO, COBIT, NIST SOC, ISO,).

• Conducted reviews of flagged transactions and reports that showed potential suspicious activity.
• Documented investigative findings in reports.
• Reported findings on risk exposures to senior executives and board of directors.
• Managed and executed risk management projects to determine deficiencies and appropriate corrective actions.