NANF CHRIST
Laurel,MD
Summary
Accomplished qualified Third Party Vendor Risk Analyst and Cyber Security Professional with 7+ years of experience in Third-Party Risk Management, expertly optimizing TPRM processes, conducting comprehensive vendor security reviews, and implementing effective risk mitigation strategies. Knowledgeable in governance, risk, and controls implementation related to various industry standards and compliances for best security practices. Expert at creating and updating policies and procedures, as well as assisting during compliance audits. Committed to long-term risk management through strong internal protocols and team training, with a proven track record of ensuring regulatory compliance and developing solution-oriented risk management strategies. Highly competent Risk Compliance Analyst with background in assessing, identifying and mitigating risks within financial sectors. Strengths include strong analytical skills, comprehensive understanding of regulatory compliance procedures, and ability to develop effective risk management strategies. Previous work impact includes successful implementation of risk management frameworks and fostering cross-functional collaborations for streamlined compliance processes.
Overview
8
8
years of professional experience
1
1
Certification
Work History
GRC (Governance Risk Compliance) ANALYST
Vibrint
Annapolis, Maryland
12.2020 - Current
- Reviewed, managed, and updated company policies, procedures, and controls implementation to ensure laws and regulations were up to date or respected
- Worked with other teams to ensure GRC (governance risk compliance) initiatives supported company goals
- Performed quality assessment (QA) on submitting inherent questionnaires and reviewed controls for SOC2 type2
- Built and maintained strong relationships with key stakeholders
- Performed risk scoring rating to improve continuous monitoring using BITSIGHT
- Conducted awareness training for new employees on vendor Risk Assessment and Risk Management
- Stayed up to date on changes in laws and regulations affecting the organization Maintaining user confidence and protecting operations by keeping information confidential
- Prepared company for yearly compliance certification by updating policies, standards, and procedures annually
- Ensured (ISMS) Information Security Management Systems manual was up to date
- Ensured (SOA) Statement of Applicability was up to date
- Examined, observed, and tested controls after changes occurred in preparation for the internal review/audit
- Ensured monthly scans were performed by working with vulnerability management team or (SOC) team
- Continuously monitored and reported on the effectiveness of the GRC (government risk compliance) program
- Identified and implemented process improvements in any changes
- Ensured business and disaster plan tests were conducted annually
- Ensured access reviews are conducted on a quarterly basis
- Performed risk assessments on a regular basis on all risks
- Ensured remediation of any exceptions/weaknesses/findings noted by the auditors before the audit ended and closed the findings
THIRD PARTY VENDOR RISK ANALYST
Retail Business Services
Alexandria, Virginia
08.2017 - 10.2019
- Conduct vendor risk assessment to ensure the security of Retail Business Service's third parties
- Review completed standardized information questionnaires based on vendor inherent risk
- Conduct due diligence on a new vendor, check their security, privacy, and compliance to make sure they meet our standards
- Facilitate vendor on-boarding process with different organization teams (business, procurement, legal, privacy)
- Collaborate with business owners to document vendor relationship and adherence to requirements as (SLAs) service level agreements
- Support procurement in the due diligence process by designing, reviewing, and updating requests for proposal questionnaires
- Review vendor's profile in Venminder tool, request for proposal results to develop inherent questionnaires
- Evaluate results to classify vendors into appropriate risk categories (critical, high, moderate, low)
- Review SIG questionnaires responses from vendors
- Assist in classifying Retail Business Services data to facilitate vendor scoping/tiering
- Coordinate with stakeholders to initiate scope and plan vendor assessments of new and existing vendors
- Work with the procurement team to review vendor contracts
- Review vendor policies and procedures to ensure compliance with regulatory requirements
- Interact with vendors to discuss appropriate plan of action and deadlines for all identified gaps
- Assist vendor in understanding security controls and evidence needed for the controls
- Assist in developing third party related internal policies and procedures for my company
- Write reports detailing findings and communicate them to stakeholders, ensuring informed decision making
- Diligently Track and update the Risk Register regularly
- Monitor mitigation efforts and residual risk levels
- Ensure progress in reducing potential threats
- Develop information security training and awareness to maintain a security awareness program in the organization
- Conduct continuous monitoring processes using BITSIGHT tool to ensure vendors (SLA, s) service level agreements performance
I.T. HELP DESK
Marriot International hotel
New Orleans, Louisiana
01.2017 - 06.2017
- Responded to incoming requests via phone, email, and chat, meeting SLAs and exceeding customer satisfaction targets
- Troubleshot and resolved technical issues related to hardware, software, and network connectivity
- Documented all interactions in the ticketing system, maintaining accurate and up to date records
- Collaborated with second-level support teams to resolve complex problems
- Conducted training sessions for new hires and provided knowledge transfer to colleagues
- Troubleshot and resolved IT-related and application issues
Education
Bachelor - Computer science
University of Douala
01.2015
Skills
- Identifying and managing risks
- Understanding security policies and best practices
- Reviewing and complying with industry standards
- Assessing vendor risks and conducting due diligence
- Understanding compliance regulations
- Analyzing and mitigating risks
- Communicating and negotiating with vendors
- Third-Party Risk Management
- Compliance Auditing
- Training and Education
- Problem-solving
- Risk Assessment/Audit Report
- Assisting in contract review
- Leadership Skills
- Familiar with different Standards and Compliance (SOC, ISO 27001, PCI-DSS, NIST CSF)
- Teamwork/team player
- Vendor onboarding and offboarding
- Attention to detail
- Fast learner
- Collaboration
- Leadership abilities
Certification
- CompTIA Security+
- CISA (Certified Information Security Auditor)
Languages
Native/Bilingual (French/English), Full Professional
Timeline
GRC (Governance Risk Compliance) ANALYST
Vibrint
12.2020 - Current
THIRD PARTY VENDOR RISK ANALYST
Retail Business Services
08.2017 - 10.2019
I.T. HELP DESK
Marriot International hotel
01.2017 - 06.2017
Bachelor - Computer science
University of Douala
Similar Profiles
Chrysta CochranChrysta Cochran
Certified Nurse's Assistant at Vibrint LifeCertified Nurse's Assistant at Vibrint Life
Peter ObinomenPeter Obinomen
Junior Developer at Star Tempest Legion (P1 Games)Junior Developer at Star Tempest Legion (P1 Games)
Morgan PremoMorgan Premo
Computer Science at Computer Science ClubComputer Science at Computer Science Club
IMANI BURKEIMANI BURKE
9th Grade English Teacher at Prince George County Public Schools9th Grade English Teacher at Prince George County Public Schools
Lonell WilliamsonLonell Williamson
Senior Closeout Specialist - Project Manager at Jefferson Solutions – Department of Transportation Federal Railroad AdministrationSenior Closeout Specialist - Project Manager at Jefferson Solutions – Department of Transportation Federal Railroad Administration