OGBAS III NEGUSE
Dallas,TX
Summary
Dedicated Third-Party Risk Analyst with 5 years of proven expertise in devising robust risk management strategies, conducting assessments, and enhancing security postures for clients in the Real estate and financial sectors. Proficient in aligning frameworks with industry standards, executing risk assessments, and implementing data privacy measures. Adept in leading third-party risk programs and ensuring compliance through meticulous IT control testing.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Third-Party Risk Analyst
Deloitte
02.2018 - Current
- Developed short-term goals and long-term strategic plans to improve risk control and mitigation.
- Performed risk assessments and control identification.
- Possesses substantial expertise in evaluating processes and controls within IT frameworks, encompassing areas such as user provisioning, user access reviews, password configuration, change management, leavers testing, access management, financial planning and analysis and IT operations management.
- Gathered insights into applications under audit scope to understand budgeted hours and conveyed the information to the resource management team for proper allocation of resources
- Promoted enterprise-level risk management practices and helped instill strong culture focused on protective policies and procedures.
- Analyzed vendor's due diligence documentation to arrive at a risk assessment ratings against risk methodology, and in accordance with regulatory and industry standards.
- Collaborated with cross-functional teams to develop comprehensive risk management policies, including vulnerability management, asset management, threat intelligence, endpoint security, Incident response, identity and access management, and security incident and event monitoring (SIEM).
- Aligned security frameworks with industry best practices such as NIST CSF, ISO 27001 & 27002, SOC 1 and SOC 2 resulting in enhanced Risk mitigation and regulatory compliance.
- Led maturity assessments across diverse security environments, identifying gaps and implementing tailored strategies that increased overall security posture by 30%.
- Orchestrated impactful risk assessments for two prominent clients - utilizing quantifiable metrics to measure risk exposure and prioritize remediation efforts.
- Managed third-party risk programs, collaborating with stakeholders to evaluate vendor risks, to which I reduced high-risk partnerships by 25% within 1 year.
- Conducted data privacy assessments, analyzing implications and providing recommendations that led to enhanced data protections measures and compliance with relevant regulations.
- Spearheaded risk assessments for data governance, integrating quantitative metrics to measure data integrity and availability, resulting in a 20% improvement in data management practices.
- Executed IT General control testing for SOX Audit, with a focus on logical access, change management, IT operations ensuring compliance and seamless audit outcomes.
- Collaborate with external partners and vendors to align cyber security governance efforts and ensure third-party compliance.
- Establish and maintain a cyber risk management program, including risk assessment methodologies, risk treatment plans, and risk reporting.
- Prepared the risk and control matrix along with attributes to facilitate testing completion.
- Use Process Unity to track vendor progress on remediation.
- Experience with e-GRC tools such as RSA Archer, ServiceNow, Risk Rhino to ensure secured and prompt communication of findings and deployments of questionnaires to the vendor and to track vendor progress on remediation.
Senior, Risk Control Analyst
Proven Systems Solutions
05.2015 - 01.2018
- Evaluated and updated policies and procedures based on departments continuously changing routines.
- Identified gaps in processes and facilitated the implementation of controls reporting to prevent any future high-risk issues.
- Ensure compliance with established policies by monitoring adherence, identifying policy exceptions, tracking risk decisions and working with stakeholders to implement corrective actions promptly.
- Assist in the review and maintenance of information security policies, standards, and guidelines in line with industry best practices and regulatory requirements.
- Worked with upper management to create remediation plans for current issues and facilitated the implementation of departmental resolutions.
- Provided actionable recommendation to the business unit for risk mitigation and risk acceptance decisions.
- Review risk and incident data and continuously review risk controls to ensure controls are effective and minimize safety risks across the organization.
- Perform IT control gap analysis and identify areas of potential/desired performance improvements.
- Reporting monthly and quarterly metrics on Risk and Compliance monitoring, incidents, and regulatory violations, using Excel modeling and MySQL.
- Performed Impact and Risk assessments over control deficiencies and deviations.
- Performed compliance reviews and assist with external third-party reviews and audits.
- Provided remediation support for CFPB and congressional complaints to evaluate the financial risk and prevent any future risk.
- Ran various internal manual and SQL based testing to analyze any additional departmental risk prior to implementation of new processes/projects to ensure proper controls are in place.
- Remediated erroneous test fails and created remediation plans to prevent new fails from occurring.
Business Controls Specialist
Mr. Cooper
02.2014 - 12.2014
- Created a testing blueprint for the first business controls for several departments within the organization.
- Developed and delivered presentations for tracking and monitoring of risk-related issues for levels of organization.
- Understood compliance and key regulations to positively influence business operations.
- Evaluated and developed test templates and testing plans specific to each department's processes to test the effectiveness of their controls. Test included evaluation of HMDA compliance, Illinois Anti-Predatory Compliance and the Fair Housing Act compliance. I specifically evaluated current ineffective controls to create remediation plans to strengthen or replace the ineffective controls.
- Implemented the usage of RCSA for housing testing materials including testing data results, comments and evidence to refute test fails.
- Conducted regression and remediation plan testing to ensure validity of line of businesses approved fix.
Education
Bachelor of Arts - Information of Technology
The University of Texas At San Antonio
San Antonio, TX05.2011
Skills
- NIST RMF
- FedRAMP
- Due Diligence Questionnaire (DDQ)
- Inherent Risk Questionnaire
- Risk Assessment & Mitigation
- Security Framework Alignment (NIST CSF, ISO 27002)
- Third-Party Risk Management
- Data Privacy & Governance
- IT General Control Testin (SOX Audit)
- Vulnerability Management (VM)
- Incident Response (IR)
- Identity & Access Management
- Security Incident & Event Monitoring (SIEM)
- RCSA & Cross-Functional Collaboration
- Contingency Plan Testing
- Microsoft Excel & PowerPoint/Suites
Certification
- Certified Information Systems Security Professional (CISSP) – In Progress.
- Certified in Risk and Information Systems Control (CRISC) – In Progress.
Timeline
Third-Party Risk Analyst
Deloitte
02.2018 - Current
Senior, Risk Control Analyst
Proven Systems Solutions
05.2015 - 01.2018
Business Controls Specialist
Mr. Cooper
02.2014 - 12.2014
Bachelor of Arts - Information of Technology
The University of Texas At San Antonio
Similar Profiles
Albert Laurentiu IonAlbert Laurentiu Ion
Junior Information Technology Consultant at DeloitteJunior Information Technology Consultant at Deloitte
Sai Rekha SuradaSai Rekha Surada
Solution Advisor - Manager FCC Investigations Team at DeloitteSolution Advisor - Manager FCC Investigations Team at Deloitte
Sai Ramesh VattiSai Ramesh Vatti
Sr. UIUX Consultant at DeloitteSr. UIUX Consultant at Deloitte