OLA IBIWOYE

· Review and validate all controls at the vendor site to ensure data confidentiality.

· Assess completed questionnaires (based on questionnaire responses and supporting evidence), identify findings, determine required remediation, validate residual risk rating, and develop comprehensive risk assessment report.

· Leads remediation, categorization, organization, and prioritization of vulnerabilities found through vulnerability scanning and 3rd party penetration testing.

· Develop methodology of risk ranking vendors and streamlined level of effort for each assessment.

· Review all essential security policies and procedures documentation.

· Work as a remediation analyst to ensure all gaps discovered during the assessment are remediated or mitigated timely. This may include performing interviews, document design assessments, and walkthroughs of IT and cybersecurity controls.

· Performed continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites.

· Experience with e-GRC tools such as RSA Archer, Process unity and service Now to ensure secured and prompt communication of findings and deployments of questionnaire to the vendor and to track vendor progress on remediation.

· Work with vendors to ensure adequate tiering for the vendors based on the level of data they have access to.

· Facilities vendor assessments to include evaluations on controls, financial viability, and other key factors. Prepares and presents reports of the assessment results to different levels of management.

· Experience in all Microsoft Office suite applications, JIRA, Confluence, SharePoint, and other business-related software systems

· Subject Matter expert in Bitsight

· Design and constantly upgrading suppliers’ questionnaires to ensure all areas of new threat signatures discovered are covered.

· Administer questionnaires to all vendors to determine the control effectiveness.

· Conduct in-dept risk-based security assessments of housed, cloud and vendor third party hosted environment. Assessment focus on Incident Management, Physical Security, Identity & Access Management, Encryption. Data Loss Prevention, Incident Management, Security Infrastructure and Security Policy.

· Administered assessment questionnaires to our vendors.

· Performed continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites.

· Help with the Business continuity internal review

· Collaborate with stakeholders across multiples teams in leadership, sourcing, vendor management and other internal risk management stakeholders

· Coordinates with internal and external audit resources on information technology reviews and examinations.

· Collaborates with the company's Information Technology managers to ensure full compliance of company policies, procedures, and standards.

· Apply risk-based approach to tailor assessment questionnaire and distribute to vendors.

· Act as remediation analyst to work with vendors in remediating findings discovered during the onsite/virtual assessment.

· Manage the risk assessment and due diligence processes throughout the third-party lifecycle

· Manage risk assessments from on-boarding and off-boarding leveraging on HITRUST.

· Assessed operational fitness of assigned third parties through due diligence reviews.

· Conducts incident review meetings to identify vulnerabilities, response activities, and remediation plans to prevent future negative occurrences. Documents and presents findings to the appropriate governance bodies.

· Performed audit of IT general and application controls, information security, systems development, change management, business continuity, and disaster recovery.

· Assist in the performance of complex audits such as ISO 27001 internal audits.

· Act as peer-to-peer review for other colleagues to ensure all findings are accurate and well defined.

· Validated all controls at the vendor site to ensure their confidentiality, integrity, and availability of our data in their custody.

· Work with both internal and external Audit to support any organization assessments.

· Coordinate InfoSec meetings related to remediation of risks, audits, and vulnerabilities.

· Review Vendor SOC II Report

· Ensure third party relationship adherence to company’s policies, procedures and compliant with regulatory guidelines and industry best practices.

• Facilitated remediation for any third-party related operational issues as needed.
• Assess operational fitness of assigned third parties through due diligence reviews.

· Provide ongoing monitoring for third party risk due diligence.

· Document and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities

· Assist in the development of third-party risk management programs.