Patience Nkwetta
Boston,MA
Summary
Highly qualified professional with over 10 years of experience delivering enterprise solutions across diverse IT environments. Proven expertise in developing and enhancing Third-Party Risk Management Programs (TRMP), privacy,and compliance initiatives to uphold security objectives of confidentiality, integrity, and availability. Skilled in collaborating with cross-functional teams—including Business Owners, Procurement, Legal, and Cybersecurity—throughout the entire lifecycle of third-party vendors, from onboarding to ongoing monitoring and offboarding. Well-versed in various Information Security frameworks and standards such as NIST, HIPAA, GDPR, PCI-DSS, ISO 27001, and HITRUST, with a strong commitment to establishing effective policies that mitigate risk while ensuring compliance with regulatory requirements.
Risk management professional with comprehensive understanding of risk assessment and mitigation. Adept at identifying and analyzing potential risks, implementing robust risk management strategies, and fostering collaboration to achieve organizational goals. Known for adaptability and reliability in dynamic environments, combined with strong analytical skills and keen eye for detail.
Overview
11
11
years of professional experience
1
1
Certification
Work History
Senior Information Security, Security Risk Analyst
South Shore Health
01.2020 - Current
- Engage with Business and Procurement in the vendor Onboarding process to ensure proper due diligence before contracting.
- Perform third party risk assessment from beginning to the end on new and existing vendors.
- Participate in internal and external audits especially with the internal audit team through evidence request, documenting findings, and remediation process.
- Conduct security assessment following frameworks, standard, regulations.
- Conduct continuous monitoring throughout the life cycle of the vendors.
- Maintain vendor relationship to discuss appropriate remediation actions and deadlines for all identified gaps.
- Analyze vendors processes to determine deficiencies within security controls that could violate applicable law, regulation, framework or internal policies and procedures.
- Schedule reassessment of vendors via document request to ensure the security controls are appropriately designed and functioning as implementation throughout the contract.
- Identify gaps and create a risk treatment plan/corrective action plan to track gap remediation process as well as providing recommendations.
- Review technical documentations such as SOC reports, penetration test report, vulnerability scan reports, Hitrust Certification, disaster recovery and incidence response plan as supporting evidence backing up the information security assessment.
- Write accurate security assessment reports and submit them to senior management for review and approval.
- Review and update documentation for TPRM policies and procedures on an annual basis
- Ensure third-party adherence to contractual/regulatory compliance to minimize risk of fines and reputational damage.
- Work with control owner/engineers to gather artifacts uploaded at the share point site, scrub documents in preparation for external audit.
- Researched knowledge and experience with security and risk frameworks, standards, best practices, and compliance (HIPAA, NIST, ISO, GDPR, CCP, PCI DSS, HITRUST)
- Develop and maintain risk registry.
- Assessed emerging risks through ongoing research and monitoring of industry trends, proactively addressing potential threats before they materialized into significant issues.
- Improved decision-making processes by providing insightful recommendations based on thorough risk analysis.
IT Risk& Compliance Analyst
Trintech Consulting
06.2014 - 12.2019
- Assisted in the development and implementation of a continuous monitoring program for IT compliance.
- Evaluated the likelihood that vulnerabilities could be exploited and assessed the impact associated with the threat and vulnerabilities.
- Experienced creating Standard Operational Policies (SOP) as well as system-based policies and procedures.
- Maintained up-to-date knowledge of cyber threats by reviewing regulatory bulletins and other sources of information through research, regulations in place, healthcare, not-for-profit, finance, technology, and sport industry.
- Partnered with clients to ensure that third-party vendors are properly screened, assessed, and continuously monitored to mitigate risk.
- Collaborated with business units to deliver enterprise risk assessment results; and identified solutions to minimize risk exposure.
- Facilitated and lead remediation activities for assessment, audit, and control findings as they relate to risk.
- Developed compliance training program materials and training of personnel as needed to ensure compliance.
- Ensured that policy and compliance documentation, requirements and controls are properly identified, tracked, reviewed, and reported for the institution to increase security posture.
- Prepared recommendation strategies that are made available to system owners, system admins or system engineers to remediate identified vulnerabilities.
- Performed internal audits to verify controls are implemented following standard guidelines (such as HITRUST, SOC1, SOC2, HIPAA, PCI)
- Collaborated with cross-functional teams to ensure consistent compliance practices across the organization.
- Promoted clear communication among stakeholders through detailed reporting on compliance status and issues resolution progress.
- Identified potential areas of vulnerability, working closely with stakeholders to address concerns proactively.
- Collaborated with cross-functional teams to ensure adherence to industry standards and regulations.
Education
Master of Science - Cybersecurity Technology
University of Maryland Global Campus (UMGC)
03.2021
Skills
- Risk Management
- Asset Security
- Communication & Networking
- Security Assessment & Testing
- Security Assessment Report
- Document Reviews
- Audit & Compliance
- Zen JRC
- ServiceNow
- Censinet
- BitSight
Certification
- Certified in Risk and information Systems Control (CRISC)
- CompTIA Security +
- Red Hat Certified System Administrator (RHCSA) certificate number: 180-033-607
- Certified Third Party Risk Management Professional(C3PRMP)
Languages
French
English
Timeline
Senior Information Security, Security Risk Analyst
South Shore Health
01.2020 - Current
IT Risk& Compliance Analyst
Trintech Consulting
06.2014 - 12.2019
Master of Science - Cybersecurity Technology
University of Maryland Global Campus (UMGC)
Awards
Won two academic awards from the University of Maryland Global Campus (UMGC) The National Society of Leadership and Success (NSLS) and Upsilon Pi Epsilon (UPE), International Honor Society for the Computing and Information Disciplines, based on academics’ achievements.
Similar Profiles
Kate LombardoKate Lombardo
Administrative Clinical Coordinator at South Shore HealthAdministrative Clinical Coordinator at South Shore Health
Kate CollinsKate Collins
Registered Nurse - Pre Surgery Evaluation at South Shore HealthRegistered Nurse - Pre Surgery Evaluation at South Shore Health
Michael KanaanMichael Kanaan
Patient Transporter at South Shore HealthPatient Transporter at South Shore Health
Jovany GomesJovany Gomes
Patient Transporter at South Shore HealthPatient Transporter at South Shore Health
Natasha SanchezNatasha Sanchez
CNA at Brighton HospiceCNA at Brighton Hospice