Patience Tembi

• Developed short-term goals and long-term strategic plans to improve risk control and mitigation.
• Produced accurate and timely collections reports, facilitating measurement, decision-making and engagement with customers.
• Built and harmonized operations reports for team leaders, senior managers and executives.
• Established strategy for operations reporting and analytics, identifying key needs for deliverables.

· Initiate vendor outreach in support of various Humana products and client initiatives, and as needed, set up initial kick off calls with vendors.

· Send out the requests to the Vendor’s point of contact.

· Monitor request status for overdue escalations and send out vendor escalation emails.

· Respond to high level vendor questions.

· Identify and recommend appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to a level acceptable to the client.

· Identify and report on new and emerging security risk and risk trends, including participating in risk remediation solution discussions and recommending updates to policy and standards.

· Consistently deliver on assigned workload, tasks and deadlines while following established service level agreements and leveraging appropriate tools and professional standards.

· Continuously demonstrate the ability to work both independently and as a team member while representing the services of Humana with the highest level of professionalism.

· Perform due diligence with third party vendors to ensure compliance with organization requirements.

· Work as a liaison with vendors and the legal and purchasing departments to establish acceptable contract language aligned with the cyber security protection addendum.

Reviewing incoming third-party engagement requests, performing quality checks of risk profile information for completeness and accuracy, and following up with business requestors as needed.

· Managing the pipeline of incoming requests across the procurement intake system and TPRM system to ensure due diligence questionnaires are scoped and sent to third parties and timely responses are received.

· Coordinating with cross-functional review teams including Sanctions, Security, Compliance, Risk, Privacy, and others to ensure reviews are progressing and assessments are completed within SLAs.

· Following up with third parties regarding incomplete submissions or follow-up questions required to complete assessments.

· Reviewing third party responses for Enterprise Risk and TP Risk Management and perform risk assessments.

· Monitoring open issues and mitigation plans to ensure timely closure.

· Contributing to periodic monitoring, program and process documentation and risk remediation efforts.

· Partnering with key stakeholders to implement tools and automation that support effective management and oversight of third-party risk and mature processes to scale the program.

· Managing Key Performance and Key Risk Indicators and other metrics and regular reporting to measure and track compliance, risk, and the effectiveness of the program including regular reporting to internal as well as external stakeholders such as regulators.

· Developing and delivering training to build awareness of third-party risks and TPRM processes.

• Reviewed audit and monitoring reports related to consumer and client activities.
• Stayed current with latest changes to applicable regulatory standards and company procedures.
• Supported and trained customers on compliance-related issues.
• Helped create training programs to handle system-wide issues and maintain compliance.

· Developed, maintained, and supported security communication, awareness, and training for audiences throughout the organization.

· Assisted with the implementation of a risk management program and framework.

· Supported process improvement through the development of policy, guidance, and process documents in alignment with overarching cyber security framework and standards.

· Further refine control and audit mechanisms to monitor and maintain compliance with framework and standards.

· Worked with various stakeholders to identify information asset owners to classify data and systems.

· Informed, advised, and issued recommendations regarding regulatory compliance with respect to data protection laws.

· Provided Cyber security consultancy with the IT security project Managers and wider teams for security requirements and solutions.

· Served as the primary PCI professional, bridging communication between our organization and the auditing firm.

· Oversea the implementation of controls defined by SOC2 and ensures that they are operating effectively. This involves working closely with various teams across the organization to implement and monitor controls, perform regular assessments, and address any identified gaps or issues.

· Demonstrated substantial experience in PCI DSS audits, with a focus on gathering information, controls, and statements for compliance.

· Coordinate and schedule walk throughs, interviews, and evidence-gathering sessions to support comprehensive audits.

· Leverage mid-senior level experience, showcasing proficiency in navigating various audits and frameworks while understanding how PCI coexists within environment.

· Provide valuable insights into other audits, contributing to a holistic understanding of compliance requirements.

• Stayed current with latest changes to applicable regulatory standards and company procedures
• Developed improvement and corrective action plans to bring operations in line with requirements
• Reviewed audit and monitoring reports related to consumer and client activities