Romanus Orock

· Work in Partnership with Teams such as Business, Procurement, Security and Legal during vendor intake process.

· Act as liaison during organizations internal and external audits by gathering evidence and responding to security questions related to third parties.

· Create collaboration with information security team, documentation and workflow to assist with vendor Cyber events.

· Daily monitoring vendor Network security posture using BITSIGHT as reference tool.

· Collaborate with procurement team in developing IRQ for vendor’s response to classify suppliers into Low, Limited and High Risks base on risk factor.

· Conduct vendor security review by sending VSQ/SIGs requesting evidence, per supplier management standards.

· Develop findings for issues identified such as non-completion of security assessment and vulnerabilities observed during documentation review.

· Collaborate with suppliers, Business Unit and Upper management to resolve any roadblocks observed assessments as part of escalation activities processes.

· Evaluated responses and analyzed supporting evidence such as SOC Report Pen Test, Vulnerability Scan, information security Policy and procedure to identify any gap within the vendors control environment.

· Update risk registry and engage with vendor to obtain risk treatment plan, for all gaps and made recommendations.

· Create Vendor Risk Assessment Report to escalate issues when necessary.

· Create findings for issues identified during daily monitoring of onboarding supplier.

· Periodically checked supplier contract agreement for expiration, COIs, Performance and provide report to Business unit manager.

· Ability to communicate vendor security issues to stakeholders, ensuring proper understanding of emerging risks associated with vendor engagement.

· Performed Continuous monitoring and reassessment with experience using BITSIGHT and security scorecard to make sure vendor controls are properly implemented hence maintaining data security.

Reexamined and made recommendations on organization-wide polices and procedures to ensure organization maintain good security posture, meet requirements and compliance with

• Conducted security audits to identify vulnerabilities.
• Maintained up-to-date knowledge of emerging threats by attending professional development events and staying informed on industry trends.
• Streamlined incident response procedures for quicker threat mitigation and improved system uptime.
• Analyzed log files for anomalies, identifying potential intrusions or malicious activity before significant damage occurred.