Steve Nzekeng
Beltsville,MD
Summary
Dedicated and Results-driven Vendor Risk Analyst with a proven track record of successfully managing and mitigating risks associated with third-party vendors. Over the past 5 years , have honed skills in assessing, monitoring, and enhancing vendor relationships to ensure compliance with regulatory requirements and safeguard the organization's interests.
Overview
5
5
years of professional experience
Work History
GRC Consultant
End To End Computing
2022.02 - Current
- Collaborate with internal stakeholders to define and implement effective vendor risk management strategies.
- Due Diligence: perform extensive due diligence on potential vendors, assessing their operational capabilities, security practices, and overall business practices.
- Review Intake form for accuracy and proper understanding of use case.
- Develop and provide cybersecurity risk management recommendations for customer.
- Tier vendors based on their data sensitivity, business criticality and dollar amount spent per year.
- Send out Questionnaire via VENMINDER/ZenGRC.
- Collaborate with legal and compliance teams to establish and enforce vendor contracts that include necessary safeguards and clauses, Also stay abreast of industry regulations and standards to ensure vendor activities align with legal and compliance requirements.
- Receive and review vendor's response alongside supporting artifacts: Vulnerability scan, infosec policies & procedures, Pen test report, Soc2 type2, BCP/DRP/IR etc..
- Questionnaire follow-up.
- Generate Risk Assessment Report.
GRC Risk Analyst
CROCS
2019.03 - 2021.12
- Conducted internal audits to assess effectiveness of GRC controls and processes.
- Ensured all policies, standards and procedures were up-to-date by reviewing them on annual basics or when change occurs.
- Ensured information security management system manual is up-to-date.
- Ensured Statement Of Applicability is up to date.
- Performed control self-assessment on annual basis or when change occurs, using Examine, Observe and Test method
- Ensure monthly scans are performed by working with SOC team or vulnerability management team.
- Educated and trained users on information security policies and procedures.
- Formulated, tested, and implemented security policies, plans, and procedures to safeguard organization
- Developed short-term goals and long-term strategic plans to improve risk control and mitigation
Education
Bachelor of Arts - Law (Pre-Law)
University of Yaounde
Cameroon08.2011
Skills
- Information Security
- Internal Auditing
- Incident Management
- HIPAA Compliance
- SOX Compliance
- Risk Mitigation
Accomplishments
- Used Microsoft Excel to develop inventory tracking spreadsheets.
- successfully implemented a Risk-based approach to vendor assessment,reducing the organization's exposure to potential threats by 30 per cent.
- Led the development of standardized vendor risk reporting,providing leadership with clear and actionable insights for decision-making.
- Collaborated with cross-functional teams to streamline the vendor onboarding process, reducing onboarding time by 20 per cent.
Languages
English
French
Timeline
GRC Consultant
End To End Computing
2022.02 - Current
GRC Risk Analyst
CROCS
2019.03 - 2021.12
Bachelor of Arts - Law (Pre-Law)
University of Yaounde
Similar Profiles
Mithra JaladiMithra Jaladi
Technical Program Manager II at Amazon Web Services - End User ComputingTechnical Program Manager II at Amazon Web Services - End User Computing
Michael L. PickettMichael L. Pickett
User Experience Researcher at End to End User ResearchUser Experience Researcher at End to End User Research
Pratyush GaikwadPratyush Gaikwad
Founder’s Office at Ziti - End To End Catering PlatformFounder’s Office at Ziti - End To End Catering Platform