Summary
Overview
Work History
Education
Certification
Work Availability
Quote
Skills
Timeline
Generic

Sunday Mark

Jessup,MD

Summary

Result-Driven IT Third-Party Risk Analyst professional with more than 6 years of experience in performing IT Audit, Vendor/third-Party Risk assessments, and Security Control Assessment with in-depth knowledge of Sarbanes-Oxley Act (SOX), Application Controls (ITGC,) SAS70/SSAE18 attestation. Security Control assessment with deep knowledge of HITRUST, Standardized Information Gathering (SIG) ISO 270001, SSAE 18 (SOC 1, SOC 2), PCI-DSS, NIST 800-53, NIST 800-37, NIST 800 -137, PCI-DSS to achieve Confidentiality, Integrity, Availability of Information Systems.

Overview

8
8
years of professional experience
1
1
Certification

Work History

Snr Third Party Risk Analyst & Assessor

TD Bank
01.2018 - Current
  • Developed short-term goals and long-term strategic plans to improve risk control and mitigation.
  • Plan and conducts security risk assessments for all third-party vendors/suppliers.
    Provides detailed assessment reports to business owners and the vendor management office.
  • Work as a remediation analyst to ensure all gaps discovered during the assessment are remediated or mitigated timely.
  • Experience with e-GRC tools such as ProcessUnity, RSA Archer, and prevalent to ensure secured and prompt communication of findings and deployments of questionnaires to the vendor and to track vendor progress on remediation.
  • Conduct in-depth risk-based security assessments of housed cloud vendors and third-party hosted environments.
  • Assessment focus included risk management, physical security, identity & access management, encryption, data loss prevention, secure development, incident management, security infrastructure, and security policy.
  • Work as vendor oversight to ensure adequate tier-in of our vendors based on the level of data they have access to.
  • Escalate issues of 3rd party vendor's non-compliance to the vendor risk management office (VMO).
  • Perform continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure the protection of data at the vendor sites.
  • Facilitate remediation for any third parties related operational issues as needed.
  • Assesses operational fitness of assigned third parties through due diligence reviews.
  • Conduct onsite and virtual risk assessments to determine the continuous control effectiveness.
  • Design and constantly upgrade suppliers' questionnaires to ensure all areas of new threat signatures discovered are covered.
  • Develop methodology of risk ranking vendors and streamlined level of effort for each assessment.
  • Administered questionnaires to all vendors.
  • Ensure third-party relationships adhere to the company's policies, and procedures and are compliant with regulatory guidelines and industry best practices.
  • Reviewed corrective action plan (cap; validates remediation control and follow-up on the remediation process.
  • Evaluate and monitors procedures and internal controls as related to physical security over data centers and computer operations, network communications, and database management.
  • Reviewed violations of computer security procedures and developed mitigation plans.
  • Analyzed portfolios and identified risk factors, facilitating reduction of delinquencies on new volumes and recommending risk-averse underwriting strategies.
  • Promoted enterprise-level risk management practices and helped instill strong culture focused on protective policies and procedures.
  • Instituted contingency plans, ensuring business continuity through cross-training, documentation, and data backups.
  • Encouraged stakeholders to approach assessments analytically and offer unique insights to bring new understanding to risk management programs.

Third Party Risk Analyst

Navy Federal Credit Union
01.2016 - 12.2017
  • Administer assessment questionnaires to our vendors.
  • Perform continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure the protection of data at the vendor sites.
  • Plan and execute onsite security/risk assessments for third-party vendors based on agreed-upon procedure guidelines.
  • Review key vendor-provided documentation such as SSAE 18 SOC 2 Type-II report.
  • Worked with e-GRC tools such as ProcessUnity, RSA Archer, and ServiceNow to ensure secured and prompt communication of findings and deployments of questionnaires to the vendor and to track vendor progress on remediation.
  • Provided detailed reports of assessments to business owners and the vendor management office.
  • Act as remediation analyst to work with vendors in remediating findings discovered during the onsite/virtual assessment.
  • Assess areas such as business continuity and disaster recovery, physical security, system development, operation, access control, incident management.
  • Escalates issues of 3rd party vendor's non-compliance to the vendor management office.
  • Perform Data loss prevention assessment of our data at the vendor site.
  • Carry out various types of vendor assessments such as virtual/ onsite risk assessments for our vendors depending on triage information from the vendor management office.
  • Act as a peer-to-peer review for another colleague to ensure all findings are accurate and well defined.
  • Validates all controls at the vendor site to ensure their confidentiality, integrity, and availability of our data in their custody.
  • Working with the vendors to ensure risks discovered are remediated within the time frame as stipulated.
  • Promoted enterprise-level risk management practices and helped instill strong culture focused on protective policies and procedures.
  • Developed short-term goals and long-term strategic plans to improve risk control and mitigation.

IT Audit

Siemens Technology And Services Private
08.2014 - 12.2015
  • Performed assessment of IT General Controls (ITGC) such as Access Control, Change Management, IT operations, Disaster recovery, and Job Scheduling.
  • Assisted IT management in identifying gaps between policy and process, developing recommendations to remediate control weaknesses, and responsible for developing and maintaining IT control metrics related to compliance activities.
  • Prepared working papers, reports, and supporting documentation for audit findings.
  • Documented control weaknesses related to testing exceptions and assisted in preparing draft audit reports to communicate findings and recommendations to senior management.
  • Reviewed internal policies and procedures and existing laws, rules, and regulations to determine applicable compliance and the adequacy of underlying internal controls
  • Conducted Sarbanes Oxley (SOX) testing in all the IT General Controls within the Audit scope, to test their strength, effectiveness, and also weaknesses in
    their control environment.
  • Developed audit plans and programs to evaluate control areas on projects such as financial statement
  • Assisted IT management in identifying gaps between policy and process, developing recommendations to remediate control weaknesses, and responsible for developing and maintaining IT control metrics related to compliance activities.
  • Strong background in all stages of the Auditing process, including planning, fieldwork/execution /risk assessment, reporting, and follow-up.
  • Performed walk-through and detailed testing of controls to determine if controls are properly designed and operating effectively
  • Performed internal and external IT risk assessments, conducts gap analysis against industry standards, and provides recommendations on mitigating options.
  • Developed audit plans and programs to evaluate control areas on projects such as financial statement
  • Identified control gaps in processes, procedures, and systems through in-depth research and assessment and suggested methods for improvement.
  • Established internal control systems by updating audit program.

Education

Bachelor of Arts - Business Administration

Benue State University
Makurdi, Nigeria.
07.2005

Certification

  • CISA - Certified Information System Auditor
  • Certified IT Auditor, ISACA - Mar 2022 — Jan 2026


Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Quote

There is a powerful driving force inside every human being that, once unleashed, can make any vision, dream, or desire a reality.
Tony Robbins

Skills

  • Company risk management
  • Risk advisory
  • Risk Assessments
  • Risk rating reports
  • Reviewing risk exposure
  • Risk management
  • Risk mitigation strategies

Timeline

Snr Third Party Risk Analyst & Assessor

TD Bank
01.2018 - Current

Third Party Risk Analyst

Navy Federal Credit Union
01.2016 - 12.2017

IT Audit

Siemens Technology And Services Private
08.2014 - 12.2015

Bachelor of Arts - Business Administration

Benue State University

Similar Profiles

  • Samiul Shaown

    Samiul ShaownSamiul Shaown

    Product Operations Lead at TD Insurance, TD BANK GROUPProduct Operations Lead at TD Insurance, TD BANK GROUP

  • Abhilash Nyati

    Abhilash NyatiAbhilash Nyati

    Personal Banker at TD Bank Group - TD Canada TrustPersonal Banker at TD Bank Group - TD Canada Trust

  • Ashley Widerman

    Ashley WidermanAshley Widerman

    Team Manager II at TD Auto Finance, TD Bank NATeam Manager II at TD Auto Finance, TD Bank NA

  • Vedansh Vyas

    Vedansh VyasVedansh Vyas

    Personal Banking Associate at TD Canada Trust (TD Bank)Personal Banking Associate at TD Canada Trust (TD Bank)

  • Aaron Burrow

    Aaron BurrowAaron Burrow

    Human Resources Intern at North American Division Of Seventh-day AdventistsHuman Resources Intern at North American Division Of Seventh-day Adventists

CREATE PROFILE
Sunday Mark