Uloma Okechi Nwachukwu
Risk Analyst
MD
Summary
Experienced and results-oriented IT Third-Party Risk Analyst with over six years of expertise in vendor risk assessments and security control evaluations. Demonstrated success at Bank of America leading enterprise-level third-party risk management programs, strengthening regulatory compliance, and improving operational resilience. Adept at risk reporting, data analysis, and fostering collaboration among cross-functional stakeholders. Well-versed in industry standards and frameworks, including HITRUST, ISO 27001, NIST (800-53, 800-37, 800-137), PCI-DSS, SSAE 18 (SOC 1 & 2), SIG, and ITGC. Dedicated to implementing effective risk mitigation strategies that safeguard data integrity and ensure alignment with organizational and regulatory requirements.
Overview
6
6
years of professional experience
1
1
Certification
Work History
Risk Analyst/Assessor
Bank of America
, WA
01.2023 - Current
- Perform pre-assessment procedures by reviewing the Vendor Level Risk Assessment (VLRA), and generating the formal assessment package using internal tools such as the Assessment Artifact Creation Environment, TRAM (Third-Party Risk Assessment Management), and R-SAM. The package includes: the Current Questionnaire, Tool Inventory, Sample of Data Flow Diagram, Control Environment Overview, and the Service Provider Security Requirements Document (SPSRD).
- Send the assessment package to the Executive Vendor Manager (EVM), and schedule a Preliminary Meeting to review all materials using the internal assessment checklist. Upon completion, the EVM is responsible for sending the package to the vendor and initiating the request for a kick-off call to begin the formal assessment process.
- Lead kick-off meetings with vendor subject matter experts (SMEs), and internal stakeholders to align on assessment scope, deliverables, and timelines.
- Schedule and lead "checkpoint" calls with vendors to address and clarify open questions stemming from the completed assessment questionnaire, ensuring a thorough understanding of vendor control environments.
- Execute extensive third-party risk assessments upon obtaining completed assessment questionnaire from vendor, prioritizing examination of cybersecurity controls, vendors IT infrastructure, data protection measures, operational resilience, and compliance with regulations.
- Collaborate cross-functionally with teams from Legal, Compliance, Line of Business (LOB), Control Functions, Quality Assurance, Procurement, and Information Security to review documentation, validate assessment findings, track remediation progress, and ensure that timely and effective risk mitigation strategies are implemented.
- Provide completed assessments to Quality Assurance (QA) team for analysis, accompanied by validation discussion with Technical Manager to address any deviations from internal standards and risk thresholds
- Collaborated with Remediation Analyst to kick off remediation upon findings discovery. Led handover meeting to ensure thorough review and transition of remediation plan. Coordinated vendor engagement consistently throughout remediation for optimal outcomes.
- Draft a comprehensive assessment summary email report post-handover, detailing the number and nature of findings, remediation timelines, and risk impact. Submit the draft to the Technical Manager for review and approval, and, upon approval, publish the final report to all relevant internal stakeholders, including the EVM, Senior Manager, Line of Business, and Control Function teams.
- Maintain detailed and accurate documentation of all assessment activities to support internal and external audit requirements. Ensure all assessment artifacts, evidence, and related communications are securely stored in TRAM, the enterprise GRC repository, to establish a comprehensive and auditable record of third-party risk management.
- Finalize the assessment status by categorizing it as either 'Complete – No Findings' or 'Complete – In Remediation' when findings are identified, ensuring proper documentation and handoff for any required remediation actions.
Risk Analyst II
Centene Network Corporation
Clayton, CA
01.2019 - 12.2022
- Facilitate distribution of assessment questionnaires to vendors
- Facilitate various types of vendor assessments, involving Self-Assessment, Online Assessment, and virtual onsite risk analyses, contingent upon triage insights from vendor ASC score.
- Conducted extensive reviews of vendor IT infrastructures, focusing on vital areas like business continuity and disaster recovery plans, encryption standards, logging and monitoring protocols, physical security safeguards, system development lifecycle practices, IT operations management, access control systems, and incident response frameworks to assure comprehensive risk mitigation and alignment with organizational and regulatory standards.
- Review and analyze critical vendor-provided documentation, including SOC 2 Type II reports, penetration testing results, data flow diagrams, and other relevant security assessments. Evaluate vendor compliance against industry standards and regulatory frameworks such as ISO 27001, NIST Cybersecurity Framework, HIPAA (for healthcare-related vendors), PCI DSS (for payment data), and HITRUST, ensuring that the vendor’s controls align with organizational risk requirements, and sector-specific regulations.
- I have experience working with e-GRC tools such as RSA Archer and Quant Model to enhance third-party risk management processes. RSA Archer facilitates centralized risk data aggregation, automates workflow management, supports risk assessments, and tracks issues, enabling efficient monitoring and reporting of vendor risks throughout their lifecycle. The Quant Model complements this by providing quantitative risk analysis, modeling potential risk impacts to support data-driven decision-making, prioritize remediation efforts, and optimize risk mitigation strategies. Together, these tools improve visibility, governance, and compliance by integrating risk data, automating assessments, and delivering actionable insights to risk owners, and stakeholders.
- Provided comprehensive assessment reports to business owners and the Vendor Management Office, clearly communicating findings, risk levels, and recommended remediation actions to support informed decision-making and effective risk management.
- Proactively escalates third-party vendor non-compliance issues to the Vendor Management Office, ensuring timely awareness and coordinated resolution to mitigate potential risks.
- Serve as a peer reviewer for colleagues by thoroughly evaluating assessment findings to ensure accuracy, clarity, and completeness, while upholding principles of transparency, confidentiality, and accountability throughout the review process.
- Coordinate and facilitate virtual meetings with both internal and external stakeholders to discuss third-party risk management engagements, focusing on aligning assessment objectives with the organization’s defined risk appetite. These sessions promote collaborative dialogue to clarify expectations, address concerns, and ensure all parties understand the acceptable levels of risk, fostering a unified approach to managing vendor risks in accordance with business goals and compliance requirements.
- I have extensive experience working with a broad range of GRC (Governance, Risk, and Compliance) tools widely used in the Third-Party Risk Management (TPRM) industry, including RSA Archer, ProcessUnity, ServiceNow, BitSight, Prevalent, SIG Lite, and Core, as well as RiskRecon. This diverse toolset has enabled me to effectively manage vendor risk assessments, automate workflows, monitor third-party security postures, and streamline compliance reporting across complex vendor ecosystems.
- I have hands-on experience documenting detailed risk reports using GRC tools, ensuring accurate capture and communication of third-party risk findings. Additionally, I coordinate risk remediation efforts with vendors across various industries, facilitating collaboration between internal stakeholders and external partners to address vulnerabilities, track progress, and achieve timely resolution of identified risks in alignment with organizational risk management objectives.
Education
Bachelor of Science - Economics
University of Calabar, Calabar.
Cross River State, Nigeria07-2024
Skills
- Risk assessment
- Vendor management
- Data analysis
- Regulatory compliance
- Project management
- Third-party risk management
- Effective communication
- Operational risk
- Teamwork and collaboration
Affiliations
- Well-rounded and adaptable professional who values integrity, accountability, and continuous learning. Skilled in building strong relationships with stakeholders, mentoring peers, and contributing to a positive, security-conscious organizational culture. Balances technical expertise with effective communication, empathy, and a collaborative mindset—demonstrating a commitment to both personal and professional growth.
Accomplishments
- Recognized by my Technical Manager at Bank of America as a contract staff for consistently delivering high-quality third-party risk assessments ahead of deadlines, significantly contributing to improved vendor onboarding efficiency and compliance alignment.
- Exceeded annual assessment targets for three consecutive years by streamlining engagement processes and leveraging GRC tools for faster risk analysis and reporting.
- Appointed as Peer Reviewer and Risk Quality Champion, reviewing and validating the accuracy and completeness of colleague assessments, ensuring adherence to internal standards and regulatory expectations.
- Led cross-functional initiatives to enhance third-party risk awareness across lines of business, resulting in stronger internal controls and improved vendor collaboration.
- Trusted liaison for executive vendor managers (EVMs), frequently selected to lead high-priority assessments due to demonstrated expertise, professionalism, and communication skills.
Certification
- Certified Information System Auditor - An Isaca Certification - Certification Number - 252802355
References
References available upon request.
Timeline
Risk Analyst/Assessor
Bank of America
01.2023 - Current
Risk Analyst II
Centene Network Corporation
01.2019 - 12.2022
Bachelor of Science - Economics
University of Calabar, Calabar.
Similar Profiles
Nicholas ShakanNicholas Shakan
Vice President, Portfolio Manager at Bank of America Private BankVice President, Portfolio Manager at Bank of America Private Bank
Andrew LabanceAndrew Labance
Financial Analyst at NATIONS BANK/ BANK OF AMERICAFinancial Analyst at NATIONS BANK/ BANK OF AMERICA
AUSTIN MONREALAUSTIN MONREAL
Relationship Banker at Bank of AmericaRelationship Banker at Bank of America
Andre S. ElphicAndre S. Elphic
Financial Center Assistant Manager at Bank of AmericaFinancial Center Assistant Manager at Bank of America
Seth MillmanSeth Millman
Teacher | ELA, Journalism, AVID | Literacy at Theodore G. Davis Middle SchoolTeacher | ELA, Journalism, AVID | Literacy at Theodore G. Davis Middle School