Professional Documents
Culture Documents
HENRY
GYAMBIBY
PROFESSIONAL SUMMARY
Location: Alexandria, VA. Clearance: Public Trust SUMMERY Highly organized third-party risk management analyst with
four years' experience in assessing IT vendors' security posture to ensure they stay compliant and take new vendors
through the due diligence process to determine the inherent and residual risks that vendors will bring to the organization
for the engagement. Adept in NIST 800-series, ISO 27001, and PCI DSS frameworks. Experienced in using RSA Archer,
ServiceNow, and eMASS GRC tools. 2 years' experience in technical support, end-user troubleshooting, hardware, and
software installation and configuration. Expert in executing tasks efficiently in a fast-paced environment and an effective
time manager. RELEVANT SKILLSISO 27001 PCI DSS NIST – 800/53 RSA Archer eMASS Office 365 Gap analysis Active
Directory ServiceNow Leadership Time management End-User tech. support Research Microsoft Excel Third-party vendor
management Seasoned Risk Analyst with [Number] years of comprehensive experience identifying and analyzing areas of
potential risk threatening success of investment and commerical banks. Methodical and meticulous professional polished
in projecting potential losses and making recommendations to limit risk through diversification and currency exchanges.
Excellent quantitative and critical thinking abilities paired with basic knowledge of SQL and Python. Knowledgeable Risk
Manager equipped with strategic planning and program leadership abilities honed in [Type] industry environments.
Establishes strong and successful policies to mitigate risk at each level and establish clear procedures for assessments,
prevention and containment. Familiar with regulatory requirements to maintain strict controls. Results-driven [Job Title]
bringing proven skills in administering [Type] risk management programs. Effective in training team members to
proactively identify and highlight potential risks. Dedicated to long-term risk management by building strong internal
Livecareer.com
protocols andand our partners
instilling use
culture of cookies. These
responsibility cookies only collect personal data when you opt in to build a resume
and attentiveness. and cover letter. Learn more ✖
SKILLS
WORK HISTORY
Third-Party Risk Management & Compliance Analyst | Progressive Leasing - Spring Valley , CA 09/2018 - Current
Analyzes vendor engagement by requesting the business unit (Business Requester) to complete the initial vendor
information gathering document
Identifies and uses risk drivers to determine the overall potential inherent risk of the engagement
Establishes the inherent risks for an engagement and initiates vendor information security questionnaire
Reviews vendor's information security questionnaire responses, independent auditors' reports, all security artifacts
requested or provided by the vendor.
Performs gap analysis of vendors' information security posture, using the security questionnaire responses and
independent auditors' reports on the vendor's information security posture
Completes and submits risk assessment reports to management in an understandable manner for review and risk
decision-making
Effectively work with business-side users and vendors' POCs to resolve issues identified in the assessment process.
Provides support for evaluating vendor security practices, including reviewing security assessment questionnaires
(SAQ) and attestations/bridge reports that substantiate vendor responses to findings
Performs tracking and monitoring of the state of each due diligence review and communicates with the Relationship
Manager (RM) to obtain missing artifacts promptly to facilitate the due diligence process
Escalate issues of non-compliance to management for action and management risk decisions.
Information Assurance Analyst (Security Controls Assessor) | AbleVets LLC - City , STATE 01/2016 - 09/2018
Reviewed security operations procedures to understand the company's security posture
Developed a plan to assess security controls detailing the security assessment objective
(SAP)
Reviewed and approved the SAP if it detailed assessment procedure, scope, and roadmap according to NIST 800-
53A
Assessed security controls per the security assessment procedure defined in the SAP
Attended meetings with ISSO and systems owners to present an overview of the SAP
Reviewed network scan reports and conducted gap analysis to identify security vulnerabilities
Prepared SAR (Security assessment report) and made recommendations on identified issues from the security
controls assessment
Supported the remediation actions on security control based on the findings and recommendations in the security
assessment report
Re-assessed remediated controls and obtained or generated proof of functionality of the controls.
EDUCATION
CERTIFICATIONS
CompTIA CASP+ CE CompTIA Sec+ CE Certified Information System Auditor (CISA) In Progress
DISCLAIMER
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions.
As such, it is not owned by us, and it is the user who retains ownership over such content.
88
Good
! Word choice ! Measurable results
Resume Strength
Resume Overview
School Attended
Stratford University
University of Cape Coast
THIRD PARTY RISK MANA… Third Party Risk Manage… Third Party Risk Manage…
THIRD- Third- Third-
Deloitte Deloitte Deloitte
PARTY- Party- Party-
RISK- Rosslyn , MI Risk- Arlington , UT Risk- Rosslyn , NY
MANAG Manage Manage
ANALYS A l t A l t
About Help & Support Languages Customer Service
About Us Work Here EN DE customerservice@livecareer.com
Privacy Policy Contact Us UK NL 800-652-8430 Mon- Fri 8am - 8pm CST
Terms of Use FAQs ES PT Sat 8am - 5pm CST, Sun 10am - 6pm CST
Sitemap Accessibility FR PL
Stay in touch with us
IT
PDFmyURL.com - convert URLs, web pages or even full websites to PDF online. Easy API for developers!