Developing and performing policy assurance activities for TPRM Policy and Third-Party RiskAssessment Methodology. Perform third-party risk and control assessments, including documentation of process, risk, andinformation using RSA Archer and Jira that includes vulnerability management, network security,physical security, identity & access management, encryption, data loss prevention, securedevelopment, incident response, and change management. Manage third-party issues throughout the issue life cycle (issue identification through closure). Ensure third-party relationships adhere to the company's policies and are compliant withregulatory guidelines and industry best practices. Perform ongoing monitoring activities of enterprise critical third parties using BitSight andSecurity Scorecard. Work as a remediation analyst to ensure all gaps discovered during the assessment are remediatedor mitigated timely. Work as vendor oversight to ensure adequate tiering of our vendors based on the level of data, todetermine the appropriate assessment that is needed. Perform onsite visits to validate the security questionnaires filled out by the vendors to ensure theprotection of data at the vendor sites.Design and constantly upgrade suppliers’ questionnaires to ensure all areas of new threatsignatures discovered are covered. Manage due diligence required for onboarding and recertification of risks and ongoing monitoringof assigned third-party relationships. Monitor and assist with exit strategies and contingency plans for third parties.

Perform risk assessment within Enterprise Supply Chain that includes associated risks (coveringtechnology, privacy security, resiliency, and other operational risks) that the organization andsuppliers (vendors) may face in accordance with the Company’s established guidelines. Evaluate and analyze supplier controls from both a design and operating efficiency perspective andraise findings with management actions to remediate identified control gaps.Handle private, sensitive, and confidential information appropriately for both internal and externalbusiness partners. Support ESC efforts to mitigate Third-party risks in areas such as information risk, technology risk,and fourth-party risk, etc. Provide monthly and quarterly reports on the status of ongoing supplier risk assessment.Work with a team of Assessors and Findings Analysts while reporting to the Supplier Risk Managerwithin the ESC organization. Develop and implement the methodology for collecting, assessing, and validating evidenceprovided by Suppliers pursuant to ESC's established timetable. Assess risks and exceptions related to the overall management of suppliers.Identify those engagements that create the most potential risk to the company and makerecommendations to mitigate that risk. Work with business partners and suppliers to provide top-notch customer support and completerisk assessments in line with ESC established periods. Coordinate peer reviews and lead communication to all levels of the organization for an accurateassessment equally initiate power to negotiate open options and drive the completion of supplierrisk assessments to meet timelines.

Performed assessment of IT General Controls (ITGC) such as Access Control, Change Management,IT operations, Disaster recovery, and Job Scheduling. Performed annual risk assessment of critical systems and infrastructure to identify threats andvulnerabilities and put in place appropriate controls based on generally accepted frameworks andstandards Prepare the Client for Audit Readiness Assessment. Assisted management in identifying gaps between policy and process, developingrecommendations to remediate control weaknesses, and responsible for developing andmaintaining IT control metrics related to compliance activities. Strong background in all stages ofthe auditing process, including planning, fieldwork/execution /risk assessment, reporting, andfollow-up. Developed audit plans and programs to evaluate control areas on projects such as financialstatement audit, SOX testing, SAS 70/SSAE 18. Conducted Sarbanes Oxley (SOX) testing in all the IT General Controls within the audit scope, to testthe design and operating effectiveness of the control environment. Performed walk-through and detailed testing of controls to determine if controls are properlydesigned and operating effectively. Created final audit reports, and oversee implementation of corrective action plans, whilemaintaining communication with all levels of management Excellent organizational skills and the ability to prioritize multiple tasks, projects, and assignments. Performed IT general controls such as access control, change management, IT operations, anddisaster recovery. Participated in all phases of IT Audit – Planning, Fieldwork and Follow up using the applicableframework. Documented control weaknesses related to testing exceptions and assisted in preparing draft auditreports to communicate findings and recommendations to senior management.