Elizabeth. G Email and Phone Number

-Ensured timely execution of the TPRM program, including completion of risk assessments (Inherent and Residual Risk) for new and existing third-party suppliers, in compliance with policy, framework, and program documents. This includes overseeing challenge/due diligence tasks and providing guidance to business units and corporate stakeholders.-Conducted third-party vendor risk assessments for over 600 vendors, including sub processors and critical vendors from various industries such as software, tax, consulting, marketing and hardware.- Designed and enhanced the vendor risk management program through software procurement(Whistic/Vanta/OneTrust), process implementation and policy drafting to achieve industry frameworkcompliance (NIST 800-53, ISO, Fedramp).- Worked with engineers to create software configurations that streamlined the TPRM process from procurement to onboarding.-Conducted firm-wide security framework gap analysis for the VRM Program and oversaw the implementation and maintenance of security controls in accordance with ISO 27001, NIST 800- 53, and SOC Type 2.-Designed and executed vendor audits to assess compliance with contractual obligations and regulatory standards, resulting in an improvement in compliance across key suppliers.- Developed and delivered training programs on third-party risk management to over 1000 employees, enhancing organizational awareness and capability in managing external risks.-Lead monthly meetings with departmental leads to present risk reports to management, highlighting key risk exposures and recommending vendor mitigation strategies.- Collaborate with procurement, legal, and business units to integrate risk management practices into the vendor lifecycle process and to make constant improvements to the vendor procurement and onboarding process.-Managed multiple quarterly initiatives to make process improvements to the VRM program.

- Reported on assessment outcomes, risk level and associated recommendations to the stakeholders to determine remediation plan.- Conducted IT Risk assessments and log all findings to monitor and coordinate with respective owners/source teams for remediation. - Defined appropriate risk levels and corrective actions. - Performed control break Analysis and root cause analysis of identified findings.- Updated information security plans for scope system, application, vendor solution, vulnerability, compliance with policies, standard and technical security baseline and ensuring action plans are initiated to mitigate defined risk. - Participated in the development of the analysis of product defect data and map it with corresponding actionplans to reduce defects.- Developed and execute daily, weekly and monthly action plans that increase quality, inventory accuracy and service. - Responsible for evaluating threats, Assessing Risks and developing risk management strategies. - Provided open, trusted and reliable partnership with internal and external stakeholders, by supporting, advising and enabling successful accomplishment of business operations and initiatives.- Participated in driving security change and improvement by engaging leadership and associates and by providing the relevant and useful security knowledge and awareness.

-Conducted firmwide security framework gap analysis and oversaw the implementation and maintenance of security controls in accordance with ISO 27001, NIST 800- 53, and SOC Type 2.- Engaged with external auditors and coordinating audit initiatives (SOC 2, ISO) by leading and directing audit calls; and gathering and reviewing evidence for the audits.- Conducted third-party vendor risk assessments for over 200 subprocessors and critical vendors. Also designed and enhanced the vendor risk management program through software configurations, process implementation and policy drafting.- Developed ISO 27001 and NIST 800-based policies and standards; and managing the security policy and standard annual review by communicating with various departmental leads and internal stakeholders to maintain ISO 27001 compliance.- Lead monthly meetings with departmental leads to present the status of ongoing security compliance program activities and our readiness for upcoming internal and external audits.- Worked with various teams to design and conduct Firmwide security awareness training regarding Data privacy, email phishing techniques, access control, etc.- Review contracts for data privacy requirements (GDPR, CCPA) and security language.