Senior Consultant
London, Gb
⢠Designed, implemented, and executed information security third-party risk management (TPRM) programs in alignment with industry standard governance frameworks (i.e. ISO 27001, NIST, and COBIT5) to provide clients a risk-based approach to manage regulatory and contractual requirements related to vendor access of their sensitive data.⢠Consulted global organizations on satisfying General Data Protection Regulation (GDPR) requirements by engaging stakeholders across enterprise business lines to define business requirements and develop a TPRM governance and operating model, third-party inventory, and risk assessment methodology.⢠Led onsite and remote vendor risk assessments to identify, analyze, and report information security findings to senior client leadership. Produced assessments are leveraged by client leadership to gain assurance of their vendorsā information security posture and drive remediation actions of non-compliant vendors.⢠Managed local and international project teams by functioning as primary liaison between the client, vendor and risk assessor. Strong project management, communication, and coaching skills via engagement planning/economics activities (e.g. resource scheduling, budgeting, and invoicing), organization of ongoing stakeholder meetings, and providing effective technical/operational guidance to junior staff has ensured the successful delivery of hundreds of assessments annually.