Gana R Email and Phone Number

• Conduct third-party risk assessments including operational risk, financial risk, security risk, and legal risk for potential third-party agreements.• Identify security risks and exposures, determine the root causes, and recommend a plan of action to improve the security posture.• Prepare risk assessment reports to inform risk treatment decisions.• Track and monitor remediation and risk management activities to closure.• Develop and maintain third-party risk management program documentation and templates such as risk assessment processes, security questionnaires, security requirements in the vendor agreements, and assessment report templates.• Work closely with technology and legal partners and business units to ensure appropriate security and data protection requirements are incorporated into third-party engagements.• Maintain a current and comprehensive understanding of relevant industry standards to incorporate into the third-party risk management strategy, framework, and program.• Support integration and maturation of policy, compliance, and risk frameworks.• Generate technical and executive metrics for visibility and continuous improvement for the TPRM.• Response to day-to-day ServiceNow ticketing from the Global Security Risk Management to provide information security advice to ensure information risk management decisions. • Document and maintain procedures related to third-party risk management.• Contributes to creating and maintaining the library of information, policies, and standards based on ISO 27001 and other industry’s best practices.• Supports termination of vendors' contracts (end of life).

• Perform documentation support services.• Enhance cyber awareness with vendors and project teams.• Collaborating with vendors to gauge priorities and extract insights for strategic planning activities. • Helping vendors identify business process improvements and gathering requirements to achieve efficiency, and improved oversight.• Identifying key stakeholders and other necessary engagement plans for organizational activities.• Develop plans for engaging with and communicating with stakeholders. • Designing appropriate analysis for diagnostics and implementation, analyzing, and interpreting ambiguous and complex information and relationships• Proactively engaging with vendors to identify challenges, recommend solutions, and manage expectations.• Support integration and maturation of policy, compliance, and risk frameworks to support business operations of the organization.• Maintaining processes and documentation and supporting the implementation and communication of policy• Participates in meetings and provides input into operational plans to identify policy needs and implications.

▪ Create, review, and/or update required security policies, standards, and procedures.▪ Conduct categorization/scoping of new vendors/suppliers.▪ Perform third-party security risk assessments for all new vendors and reassessments for high-risk vendors.▪ Review vendor's VSQs/SIG response and supporting documentation to validate vendor-appropriate implementation of information security controls such as SOC2 type I, ISO, HIPPA, and HITRUST, and Scan reports to identify gaps or exceptions.▪ Create a Risk Assessment Report (RAR) including findings and recommendations.▪ Develop an innovative approach to resolve and manage risk-related issues to minimize business impact.▪ Review vendor contracts and ensure security concerns are addressed.▪ Run internal and external vulnerability assessment scans.▪ Perform continuous monitoring▪ Monitor, and track TPRM lifecycle activities (identity, due diligence, risk assessment contract negotiation, ongoing monitoring, and termination)▪ Monitor and oversee alerting systems/services for early warnings of outbreaks or attacks.▪ Collaborate with IT personnel to monitor and maintain approved security solutions.▪ Develop a risk treatment plan to ensure vulnerabilities are remediated satisfactorily within the milestone.▪ Research on vulnerability in OWAPs, NVD, and US-CERTS to develop remediation plans.▪ Conduct awareness and training using Proofpoint/KnowBe4▪ Perform Cloud assessment. ▪ Act as a liaison during audits (gather evidence, attend meetings, respond to related questions).▪ Support other cross-operational duties assigned to me.▪ Develop and design department-wide risk assessment questionnaires across various domains.▪ Evaluated IT compliance gaps and worked with management to recommend solutions to improve policies.▪ Develop and publish security GRC dashboards and reports for internal stakeholders.