• Managed and enhanced the end-to-end vendor assessments, from initial evaluation to approval. • Conducted comprehensive assessments of vendor controls to ensure compliance and effectiveness, identifying any gaps. • Monitored and improved the organization’s cybersecurity rating through continuous assessments and risk mitigation strategies.• Managed Risk assessment timelines and ensured gaps that were identified have been remediated prior to launch of the application. • Oversaw the patching of vulnerabilities identified in penetration testing reports and managed the process effectively. • Collaborated with IT and security teams to address vulnerabilities identified through the rating platform, enhancing overall network security.• Evaluated vendor Data Protection Impact Assessments (DPIAs) and offered recommendations for enhancements.• Managed the organization's SOC 2 and ISO 27001 databases, ensuring that identified deviations were remediated and supporting evidence was uploaded.• Assessed an internal audit of employee access controls for LAO8 and LAO6 within the organization to ensure compliance

• Develop and maintain cooperative working relationships with internal and external stakeholders.• Lead engagements and worked independently as well as collaboratively in a team environment• Utilize Google Sheets for tracking project milestones, improving team communication and efficiency.• Identify risks and controls in business processes and develop appropriate test plans. • Support the Risk team in developing risk reports from the risk register to senior leadership.• Assist in the implementation of automated audit techniques, including data analytics, to enhance the audit process. • Identify and manage risks associated with investments, including operational, market, and credit risks.• Test the design and operating effectiveness of controls and compliance with laws, regulations, and policies according to SOX, PCI-DSS and FMLA. • Prepare and/or review detailed audit documentation from HR. Ensure employees’ leave of absence are in accordance with FMLA and ADA. • Identify and communicate control weaknesses of non-compliance and provide recommendations to improve the organization environment. • Perform continuous monitoring of assigned portfolio business units, special projects and/or high-risk areas of focus

Assist in the development and maintenance of business continuity plans, disaster recovery plans and procedures to ensure continued operation of critical business functions during disasters, emergencies, or other unexpected events. • Collaborate with internal departments and external stakeholders to identify and assess potential risks and ensure alignment with business continuity plans. • Coordinate all internal and external changes associated with products or services to assure legal compliance with regulatory guidelines. • Review all essential security policies and procedures and provides detailed reports of assessments to business owners and the vendor management office.• Work as a remediation analyst to ensure all gaps discovered during the assessment are remediated or mitigated timely, Including the creation and development of new alerts and rules within the various cyber security tools

• Reviewed and validated all controls to ensure data confidentiality.• Identifies risks associated with a Third Party vendor and track risks as necessary for future assessment.• Validated security questionnaires during onsite visits, to ensure up-to-date data protection on vendor site.

Performed assessment of IT general Controls (ITGC) such as Access Control, Change Management, IT operations, Disaster recovery and Job Scheduling• Developed audit plans and programs to evaluate control areas on projects such as financial statement audit, SOX testing, SAS 70/SSAE 18• Perform walk-through and detailed testing of controls to determine if controls are properly designed and operating effectively.• Create final audit reports, and oversee implementation of corrective action plans, while maintaining communication with all levels of management• Reviewed internal policies and procedures and existing laws, rules, and regulations to determine applicable compliance and the adequacy of underlying internal controls.• Performed IT general controls such as access control, change management, IT operations, disaster recovery and platform reviews.