 Conduct comprehensive security assessments of both new and existing vendors,meticulously evaluating their security posture and identifying potential risks orvulnerabilities. Lead risk-based analyses, effectively communicating identified risks to keystakeholders, organizing remediation plans, and diligently monitoring Third-Partyrisks until closure, ensuring the organization's security and compliance objectivesare met. Chair quarterly team meetings to enhance the effectiveness and efficiency of theThird-Party risk management program, fostering collaboration and continuousimprovement. Thoroughly investigate any issues or non-compliances discovered during securityassessments of new vendors, taking prompt action to address and mitigate potentialrisks. Develop and execute robust reassessment plans for critical existing vendors,ensuring ongoing compliance and adherence to established security standards. Ensure alignment between Third-Party privacy policies and the organization's privacystandards, including GDPR and CCPA, safeguarding the privacy and confidentiality ofsensitive information. Forge strong alliances with third-party stakeholders, aligning their objectives withthe information security processes through internal Service Level Agreements(SLAs). Demonstrate deep expertise in security frameworks, including NIST 800-53, ISO27001, and HITRUST, expertly leveraging these frameworks to assess and enhancevendor security practices. Meticulously collect and analyze security artifacts such as Attestation of Compliance(AOC), ISO certifications, and SOC Type I & II reports, to evaluate and validatevendors' security posture. Implement a robust risk-approach framework to systematically pre-screen, assess,and continually monitor vendor's residual risks, ensuring a proactive andcomprehensive risk management approach.

Developed and executed comprehensive security risk assessments for all third-partyvendors/suppliers, providing a robust evaluation of potential risks andvulnerabilities in alignment with industry best practices. Facilitated timely remediation of third-party related operational issues,demonstrating exceptional problem-solving skills and ensuring swift resolution tominimize any potential disruptions. Applied strong remediation analysis skills while collaborating with vendors toaddress findings identified during on-site/virtual assessments, effectively guidingthem through the remediation process and ensuring successful resolution ofsecurity concerns. Produced detailed assessment reports for business owners and the vendormanagement office, effectively communicating key risks and offering actionablerecommendations for improvement, enabling informed decision-making and drivingcontinuous enhancements to vendor security. Leveraged advanced e-GRC tools, such as RSA Archer, to securely and promptlycommunicate assessment findings, as well as deploy questionnaires to vendors,streamlining the assessment process and effectively tracking vendor progress onremediation initiatives.