Cyber Security Analyst(Third Party Risk Analyst)
Current• Conducted regular assessments of third-party vendors and their security controls to identify potential vulnerabilities or weaknesses in their systems.• Worked with vendors to ensure compliance with industry standards such as HIPAA, PCI-DSS, or ISO 27001.• Developed and executed risk-based approaches to assess and monitor third-party vendors, including continuous monitoring and reporting of risks and issues.• Conducted on-site assessments of third-party vendors' information security programs to ensure compliance with policies and procedures.• Developed and implemented third-party risk management metrics and reports to provide insight into vendor risk exposure and trends.• Maintained knowledge of industry standards and regulatory requirements to ensure compliance with vendor management practices.• Collaborated with internal teams such as Legal, Procurement, and Information Security to ensure appropriate risk management controls were in place.• Conducted due diligence assessments for mergers and acquisitions to assess third-party risks and compliance.• Reviewed and provided feedback on third-party vendor security questionnaires and security control attestations.• Provided recommendations for remediation actions to mitigate risks associated with third-party vendors.• Developed and implemented training programs for employees on vendor risk management practices and procedures.