Alem Tango
Upper Marlboro,MD
Summary
Experienced Governance, Risk, and Compliance professional specializing in Third-Party Risk Management, IT security frameworks, and regulatory compliance. Adept at evaluating vendor security, developing proactive risk strategies, and fostering collaboration across business units to support organizational goals. Strong communicator with in-depth knowledge of risk assessment methodologies and policy development. Possesses strong knowledge of industry regulations and compliance requirements, including PCI-DSS, SOC 1 & 2, ISO 27001, HIPAA, CMMC, and GDPR. Adept at adapting to changing environments and interacting effectively at all organizational levels.
Overview
7
7
years of professional experience
1
1
Certification
Work History
Third Party Risk Analyst
Walmart
04.2023 - Current
- Led comprehensive third-party evaluations to ensure vendor compliance with security and privacy standards.
- Coordinated with internal stakeholders to accurately assess vendor risk profiles and prioritize remediation efforts.
- Work with vendors oversight to ensure adequate scoping of vendors based on the level of data access and the business criticality.
- Develop and implement technical controls and assessment programs to evaluate internal risk postures, ensuring compliance and strengthening security frameworks.
- Analyzed vendor risk reports and delivered executive summaries to management, highlighting potential issues and recommending solutions.
- Review and analyze supporting documentations like SOC1, SOC2, ISO 27001 SOA, PCIDSS, ROC/AOC, SIG/CAIQ questionnaires of third parties/vendors and other evidence provided during risk assessment.
- Monitored ongoing vendor relationships for changes in risk status, initiating reassessments when necessary.
- Support End to End Procure to Pay Process for new and existing vendors, conduct ongoing monitoring, and vendor oversight, including periodic risk reassessments, and Ad Hoc reviews.
- Supported contract negotiations by providing risk analysis and compliance input during the vendor selection process.
- Collaborated with cross-functional teams to develop and implement effective risk mitigation strategies, resulting in 99% compliance with regulatory requirements.
- Document key third-party risks identified in a formal report, provide remediation guidance to business and escalate control gap findings as necessary to management.
- Utilized KPIs and KRIs to track vendor compliance with service level agreements (SLAs), identify early warning signs of potential business continuity issues.
- Developed tracking systems to measure vendor performance and ensure adherence to service level agreements.
- Maintained database of vendor risk management activities in the TPRM tool and shared drive.
IT Governance, Risk & Compliance Analyst
Kajeet Inc
09.2020 - 03.2023
- Authored and maintained IT security documentation, ensuring alignment with industry best practices and regulatory requirements.
- Developed and reviewed cybersecurity policies and procedures such as, Acceptable use, and Change management, Password use amongst others.
- Managed internal control reviews and worked with teams to address identified gaps.
- Participated in the rollout of enterprise-wide compliance training programs, increasing awareness of regulatory obligations.
- Served as a key member of the company's information security compliance program by supporting ongoing compliance activities and monitoring efforts across different regulations and GRC standards (ISO 27001, GDPR, PCI DSS, HIPAA).
- Developed and maintained reports and dashboards to track key compliance KPI and KRI metrics.
- Collected and analyzed audit evidence to facilitate successful internal and external audits.
- Collaborated with cybersecurity and legal teams to interpret emerging compliance mandates and adjust policies accordingly.
- Assisted audit teams by conducting risk assessments, evaluating controls, and mapping compliance processes, allowing a concentrated focus on high-risk areas while ensuring adherence to regulatory standards.
- Contributed to incident response planning and post-incident reviews to strengthen organizational resilience.
Third Party Risk Management Analyst
The Home Depot
03.2019 - 09.2020
- Oversaw the onboarding process for new vendors, ensuring completion of due diligence and risk assessment activities.
- Evaluated security documentation such as cybersecurity certifications and audit reports to verify third-party controls.
- Reviewed services provided by vendors and defined scope assessment based on SIG.
- Maintained records of risk assessments and decisions, supporting transparency and audit readiness.
- Ensured that proper documentation for new and existing third-party relationships was properly completed and retained, this includes SOC 2 reports, risk assessment forms, contracts, insurance documentation, etc.
- Reviewed and analyzed SOC1, and SOC2 reports of third parties/vendors and other evidence provided during risk assessment.
- Liaised between procurement, legal, and IT teams to align vendor management practices with organizational objectives.
- Conducted periodic reviews of vendor risk, updating risk ratings and reporting findings to leadership.
- Implemented process improvements to streamline third-party risk workflows and enhance data accuracy.
- Monitored information quality, management, and access for TPRM activities.
Education
Bachelor of Science - Computer Science
University of Yaoundé II
Cameroon09.2007
Skills
- Third-Party Risk Analysis
- Regulatory Compliance (PCI DSS, SOC, ISO 27001, HIPAA, GDPR)
- Vendor Due Diligence
- IT Policy Development
- Risk Assessment, Reporting & Mitigation
- Cross-Functional Collaboration
- Data Analysis and reporting
- Audit Preparation
- Communication and stakeholder management
- Workflow Optimization
Certification
- CompTIA Security+
- CISA (In Progress)
Technical Tools
- ServiceNow
- Archer
- BitSight
- Microsoft Office Suite
- Google Workspace
- Nessus
- SAP
- SIEM
Timeline
Third Party Risk Analyst
Walmart
04.2023 - Current
IT Governance, Risk & Compliance Analyst
Kajeet Inc
09.2020 - 03.2023
Third Party Risk Management Analyst
The Home Depot
03.2019 - 09.2020
Bachelor of Science - Computer Science
University of Yaoundé II