Summary
Overview
Work History
Education
Skills
Certification
Languages
Timeline
Generic

CHRIST NANF

Laurel,MD

Summary

Highly qualified Third-Party Vendor Risk Analyst and Cyber Security Professional with 7+ years of experience in Third-Party Risk Management, expertly optimizing TPRM processes, conducting comprehensive vendor security reviews, and implementing effective risk mitigation strategies. Knowledgeable in governance, risk, and controls implementation related to various industry standards and compliances for best security practices. Expert at creating and updating policies and procedures, as well as assisting during compliance audits. Committed to long-term risk management through strong internal protocols and team training, with a proven track record of ensuring regulatory compliance and developing solution-oriented risk management strategies.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Senior GRC (Governance Risk Compliance) ANALYST

Walmart Inc
08.2020 - Current
  • Reviewed, managed, and updated company policies, procedures, and controls implementation to ensure laws and regulations were up to date or respected
  • Stay up to date on changes in laws and regulations affecting the organization, maintaining user confidence and protecting operations by keeping information confidential
  • Ensured (ISMS) Information Security Management Systems manual was up to date
  • Ensured (SOA) Statement of Applicability was up to date
  • Identified and implemented process improvements in any changes
  • Built and maintained strong relationships with key stakeholders
  • Worked with other teams to ensure GRC (governance risk compliance) initiatives supported company goals
  • Conducted awareness training on employees on Risk Assessment related to any change
  • Performed risk assessments on a regular basis on all identified risks
  • Performed risk scoring rating to improve continuous monitoring using the Tool
  • Conducted audits every quarter to ensure internal controls were operating effectively
  • Conducted internal audits to mitigate risks and identify areas of improvement
  • Support and internal auditors to go through both Soc2 and Sox audits
  • Drive pre-audit preparation where work closely with control owners and engineers to gather evidence for controls
  • Examined, observed, and tested controls after changes occurred in preparation for the internal review/audit
  • Ensured monthly scans were performed by working with the vulnerability management team or (SOC) team
  • Ensured business continuity and disaster plan tests were conducted annually
  • Identify gaps and create a risk treatment plan to track the gap remediation process as well as provide recommendations
  • Ensured remediation of any exceptions/weaknesses/findings noted by the auditors before the audit ended and closed the findings
  • Made sure all post-audit identified weaknesses have a treatment plan and are being tracked in the risk register
  • Prepared company for yearly ISO 27001 compliance certification by updating policies, standards, and procedures annually
  • Continuously monitored and reported on the effectiveness of the GRC (government risk compliance) program
  • Managed and coordinated incident response activities to ensure timely resolution of security incidents and mitigate risks
  • Collaborated with vendor management teams to assess third-party risk and ensure vendor compliance with security and regulatory requirements
  • Collaborated with cross-functional teams to ensure adherence to industry standards and regulations.
  • Identified potential areas of vulnerability, working closely with stakeholders to address concerns proactively.
  • Contributed to the successful completion of internal audits, reinforcing a culture of the organization.

THIRD-PARTY VENDOR RISK ANALYST

Retail Business Services
12.2017 - 06.2020
  • Conduct due diligence on new vendors to check security, privacy, and compliance to ensure standards are met.
  • Facilitate the vendor on-boarding process with different organizational teams (business, procurement, legal, privacy).
  • Onboard RSA Archer Tool to conduct vendor assessments and onboard many other customers.
  • Conduct vendor risk assessments to ensure the security of third parties.
  • Support procurement in the due diligence process by designing, reviewing, and updating requests for proposal questionnaires.
  • Review completed standardized information questionnaires based on vendor inherent risk.
  • Review vendor's profile in the Tool and request for proposal results to develop inherent questionnaires.
  • Evaluate results to classify vendors into appropriate risk categories (critical, high, moderate, low).
  • Assist in classifying organization data to facilitate vendor scoping/tiering.
  • Coordinate with stakeholders to initiate scope and plan vendor assessments of new and existing vendors.
  • Review SIG questionnaire responses from vendors, including Pen Test reports, Vulnerability Scans, Audit reports, and Policies and Procedures documents.
  • Work with the procurement team to review vendor contracts to align with security and business requirements.
  • Review vendor policies and procedures to ensure compliance with regulatory requirements.
  • Interact with vendors to discuss appropriate plans of action and deadlines for all identified gaps.
  • Assist vendors in understanding security controls and evidence needed for the controls.
  • Assist in developing third-party related internal policies and procedures for the company.
  • Write reports detailing findings and communicate them to stakeholders, ensuring informed decision-making.
  • Diligently track and update the Risk Register regularly.
  • Monitor mitigation efforts and residual risk levels to ensure progress in reducing potential threats.
  • Develop information security training and awareness to maintain a security awareness program in the organization.
  • Conduct continuous monitoring processes using the Tool to ensure vendors' service level agreements (SLAs) performance.
  • Develop detailed Risk Assessment Reports on failures identified during vendor assessments and document Risk Acceptance, and Risk Exceptions memorandums.
  • Negotiate excellent contracts, saving the company money while maintaining top-quality standards.
  • Facilitate training sessions for new hires on vendor management best practices.

Education

Bachelor of Computer science -

University of Douala
01.2015

Proficiency in Microsoft Office Training -

01.2012

Skills

    Identifying and managing risks

    Understanding security policies and best practices

    Reviewing and complying with industry standards

    Assessing vendor risks and conducting due diligence

    Understanding compliance regulations

    Analyzing and mitigating risks

    Communicating and negotiating with vendors

    Third-Party Risk Management

    Compliance Auditing

    Training and Education

    Strong negotiation and communication skills

    Strong analytical and problem-solving skills

    Risk Assessment/Audit Report

    Assisting in contract review

    Leadership Skills

    Familiar with different Standards and Compliance (SOC, ISO 27001, PCI-DSS, HIPAA, HITRUST, NIST CSF)

    Vendor onboarding and offboarding

    Detail oriented and organized

    Teamwork/team player

    Proficiency in Microsoft Office Suite

    Fast learner

Certification

  • CompTIA Security+
  • CISA (Certified Information Security Auditor)
  • CRISC (Certified Risk and Information System Control) in progress

Languages

English
Native or Bilingual
French
Native or Bilingual
German
Elementary

Timeline

Senior GRC (Governance Risk Compliance) ANALYST

Walmart Inc
08.2020 - Current

THIRD-PARTY VENDOR RISK ANALYST

Retail Business Services
12.2017 - 06.2020

Bachelor of Computer science -

University of Douala

Proficiency in Microsoft Office Training -

Similar Profiles

CREATE PROFILE
CHRIST NANF