Profiles search
Lola Amodu, BSc, MSc, CISA.
GRC | Third-Party Risk Analyst | Genius Policies, Standards and Procedures writer
Conroe, TX, United States
Details
Experience:
2022 : Present
Silicon Valley Bank
GRC/Information Security Analyst- Risk Reporting and Analytics
2022 : 2022
Billtrust
GRC/ Information Assurance
- Evaluate the risk involving third party vendors and internal systems/applications.
- Manage an automated, auditable, repeatable, and demonstrable program to coordinate information security risk to company information assets.
- Assess the risk of Company's third party vendors and internal applications/systems using structured interview processes, questionnaires, and review of security, compliance, and data protection documentation.
- Collaborate on the execution of our risk management methodology that informs management of risks across the globe.
- Employ excellent communication, networking, and risk management skills.
- Use working knowledge of privacy laws and other Frameworks such as the NIST- CSF as company is regulated globally.
- Conduct the IS risk assessment program assessments, remediation, and risk treatment processes.
- Analyze third party vendor and internal application/system controls, documentation, and settings to identify information security risks to company.
- Identify security issues and their potential impact on customer operations.
- Ensure potential information security and regulatory compliance risks (such as Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI-DSS), etc.) associated with systems and applications are examined thoroughly, documented, communicated, treated, and monitored.
- Collaborate with company's business sponsors, technology departments, and third parties to communicate requirements, initiate, conduct, and complete risk assessments in a timely manner.
- Interact and collaborate with key personnel in various departments.
- Develop and onboard IS risk assessment tools (OneTrust and ServiceNow), templates, and associated processes to provide transparent reporting on activities and portfolio management.
- Participate in policy exception program and contribute to policy and standards related to information security risk management.
- Review security contract language to align with information security policy.
2022 : 2022
Royal Caribbean Group
Third-Party Risk Assessment Analyst
• Effectively communicate and relate security, compliance, or governance-related concepts and controls across a variety of audiences including technical and non-technical audiences.
• Plan, coordinate and oversee security risk assessments for information systems and third parties.
• Coordinate and respond to new and existing customer requests for onsite audits. Complete security, compliance, or governance-related questionnaires. Engage cross-functional teams as necessary.
• Design and compose reports, assessments, and other documents to provide decision support on information security risks and controls for executives, system owners and management.
• Aid the team in assessing the likelihood and impact of adverse events and recommend effective controls and mitigations to management.
• Support the continuous improvement and implementation of Information Security Policies, Standards, Processes, and Procedures.
• Design, implement and manage control assessments to determine if cybersecurity controls are effective and in compliance with applicable requirements.
• Establish and implement effective security awareness practices across the System, including training, phishing, and communications.
• Effectively communicate and coordinate planning, preparation, execution, review and remediation phases of third party assessment activities
• Assist in defining, developing, and implementing third party risk assessment program processes in accordance with the defined risk appetite to meet our customers’ risk assessment programs.
2021 : 2022
Canary Harbour
Third Party Risk Assessment Analyst
• Take proactive security measures, assessing risks, and responding to security breaches
• Design and implement internal security controls to ensure 100% compliance with company security policies
• Provide monthly and quarterly reports to the Board and senior leaders on risks and threats posed to the company, including Information Security related issues and incidents.
• Conduct periodic gap analysis reviews of the internal Information Security program using industry standards e.g. ISO27001 and National Institute of Standards (NIST) Special Publications (800 Series), HIPAA, etc.
• Support onsite external and internal audits for designated systems.
• Report incidents within the time frame prescribed by DHS 4300 policy for incident response.
• Work closely with the System Owner, ISSM, and Engineers of assigned FISMA to meet security compliance.
• Monitor networks, databases, and computer systems and create a risk management plan for IT systems
• Research, test, and recommend new security software and devices
• Coordinate penetration tests to examine the effectiveness of current security systems
• Work hand in hand with the development team to ensure all customer facing applications
are well secured.
2019 : 2021
Proven System Solutions
Information System Security Officer
Silicon Valley Bank
GRC/Information Security Analyst- Risk Reporting and Analytics
2022 : 2022
Billtrust
GRC/ Information Assurance
- Evaluate the risk involving third party vendors and internal systems/applications.
- Manage an automated, auditable, repeatable, and demonstrable program to coordinate information security risk to company information assets.
- Assess the risk of Company's third party vendors and internal applications/systems using structured interview processes, questionnaires, and review of security, compliance, and data protection documentation.
- Collaborate on the execution of our risk management methodology that informs management of risks across the globe.
- Employ excellent communication, networking, and risk management skills.
- Use working knowledge of privacy laws and other Frameworks such as the NIST- CSF as company is regulated globally.
- Conduct the IS risk assessment program assessments, remediation, and risk treatment processes.
- Analyze third party vendor and internal application/system controls, documentation, and settings to identify information security risks to company.
- Identify security issues and their potential impact on customer operations.
- Ensure potential information security and regulatory compliance risks (such as Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI-DSS), etc.) associated with systems and applications are examined thoroughly, documented, communicated, treated, and monitored.
- Collaborate with company's business sponsors, technology departments, and third parties to communicate requirements, initiate, conduct, and complete risk assessments in a timely manner.
- Interact and collaborate with key personnel in various departments.
- Develop and onboard IS risk assessment tools (OneTrust and ServiceNow), templates, and associated processes to provide transparent reporting on activities and portfolio management.
- Participate in policy exception program and contribute to policy and standards related to information security risk management.
- Review security contract language to align with information security policy.
2022 : 2022
Royal Caribbean Group
Third-Party Risk Assessment Analyst
• Effectively communicate and relate security, compliance, or governance-related concepts and controls across a variety of audiences including technical and non-technical audiences.
• Plan, coordinate and oversee security risk assessments for information systems and third parties.
• Coordinate and respond to new and existing customer requests for onsite audits. Complete security, compliance, or governance-related questionnaires. Engage cross-functional teams as necessary.
• Design and compose reports, assessments, and other documents to provide decision support on information security risks and controls for executives, system owners and management.
• Aid the team in assessing the likelihood and impact of adverse events and recommend effective controls and mitigations to management.
• Support the continuous improvement and implementation of Information Security Policies, Standards, Processes, and Procedures.
• Design, implement and manage control assessments to determine if cybersecurity controls are effective and in compliance with applicable requirements.
• Establish and implement effective security awareness practices across the System, including training, phishing, and communications.
• Effectively communicate and coordinate planning, preparation, execution, review and remediation phases of third party assessment activities
• Assist in defining, developing, and implementing third party risk assessment program processes in accordance with the defined risk appetite to meet our customers’ risk assessment programs.
2021 : 2022
Canary Harbour
Third Party Risk Assessment Analyst
• Take proactive security measures, assessing risks, and responding to security breaches
• Design and implement internal security controls to ensure 100% compliance with company security policies
• Provide monthly and quarterly reports to the Board and senior leaders on risks and threats posed to the company, including Information Security related issues and incidents.
• Conduct periodic gap analysis reviews of the internal Information Security program using industry standards e.g. ISO27001 and National Institute of Standards (NIST) Special Publications (800 Series), HIPAA, etc.
• Support onsite external and internal audits for designated systems.
• Report incidents within the time frame prescribed by DHS 4300 policy for incident response.
• Work closely with the System Owner, ISSM, and Engineers of assigned FISMA to meet security compliance.
• Monitor networks, databases, and computer systems and create a risk management plan for IT systems
• Research, test, and recommend new security software and devices
• Coordinate penetration tests to examine the effectiveness of current security systems
• Work hand in hand with the development team to ensure all customer facing applications
are well secured.
2019 : 2021
Proven System Solutions
Information System Security Officer
Company:
Silicon Valley Bank
About
Proactive and analytical Third- Party Security Risk Assessment Analyst with experience as an information systems security officer (ISSO), Vulnerability Management Analyst and Security Controls Assessor. Skillful and proficient in Security Assessment and Authorization, Security Assessment Reports creation and reviews, POA&Ms (ATO process), Security Policies, Procedures and Guidelines creation utilizing NIST publications, PCI-DSS, HIPAA, SRA, ISO 27001, SANS Framework, FedRAMP, FISMA, and IT system Audits and compliance. Able to effectively communicate status reports, findings, recommendations and strategies vertically and horizontally across any organization. Seeking opportunities to grow as an information systems expert while delivering best in class Information Security.
Profile Photo
