Lead Third Party Information Security Professional Specialist
Performed Third Party Information Security Assessment (TPISA) quality assurance reviews against Global Citi Information Security standards and the TPISA Quality Assurance (QA) framework, i.e. Security Policies, Identification & Authorization, Confidentiality & Integrity, Incident Detection & Response, Administration, Training & Awareness, Infrastructure and Core Process Platforms, Software Development & System Security Testing, Business Continuity Management, Physical Security, Third Party/Sub-contractors, Legal & Compliance, Electronic Transportable Media Security, Couriers, Internet Web Hosting, etc. Reviewed and identified gaps / inconsistencies in third party risk assessments and provide recommendations to achieve overall risk management quality and completeness.
- Reviewed all TPISA documentation and performed gap analysis against Citi Standards. Conducted mapping of procedures / processes to internal policies. Created and maintained procedures relating to QA of SSAE 16 SOC 2 audit reports, Shared Assessments Program (SIG), Information Security Domains, etc.
- Managed projects with the TPISA Global Team to improve the overall quality and completeness of the Third Party Assessment Questionnaire (TPAQ) documentation and guidelines. Analyzed data and processes in order to determine root causes of problems/deficiencies and suggest solutions. Identify the perceived versus real problems or risks and communicate proposed solution or options for correction and prevention to management/stakeholders.
- Established a QA training program and mentored/evaluated the work of new QA Reviewers. Managed and assigned TPISA reviews to QA Team. Participated in initiatives to enhance the TPISA process, promote knowledge sharing and proliferation of best practices.
- Act as subject matter expert (SME) in areas of responsibility to address challenges, propose solutions and interface with global audience composed of business partners, Information Security Officers (ISOs), Internal Audit and other global operations personnel.
- Analyzed IS Audit issues related to TPISA or Third Party risk and proposed solutions for the program to implement and eliminate future findings. Also, mentored peers on how to perform the same process. Participated in TPISA program regulatory audits.
- Executed third party IS assessments to determine the maturity, effectiveness, weaknesses and risks of vendor Information Security policies, practices and controls.