Nov 2023 – Nov 2024 · 1 yr · Remote

• As a Third-Party Risk Specialist at Silicon Valley Bank through Vaco, I conducted thorough risk assessments, identifying and mitigating security and compliance risks with high-risk vendors. I collaborated across teams to ensure contracts met security requirements and developed actionable mitigation strategies. I also reported regularly to leadership, enhancing the overall third-party risk management framework.

Jul 2022 – Sep 2023 · 1 yr 2 mos · California, United States · Remote

• As a Third-Party Security Analyst Consultant at Ripple through Eastridge, I conducted thorough security assessments of vendors, identifying and mitigating potential vulnerabilities. I facilitated incident response and remediation efforts, ensuring timely risk mitigation. Additionally, I collaborated with internal teams to integrate security controls into vendor contracts, enhancing Ripple’s overall third-party security posture.

May 2020 – May 2022 · 2 yrs · United States · Remote

• At Confluent, I led third-party onboarding security reviews, ensuring vendors met minimum security standards. Collaborated with the application security team to secure third-party integrations for data confidentiality, integrity, and availability. Managed annual reassessments, archived security artifacts in OneTrust and Ironclad, and responded to security inquiries. Worked with federal entities on NIST-800-171 and CMMC assessments.

Nov 2019 – Apr 2020 · 5 mos · Remote

• As a TPRM Security Analyst Consultant for Artech working for Deloitte, I developed and implemented third-party risk management frameworks, conducting security assessments to identify vulnerabilities and recommend mitigation strategies. I collaborated with legal, procurement, and IT teams to integrate security requirements into vendor contracts and provided detailed reports to leadership to support data protection and compliance.

Jun 2017 – Sep 2019 · 2 yrs 3 mos · Kansas City, Missouri Area · On-site

• As an IT Compliance & Security Analyst at Polsinelli, I coordinated vendor risk assessments, ensuring compliance with security controls using tools like OneTrust and ProcessUnity. I ensured adherence to ISO 27001, HIPAA, GDPR, and CCPA regulations, facilitated audits, and responded to vendor questionnaires. I also led security risk assessments and disaster recovery drills and supported business continuity planning and remote work transitions.

Feb 2017 – Feb 2023 · 6 yrs · Knoxville, Iowa, United States

Feb 2017 – Jun 2017 · 4 mos · Kansas City, Kansas · On-site

• As a Third-Party Risk Program Manager at Sprint/T-Mobile, I developed a comprehensive risk assessment framework for vendor evaluations based on NYDFS-500-11. I categorized vendors, analyzed key risk documentation like SOC 2 and BCP/DR reports, and tracked vendor deficiencies. Additionally, I created questionnaires for third parties and wrote Vendor Risk Assessment Reports, helping mitigate potential risks and ensuring compliance.

Jan 2016 – Jan 2017 · 1 yr · Des Moines, Iowa Area · On-site

• At Venerable Annuity, I conducted comprehensive vendor risk assessments focusing on information security and privacy, reviewing SOC 2 Type II reports, BCP/DR, and data security compliance. I collaborated with internal teams to develop and execute risk mitigation plans and assessed vendor maturity levels. I also mapped control standards to the VRA questionnaire, ensuring vendors met compliance and security requirements.

Dec 2013 – Oct 2015 · 1 yr 10 mos · Washington D.C. Metro Area

• As a Security Vulnerability Analyst supporting the US Department of Commerce, I led incident response
• assessments, using NIST SP 800-61, and performed on-site vulnerability testing with Nessus. I managed
• PCI-DSS assessments identified vulnerabilities, and collaborated with system owners on remediation
• efforts, ensuring compliance. Additionally, I created Security Assessment Reports (SAR) and tracked
• findings through POAMs for resolution.

Dec 2012 – Oct 2013 · 10 mos · Washington D.C. Metro Area · On-site

• At Linac Health Services, I helped develop and maintain information security policies aligned with NIST 800-53 and HIPAA regulations. I conducted third-party HIPAA risk assessments and identified security gaps, contributing to stronger vendor management. Additionally, I supported security incident response, created essential documentation, and led training initiatives to boost security awareness across the organization.