Kevin Osuhor

Lead Supply Chain Analyst

Seasoned Risk Management Professional with demonstrated expertise in developing and implementing risk management programs, conducting vendor due diligence, and managing third-party relationships. Proficient in industry frameworks, regulatory requirements, and standards, including NIST CSF, ISO, COBIT, FFIEC, PCI DSS and SOC 2.

Education:

UNIVERSITY OF MARYLAND

Master of Science in Information Technology (In Progress)

UNIVERSITY OF HOUSTON, HOUSTON, TEXAS

Juris Doctorate

UNIVERSITY OF IBADAN, OYO, NIGERIA

Bachelor of Laws

Career Details:

2024-PRESENT

LEAD SUPPLY CHAIN ANALYST, SHOW ME QUALITY CONSULTING, LLC

2021 - 2024

SENIOR THIRD-PARTY RISK ANALYST, ALLSTATE

• Proactively managed supplier and fourth-party sub-servicer portfolio of over 60 vendors, mitigating inherent and residual risks through periodic assessments and risk profile updates.
• Streamlined the third-party risk assessment process using ServiceNow, resulting in a 20% reduction in assessment time and a 10% increase in assessment accuracy
• Continuously identified, monitored, and reported on third-party risk landscapes, including key and emerging risks with actual and/or potential impacts on vendor portfolio
• Performed Vendor Risk Assessments (VRA), evaluating key risk factors including financial stability, security protocols, and regulatory compliance to fortify the vendor selection process
• Structured contractual safeguards by integrating clauses into vendor contracts, mandating adherence to our security benchmarks, and immediately reporting security incidents
• Safeguarded sensitive data from unauthorized third-party access by evaluating and mitigating information security and privacy risks such as cyberattacks and data breaches
• Assessed the Incident Response, Business Continuity and Change management protocols of third-party vendors, identified gaps, and formulated corrective action plans to mitigate risks
• Communicated vendor risk assessment and due diligence findings, as well as Remediation requirements, to senior management, business owners, and vendors
• Utilized COBIT principles to investigate third-party risk incidents, preventing potential losses and protecting the organizations reputation
• Crafted and executed key risk reporting, Key Risk Indicators (KRIs), and metrics such as security incidents to provide valuable insights into third-party risk exposure
• IT General Controls testing and documentation (e.g., Access Control, Data Backup, and Segregation of duties) for 20+ SaaS vendors leading to improved risk mitigation.
• Achievement: Collaborated on assessing post-COVID-19 risks (e.g., supply chain disruptions, remote work resilience and cyber threats) with a cross-functional team. Introduced a real-time data-driven continuous monitoring model, considering vendor financial stability and cybersecurity posture, resulting in a 15% reduction in third-party risk exposure

2019-2021

THIRD-PARTY RISK ANALYST, BNP PARIBAS BANK

• Implemented a multi-factor authentication (MFA) system for third-party vendors, reducing the risk of unauthorized access by 15%
• Conducted rigorous vendor risk assessments for cloud-based vendors (e.g. AWS) using CAIQ, ensuring compliance with regulatory norms and industry best practices
• Collaborated with cross-functional stakeholders to articulate risk appetite, laying the foundation for refined risk mitigation strategies and vendor relationship choices
• Provided third-party risk data and responses to regulatory and internal audit requests and exams, ensuring timeliness and accuracy
• Utilized BitSight for maintaining vendor profiles, conducting risk assessments, managing contracts, monitoring performance, and ensuring compliance with policies and procedures
• Performed vendor onboarding by customizing due diligence and evaluation criteria questionnaire utilizing Standardized Information Gathering (SIG) control domains
• Implemented Third-Party Management requirements to comply with regulatory standards and industry best practices such as PCI DSS, FFIEC and NIST CSF
• Achievement: Increased vendor onboarding efficiency by 20% by recommending an expedient online onboarding process (self-registration, document submission, Vendor Risk Assessment, and approval) during the COVID-19 pandemic, resulting in reduced costs and improved vendor satisfaction

2014 - 2019

IT AUDITOR & CONTROL ASSESSOR, HERITAGE BANK

• Managed and coordinated IT audit projects, from planning and execution to reporting
• Audited backup and recovery procedures to ensure data restoration in the event of a disaster
• Executed auditing processes to evaluate controls effectiveness, and compliance with GLBA, PCI DSS and ISO 270001; identified vulnerabilities, and provided recommendations
• Reviewed the change management process to ensure adequate control of IT system changes
• Tested access controls to ensure only authorized users can access sensitive data
• Evaluated the segregation of duties to ensure that no individual can abuse a process

2010-2013

PRIVACY COMPLIANCE SPECIALIST, LIAMSLAWS LLP

• Conducted Privacy Impact Assessments (PIA) and Audits for clients reducing potential data breaches through vulnerability identification and rectification
• Developed compliance training program for clients, boosting awareness and adherence
• Advised clients on the latest privacy laws and regulations, and compliance strategies

Certifications:

• Certified in Risk and Information Systems Control (CRISC)
• Certified Information System Auditor (CISA)

Awards & Recognitions:

• Excellence in Third-Party Risk Management Award (Allstate - 2023): Recognized for excelling in vendor risk assessments, compliance tracking, and collaborative partnerships.
• Compliance Champion Award (BNP Paribas - 2020): Awarded for championing compliance with regulatory standards and industry best practices, aligned with FFIEC and NIST CSF.

Professional Affiliations:

• Third Party Risk Association (TPRA)
• ISACA – Convention Coordinator, Boston 2023