Profiles search

Nahji Hoilett

Information Security at SAP | CRISC
Philadelphia, PA, United States

Details

Education: Bachelor of Science (B.S.)

Security & Risk Analysis; Information Sciences & Technology

Penn State University

2009 : 2013
Experience: 2022 : Present

SAP

Information Security Compliance Specialist

Business Consulting - Third-Party Risk Management | Information Security Risk Management

Performed the below responsibilities to provide Third Party Risk Management solutions for Fortune 500 clients across several industry sectors :

● TPRM Program Maturity Assessment

Conducted maturity assessments to diagnose the current state of TPRM programs for clients including stakeholder analysis, identifying process gaps, and providing recommendations to achieve best practices.

● TPRM Program Design

Designed and implemented TPRM programs and frameworks inclusive of foundational components for best practice execution (e.g., standard operating procedures, inventory analysis, risk models, and assessment methodologies).

● TPRM Program Operation

Execute end-to-end third-party risk management assessment programs to identify and assess risks introduced by contracting external services.

2018 : 2022

EY

Senior Information Technology Consultant

● Ensured that all technology key procedural controls are operating as designed according to Group policies.

--Performed mapping processes for application-to-control coverage according to testing requirements.

--Managed a semi-annual first-line operational risk process to conduct quality assurance testing of infrastructure controls.

--Tested control evidence against Firm assurance guidelines to assess if controls are operating sufficiently.

--Provided process training for control owners and application owners.

--Created semi-annual management reports detailing control performance each cycle.

● Created management summaries detailing control performance and deficiencies and documented findings requiring remediation, as required.

2017 : 2018

UBS

IT Risk & Controls Specialist

● Implemented technology governance reporting function(s) within PNC's newly integrated Security organization. - Defined governance & reporting process for CSO review with senior leaders for increased risk portfolio management.

● Manage policy exception process by ensuring proper documentation of risks and adherence to process SLAs.

2017 : 2017

PNC

Officer, Security Risk Specialist

● Managed the Third Party risk governance process for the Infrastructure Services line of business - Process included weekly reporting of open risk assessments and ongoing monitoring activities required by federal regulations.

--Ensured completion of various due diligence risk assessments with adherence to enterprise risk requirements.

● Created analytical vulnerability reporting process to drive reduction in vulnerability findings.

2017 : 2017

PNC

Officer, Technology Risk Specialist
Company: SAP
Years of Experience: 10

Skills

Access, Analysis, Archer eGRC, Business Analytics, Business Process Improvement, Business Transformation, Customer Service, Cybersecurity, Data Analysis, Data Analytics, Information Security, Information Security Governance, Information Security Management, Information Technology, ISO 27001, Leadership, Management, Microsoft Excel, Microsoft Office, Microsoft Office Sharepoint Server, Microsoft PowerPoint, Microsoft Word, Operational Risk, PowerPoint, Procedures Documentation, Process Flow Diagrams, Process Flow Documentation, Process Improvement, Public Speaking, Rational AppScan, Risk Analytics, Risk Management, RSA Archer, Sales, SAP, Security, SharePoint, Software Documentation, Supplier Risk Management, Team Center Engineering, Third Party Risk Management (TPRM), Visio, Vizio, Xerox Printers

About

Experienced Risk Specialist with a demonstrated history of working in information security risk management across the financial services, consumer products, and life sciences industries.



Skilled in performing current/future state assessments of enterprise programs, assessing vendor / third-party risks using GRC solutions (i.e., Archer, ServiceNOW GRC, Ariba Risk, ProcessUnity), developing enterprise third-party and information/cybersecurity risk programs including policies, procedures, and inventory analysis.



Additional skills include IT General Controls (ITGC) SOX testing and risk performance management and reporting.



Strong risk management experience with dual-Bachelor of Science (B.S.) degrees in Security & Risk Analysis and Information Sciences & Technology from The Pennsylvania State University.