Catherine Tibaaga - IT Vendor Management Consultant - TalTeam / Blue Cross Blue Shield | Himalayas
Catherine TibaagaCT
Open to opportunities

Catherine Tibaaga

@catherinetibaaga

Experienced risk management consultant specializing in vendor and operational risk.

Zimbabwe

What I'm looking for

I seek a role that promotes proactive risk management and offers opportunities for professional growth.

I am a seasoned risk management consultant with extensive experience in vendor and operational risk management. My career has been dedicated to ensuring that organizations effectively identify, assess, and mitigate risks associated with third-party vendors. I have successfully led teams in developing risk assessment processes that align with industry standards such as ISO 27001 and NIST, ensuring compliance with regulatory requirements while fostering strong vendor relationships.

Throughout my professional journey, I have been recognized for my ability to create and implement innovative risk management strategies that not only protect organizations from potential threats but also drive cost savings through effective procurement practices. My analytical skills, combined with my expertise in data analytics tools like Tableau and PowerBI, allow me to provide actionable insights that enhance decision-making and improve risk posture.

I am passionate about continuous improvement and strive to align risk management practices with corporate strategic objectives. My goal is to contribute to an organization that values proactive risk management and fosters a culture of compliance and operational excellence.

Experience

Work history, roles, and key accomplishments

TS
Current

IT Vendor Management Consultant

TalTeam / Blue Cross Blue Shield

Aug 2022 - Present (2 years 10 months)

Worked with internal and external stakeholders to complete inherent and preliminary due diligence risk questionnaires for IT vendors. Performed various risk assessments (Business Continuity, Disaster Recovery, Information Security, Reputational, Financial) and analyzed SOC reports, ISO 27001, and PCI attestations. Managed vendor relationships, negotiated contracts, ensured cost savings, and monito

WC

IT Vendor Risk Consultant

Washington Suburban Sanitation Commission

Jun 2019 - Aug 2020 (1 year 2 months)

Developed the IT Security Risk Assessment Process and evaluated third-parties' information security controls against industry standards like ISO 27000, NIST, and PCI DSS. Created a Maturity Model for IT Security Risk Assessments and worked with vendors to mitigate identified risks. Implemented a risk-based approach to information security assessments.

CA

IT Risk Assessment Consultant

Commerzbank AG

Feb 2017 - May 2017 (3 months)

Created an information security maturity scale and training guide for third-party risk assessments, integrating information security risk into the TPRM lifecycle. Completed IT Security Risk Assessments for vendors, evaluating controls against ISO 27000, NIST, and PCI DSS. Drafted contract language for procurement to ensure compliance and audit rights.

FM

Senior Enterprise Vendor Management Professional

Freddie Mac

Jan 2016 - Feb 2017 (1 year 1 month)

Managed a team of Vendor Risk Management (VRM) analysts, ensuring timely completion of risk assessments and training on regulatory application. Developed processes for contractual language inclusion and alternative risk assessment for non-compliant vendors. Collaborated with Enterprise Operational Risk Management (EORM) to align VRM with ERM principles and regulatory guidelines.

JC

IT Vendor Manager

JPMorgan Chase & Co

Feb 2014 - May 2015 (1 year 3 months)

Managed vendor relationships and third-party risk, completing inherent risk questionnaires and collaborating with SMEs for comprehensive risk assessments. Evaluated vendor adherence to industry standards (ISO 27001, NIST) and mitigated identified risks. Drafted and negotiated contracts, ensuring cost savings and compliance with regulatory standards like GLBA.

EF

Vendor Risk Management Analyst

E*TRADE Financial

Apr 2013 - Sep 2013 (5 months)

Tracked and reported vendor compliance using Microsoft Excel, Agiliance, and Oracle, ensuring adherence to Procurement, Legal, and VRM policies. Conducted inherent and comprehensive vendor risk assessments with SMEs, recommending internal controls and providing reports to Enterprise Risk Management. Developed training materials and identified Key Risk Indicators (KRIs) for risk exposure.

JI

Contracts/Procurement Administrator

Jones Lang LaSalle Americas, Inc.

Jun 2011 - Apr 2013 (1 year 10 months)

Drafted and negotiated contracts and amendments, ensuring compliance with legal, sourcing, and risk management policies. Coordinated RFP processes, engaged in vendor negotiations, and performed due diligence for vendor onboarding and reviews. Monitored vendor performance using KPIs and conducted operational risk assessments, ensuring proper implementation of risk management policies.

SI

Financial and Accounting Analyst

StreamCenter, Inc.

May 2008 - Jun 2011 (3 years 1 month)

Drafted and negotiated contracts, prepared and analyzed financial statements including Income Statement, Balance Sheet, and Statement of Cash Flows. Managed accounts payable, accounts receivable, and depreciation schedules, performing bank reconciliations and preparing expense and sales commission reports. Conducted year-end audits and closing entries.

Education

Degrees, certifications, and relevant coursework

Eastern New Mexico University logoEU

Eastern New Mexico University

Bachelor of Business Administration, International Business

Currently pursuing a Bachelor of Business Administration with an emphasis in International Business. This program focuses on global business practices and international market dynamics.

Tech stack

Software and tools used professionally

Find your dream job

Sign up now and join over 85,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan