Catherine Tibaaga

Worked with internal and external stakeholders to complete inherent and preliminary due diligence risk questionnaires for IT vendors. Performed various risk assessments (Business Continuity, Disaster Recovery, Information Security, Reputational, Financial) and analyzed SOC reports, ISO 27001, and PCI attestations. Managed vendor relationships, negotiated contracts, ensured cost savings, and monito

Developed the IT Security Risk Assessment Process and evaluated third-parties' information security controls against industry standards like ISO 27000, NIST, and PCI DSS. Created a Maturity Model for IT Security Risk Assessments and worked with vendors to mitigate identified risks. Implemented a risk-based approach to information security assessments.

Created an information security maturity scale and training guide for third-party risk assessments, integrating information security risk into the TPRM lifecycle. Completed IT Security Risk Assessments for vendors, evaluating controls against ISO 27000, NIST, and PCI DSS. Drafted contract language for procurement to ensure compliance and audit rights.

Managed a team of Vendor Risk Management (VRM) analysts, ensuring timely completion of risk assessments and training on regulatory application. Developed processes for contractual language inclusion and alternative risk assessment for non-compliant vendors. Collaborated with Enterprise Operational Risk Management (EORM) to align VRM with ERM principles and regulatory guidelines.

Managed vendor relationships and third-party risk, completing inherent risk questionnaires and collaborating with SMEs for comprehensive risk assessments. Evaluated vendor adherence to industry standards (ISO 27001, NIST) and mitigated identified risks. Drafted and negotiated contracts, ensuring cost savings and compliance with regulatory standards like GLBA.

Tracked and reported vendor compliance using Microsoft Excel, Agiliance, and Oracle, ensuring adherence to Procurement, Legal, and VRM policies. Conducted inherent and comprehensive vendor risk assessments with SMEs, recommending internal controls and providing reports to Enterprise Risk Management. Developed training materials and identified Key Risk Indicators (KRIs) for risk exposure.

Drafted and negotiated contracts and amendments, ensuring compliance with legal, sourcing, and risk management policies. Coordinated RFP processes, engaged in vendor negotiations, and performed due diligence for vendor onboarding and reviews. Monitored vendor performance using KPIs and conducted operational risk assessments, ensuring proper implementation of risk management policies.

Drafted and negotiated contracts, prepared and analyzed financial statements including Income Statement, Balance Sheet, and Statement of Cash Flows. Managed accounts payable, accounts receivable, and depreciation schedules, performing bank reconciliations and preparing expense and sales commission reports. Conducted year-end audits and closing entries.

Currently pursuing a Bachelor of Business Administration with an emphasis in International Business. This program focuses on global business practices and international market dynamics.